Archive for Patches
Author: Dave Lewis
May 15, 2008 at 8:47 am · Filed under Patches
From Heise.de:
As previously announced, Microsoft published four security bulletins along with updates for six security holes on May patch day. The Redmond developers classify four of the holes as critical because they allow attackers to inject malicious code.
Security Bulletins MS08-026 and MS08-027 remedy two security holes in Word and one in Publisher that attackers could exploit using crafted documents. The holes in Word are exploitable via crafted documents in rich text format (.rtf) or Word documents with crafted cascading style sheets (CSS). All that is needed to effect the .rtf exploit is the email preview in Outlook. Manipulated object headers in Publisher documents can exploit the application to allow injected program code to be executed. The holes affect Office 2000, XP, 2003, 2007, Word Viewer 2003, the compatibility pack for Office 2007 file formats, and Office 2004 and 2008 for Mac.
More…
Article Link
Author: Dave Lewis
May 8, 2008 at 8:52 pm · Filed under Patches
It’s that time again. The only difference for me this time is that I’ll be relaxing on the deck. I’ll stop basking in it once I start the new gig.
From PC World:
Although Microsoft’s note does not describe the bugs in detail, it looks like the company is planning to fix a known bug in the Jet database engine, which was disclosed in late March. Attackers had figured out a new way to launch a malicious Jet file using Microsoft Word, Microsoft warned in a blog posting.
Jet files, which have a .mdb extension, are typically blocked by Outlook, but “attackers have figured out a way to work around the mitigations built into Outlook,” Microsoft said in its post.
The Jet flaw affects Windows XP, 2000 and Server 2003 Service Pack 1.
The Word flaw is rated critical for both Windows and Mac users.
Although rated only “moderate,” the DoS bug in Microsoft’s security products is also a cause for concern. It affects many Microsoft security products including OneCare, Antigen, Windows Defender, Standalone System Sweeper and several Forefront Security products.
Read on.
Article Link
Author: Dave Lewis
April 8, 2008 at 5:00 pm · Filed under Patches
Well, there’s death, taxes and patch Tuesday. Today has 5 critical on tap as well as 3 important patches.
- MS08-018: Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)
- MS08-021: Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
- MS08-022: Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
- MS08-023: Security Update of ActiveX Kill Bits (948881)
- MS08-024: Cumulative Security Update for Internet Explorer (947864)
For more information check out the posting page for the April bulletin over on Microsoft’s website.
Author: Dave Lewis
March 27, 2008 at 7:44 am · Filed under Patches, Vulnerability
Out today are multiple vulnerabilities from Cisco. There are patches available from Cisco to tackle data manipulation and denial of service issues in their IOS.
From Secunia:
Description:
Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, or to cause a DoS (Denial of Service).
1) A memory leak exists in the handling of completed PPTP sessions, which can be exploited to exhaust memory on an affected system.
2) An error exists in the handling of PPTP sessions when virtual access interfaces are not removed from the interface descriptor block (IDB) and are not reused. This can result in an exhaustion of the interface descriptor block (IDB) limit.
Vulnerabilities #1 and #2 are reported in Cisco IOS versions prior to 12.3 with VPDN enabled.
3) Some errors exist in the Data-Link-Switching (DLSw) feature when processing UDP and IP protocol 91 packets. This can be exploited to cause a reload of the system or a memory leak.
4) An error exists in the processing of IPv6 packets, which can be exploited to prevent the interface from receiving additional traffic or to cause the device to crash (if RSVP service is configured on the interface) by sending a specially crafted IPv6 packet to the device.
Successful exploitation of this vulnerability requires that IPv6 and certain IPv4 UDP services are enabled.
5) An error exists in the implementation of Multicast Virtual Private Networks (MVPN), which can be exploited to create extra multicast states on the core routers via specially crafted Multicast Distribution Tree (MDT) Data Join messages. This can also be exploited to receive multicast traffic from VPNs that are not connected to the same Provider Edge (PE).
Successful exploitation of the multicast traffic leak requires that the attacker knows or guesses the Border Gateway Protocol (BGP) peering IP address of a remote PE router and the address of the multicast group that is used in other MPLS VPNs.
Ger yer patch on.
Article Link
Author: Dave Lewis
March 12, 2008 at 6:38 am · Filed under Patches, Vulnerability
Now that the dust is settling from yesterday’s “Patch Tuesday”, Office is the main culprit this time. There is a report from US-CERT that there is a trojan that leverages a hole in Excel making the rounds.
From US-CERT:
US-CERT is aware of public reports of a trojan that may exploit a vulnerability in Microsoft Excel. This trojan is circulating through email messages that contain attached Excel files. Known file names for these attachments are OLYMPIC.XLS and SCHEDULE.XLS. These files may also contain Windows binary executables that can compromise an affected system.
From vnunet:
The four bulletins in yesterday’s Security Update addressed 12 vulnerabilities in the popular software.
Each of the bulletins fix vulnerabilities which could allow an attacker to remotely execute code on the target system. Microsoft has rated all four as ‘critical’, the highest of its four alert levels.
The bulletins address flaws in Outlook, Excel and Office web components. The update applies to Office XP, 2000, 2003 and 2007. Mac versions of Office 2004 and 2008 were also updated, each receiving fixes rated ‘important’.
XP and Vista ducked the spotlight this time.
Article Link
Tags: Excel trojan, Microsoft Patches, Patch Tuesday, OLYMPIC.XLS, SCHEDULE.XLS
Author: Dave Lewis
February 12, 2008 at 5:19 pm · Filed under Patches
It’s a big one. Actually it’s the biggest patch release this year so far. Not that it has any real bearing the price of tea in…well, you follow me. The real pain and suffering falls to the security and sysadmin teams that have to evaluate, test and roll out these patches into their respective environments.
From Computer World:
The sheer volume of flaws and fixes — added to the already large number of updates cranked out over the past two weeks by other vendors, including Apple Inc. and Adobe Systems Inc. — is what struck Andrew Storms, director of security operations at nCircle Network Security Inc.
“The volume of the last week is something no security team can staff for,” said Storms, referring to a wave of vulnerability disclosures and patches by developers of some of the Web’s most popular applications, including Adobe Reader, Apple’s QuickTime and Skype Ltd.’s flagship VoIP client. All have been plagued with, and patched, one or more bugs in the past week.
“It’s almost the worst case possible,” Storms said. “There’s so much firefighting going on that it comes down to deciding what risks are the most prevalent, and what can be mitigated without patching or fixing so that people can get to some of the hotter topics.”
The article goes on to say, and I have heard this from a couple of folks, that you should apply the Office and IE patches first. This will help to address the PDF viewer and thereby mitigate the Adobe problem.
Happy patching (if there is such a beast). For the full listing check out the Microsoft Security Bulletin Summary for this month.
Article Link
Tags: Microsoft Patch Tuesday, Microsoft Patches, Feb 2008 Microsoft Patches
Author: Dave Lewis
February 12, 2008 at 1:23 pm · Filed under Apple, Patches
It’s Microsoft Patch Tuesday…and what a perfect time to release a security patch for Mac. Don’t get me wrong. I’m a huge Mac fan. I just find it amusing that they released it the day before. Hoping to get lost in the shuffle perhaps?
The fixes on the block today from Apple are,
- Directory Services - CVE-ID: CVE-2007-0355 - Impact: A local user may be able to execute arbitrary code with system privileges
- Foundation - CVE-ID: CVE-2008-0035 - Impact: Accessing a maliciously crafted URL may lead to an application termination or arbitrary code execution
- Launch Services - CVE-ID: CVE-2008-0038 - Impact: An application removed from the system may still be launched via the Time Machine backup
- Mail - CVE-ID: CVE-2008-0039 - Impact: Accessing a URL in a message may lead to arbitrary code execution
- NFS - CVE-ID: CVE-2008-0040 - Impact: If the system is being used as an NFS client or server, a remote attacker may cause an unexpected system shutdown or arbitrary code execution
- Open Directory - Impact: NTLM authentication requests may always fail - (Tiger only)
- Parental Controls - CVE-ID: CVE-2008-0041 - Impact: Requesting to unblock a website leads to information disclosure
- Samba - CVE-ID: CVE-2007-6015 - Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution
- Terminal - CVE-ID: CVE-2008-0042 - Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution
- X11 - CVE-ID: CVE-2007-4568 - Impact: Multiple Vulnerabilities exist in X11 X Font Server (XFS) 1.0.4
- X11 - CVE-ID: CVE-2008-0037 - Impact: Changing the settings in the Security Preferences Panel has no effect
Article Link
Tags: Apple Security, Apple Patches, 10.5.2, Security Patching
Author: Dave Lewis
January 30, 2008 at 9:00 am · Filed under Exploit, Patches
Aitel to Microsoft…Ya know what? Uh, uh.
From Computer World:
Security researchers yesterday said they’d discredited Microsoft’s claim that the year’s first critical Windows vulnerability would be “difficult and unlikely” to be exploited by attackers.
On Tuesday, Immunity Inc. updated a working exploit for the TCP/IP flaw spelled out Jan. 8 in Microsoft’s MS08-001 security bulletin, and posted a Flash demonstration of the attack on its Web site. The exploit, which was released to customers of its CANVAS penetration testing software — but is not available to the public — was a revised version of code first issued two weeks ago.
“This demonstrates conclusively that the MS08-001 IGMPv3 vulnerability is highly exploitable,” said Dave Aitel, Immunity’s chief technology officer, in a message to his Dailydave security mailing list.
Read on.
Article Link
Tags: MS08-001, Microsoft Exploit, Dave Aitel
Author: Dave Lewis
January 21, 2008 at 10:09 am · Filed under Patches, Vendor News
From InfoWorld:
Microsoft has warned corporate administrators that it will push a new version of Internet Explorer 7 their way next month, and it has posted guidelines on how to ward off the automatic update if admins want to keep the older IE6 browser on their companies’ machines.
The IE7 upgrade scheduled to roll out via WSUS (Windows Server Update Services) on Feb. 12 was announced last October, when Microsoft said it would no longer require users to prove they owned a legitimate copy of Windows XP before they were allowed to download the newer browser. Microsoft explained that the move was prompted by security concerns.
“Because Microsoft takes its commitment to help protect the entire Windows ecosystem seriously, we’re updating the IE7 installation experience to make it available as broadly as possible to all Windows users,” said Steve Reynolds, an IE program manager, on a Microsoft company blog in early October. “Internet Explorer 7 installation will no longer require Windows Genuine Advantage validation and will be available to all Windows XP users.”
One of the interesting aspects of IE7 is the low adoption rate. On this site, liquidmatrix.org, IE7 accounts for less than a quarter of the traffic. What’s even more telling is that Vista accounts for less than 10% of all users who read the site.
At any rate if you have WSUS in your environment, consider yourselves warned.
Article Link
Tags: Microsoft Updates, WSUS Update, IE7 Forced Update, IE7 Update
Author: Dave Lewis
December 18, 2007 at 7:51 am · Filed under Apple, Patches, Vulnerability
From Secunia:
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) A format string error in the URL handler of Address Book can be exploited to execute arbitrary code when a user views a specially crafted web page.
2) An error in the handling of downloaded files in CFNetwork can be exploited via directory traversal attacks to automatically download files to arbitrary folders when a user is enticed to visit a specially crafted web page.
3) An unspecified error exists in ColorSync when processing images with an embedded ColorSync profile, which can be exploited to cause a memory corruption.
Successful exploitation may allow execution of arbitrary code.
4) A race condition exists in the “CFURLWriteDataAndPropertiesToResource” API, which can lead to files being created with insecure permissions.
5) A boundary error exists in the printer driver for CUPS. This can be exploited to cause a buffer overflow and allows an admin user to execute arbitrary code with system privileges by passing a specially crafted URI to the CUPS service.
And the list goes on. For the full listing of the patches for Tiger and Leopard please follow the link below.
Article Link
Tags: Apple Security, OS X Security, Apple Patches, Apple OS X Security
Next entries »
Explore
Security Bloggers Network
