Information Armor » Vulnerabilities

Patch Tuesday for Microsoft

root — Mon, 07 Jun 2010 15:36:44 +0000

Microsoft’s June Security Advance Notification
Microsoft is planning to release ten bulletins addressing 34 vulnerabilities on Tuesday, June 8th. The bulletins are rated as follows: 3 “Critical” and 7 “Important”. The affected software includes: Windows, Microsoft Office, and Internet Explorer. Additionally, Microsoft plans to address the issues highlighted in Security Advisories 983438 and 980088. We encourage our customers to review the vendor’s Advance Notification and associated blog post.
http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx
http://blogs.technet.com/b/msrc/archive/2010/06/03/june-2010-security-bulletin-advance-notification.aspx

Mobile Malware
Reports have surfaced this week indicating that Samsung’s S8500 Wave handsets were shipped with a malware-infected microSD card. Reportedly, some German models of this device are affected. Once the device is connected to the computer, it automatically installs a Trojan using a file called “slmvsrv.exe.”

While this is an example of a mobile device being shipped with malware, there are ways that attackers can utilize different functionality to distribute their malware. For instance, the Multimedia Message Service (MMS) can be used as a vector for sending malware to unsuspecting victims. Many mobile phones and PDAs available today are capable of communicating via Bluetooth, a protocol designed for short range communication between electronic devices. Simple social engineering attacks have effectively convinced Bluetooth users to pair their devices with complete strangers, giving them unrestricted access to data on the victim’s phone. Additionally, many modern mobile phones and PDAs now run robust, feature-rich operating systems and offer the same or similar applications as PCs. Individuals increasingly use them to store personal data and conduct financial transactions which gives attackers more incentive to find and exploit vulnerabilities in the software.

Several major security vendors now provide security applications and anti-virus software for mobile users. Cellular service providers also offer some protection to their customers automatically by scanning for specific types of malicious code as data traverses the network. Bluetooth should be disabled while not in use and should never respond to unsolicited connection attempts. Although the level of mobile attacks is currently relatively low, it is still important for organizations to be aware of the potential threat.
http://www.engadget.com/2010/06/02/samsung-wave-shipping-with-infected-microsd-card/
http://www.f-secure.com/weblog/archives/00001959.html

Microsoft Internet Explorer Vulnerability

root — Wed, 07 Apr 2010 15:50:19 +0000

New Exploit Code for Microsoft Internet Explorer Vulnerability
Exploit code has surfaced for one of the vulnerabilities in MS10-018, the out-of-cycle bulletin released by Microsoft on March 30. This bulletin addresses multiple vulnerabilities in Internet Explorer including a 0-day vulnerability that was being exploited earlier this month. This most recent exploit code which has been released targets a different vulnerability covered by this same update. Customers that have not done so already should apply this cumulative update.
http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx

http://www.metasploit.com/redmine/projects/framework/repository/revisions/9018/entry/modules/exploits/windows/browser/ms10_018_ie_tabular_activex.rb

Microsoft

root — Tue, 09 Mar 2010 22:16:26 +0000

As a reminder, Microsoft is planning to release two security bulletins today, March 9, 2010. Both bulletins carry a maximum severity rating of important and the issues addressed could lead to remote code execution. The first bulletin applies to various versions of Windows XP, Vista and Windows 7 and is rated as important for all affected versions. The second bulletin applies to various Office releases and components for Windows and Mac and is also rated as important for all affected versions.
http://www.microsoft.com/technet/security/bulletin/ms10-mar.mspx

Apache HTTP server 2.2.15

root — Tue, 09 Mar 2010 22:14:19 +0000

Apache has released HTTP Server version 2.2.15, which addresses a number of security exposures in prior versions of the HTTP server. Of particular note is the updating of the OpenSSL library to 0.9.8m which addresses the renegotiation issues outlined in CVE-2009-3555. At the time of writing, the links to the complete changelog and downloads for 2.2.15 were not visible on the Apache Web site, however, we urge users to apply this latest vendor update as soon as possible.
http://mail-archives.apache.org/mod_mbox/www-announce/201003.mbox/%3C4B92BC77.8050401@apache.org%3E
http://httpd.apache.org/download.cgi

Proof of concept code exploiting a vulnerability (CVE-2010-0425) in the Apache HTTP server version 2.2.14, mod_isapi, was published to a well known Web site. Notes in the code state that the exploit may need to be run several times to achieve successful spawning of a shell however – a success rate of 70% is reported. Also mentioned in the code is that, if DEP is enabled (Windows platforms) for the Apache process, the result may be a denial of service condition. As CVE-2010-0425 is one of those noted as addressed in the above 2.2.15 release, we again suggest updating as soon as possible.
http://www.exploit-db.com/exploits/11650
http://securityreason.com/wlb_show/WLB-2010030028

Microsoft MS10-015 BSOD Issue

root — Tue, 16 Feb 2010 16:19:28 +0000

Microsoft has acknowledged that there is an issue when applying the update related to advisory MS10-015 on systems that are infected with certain malware strains including one called “Tidserv”. These infected systems have a high likelihood of becoming unbootable displaying a PAGE_FAULT “Blue Screen of Death” (BSOD) error. Microsoft has issued directions on how to resolve this issue and has temporarily removed this update from the Windows Update Service until a complete investigation can be done.
http://www.symantec.com/connect/blogs/tidserv-and-ms10-015
http://social.answers.microsoft.com/Forums/en-US/vistawu/thread/73cea559-ebbd-4274-96bc-e292b69f2fd1
http://blogs.zdnet.com/microsoft/?p=5250
http://blogs.technet.com/msrc/archive/2010/02/12/update-restart-issues-after-installing-ms10-015.aspx

MS10-002

root — Fri, 22 Jan 2010 15:38:00 +0000

Microsoft has released MS10-002 today. The update addresses 7 privately reported and 1 publicly reported vulnerability which is associated with the widely publicized attacks associated with Security Advisory 979352. There are four (4) Uninitialized Memory Corruption Vulnerabilities, two (2) HTML Object Memory Corruption Vulnerabilities, one (1) XSS Filter Script Handling Vulnerability, and one (1) URL Validation Vulnerability. This single patch is considered Critical by Microsoft and covers the following CVE entries:

CVE-2009-4074

CVE-2010-0027

CVE-2010-0244

CVE-2010-0245

CVE-2010-0246

CVE-2010-0247

CVE-2010-0248

CVE-2010-0249

Customers should apply this update as soon as possible. The update will also be sent through the Automatic update mechanism.

http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx

http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx