Certain downlevel versions of ISC BIND 9.7 have both a security bypass vulnerability and a denial of service vulnerability. ISC Bind versions 9.7.2 and 9.7.2-P1 are vulnerable. ISC Bind 9.7.2-P2 is not.
References:
http://www.kb.cert.org/vuls/id/784855
https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html
http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Thursday, September 30, 2010
Wednesday, September 22, 2010
Cisco Announces Several Vulnerabilities
Cisco has released details on several vulnerabilites today. Details are in the link below. Exploits exists for at least one of these despite the fact that the announcement below says that there are no known exploits.
References:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-igmp.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sslvpn.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20100922-h323.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
References:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-igmp.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sslvpn.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20100922-h323.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Monday, September 20, 2010
MANDIANT Memoryze 1.4.2900 Released
Jamie Butler and friends at MANDIANT have released Memoryze 1.4.2900. This new version supports Windows 7 32- and 64-bit and Windows Server 2008 64-bit. Despite how well the Volatility Framework works with Windows XP, I am fairly certain it has now been firmly relegated to third place behind HBGary Responder and MANDIANT Memoryze in the Windows RAM dump analysis space.
References:
http://blog.mandiant.com/archives/1459
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
References:
http://blog.mandiant.com/archives/1459
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Adobe Flash Player 10.1.85.3 Released
Adobe has released versions 10.1.85.3 of their Flash player product for Windows, Apple Mac, Solaris, and Linux. This new version contains a security-related update that addresses a vulnerability that is being actively exploited in the wild.
References:
http://www.adobe.com/support/security/bulletins/apsb10-22.html
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
References:
http://www.adobe.com/support/security/bulletins/apsb10-22.html
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Google Chrome 6.0.472.62 Released
Google Chrome 6.0.472.62 has been released for Windows, Mac, and Linux. The update includes fixes for 3 vulnerabilities, all 3 of which are classified as high or critical.
References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Friday, September 17, 2010
Samba 3.5.5 Released - Contains Important Security Fix
Samba 3.5.5 has been released. This release contains an important security fix for a remotely exploitable buffer overrun issue. Details are in the links below.
References:
http://www.samba.org/samba/history/security.html
http://www.samba.org/samba/history/samba-3.5.5.html
http://www.samba.org/
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
References:
http://www.samba.org/samba/history/security.html
http://www.samba.org/samba/history/samba-3.5.5.html
http://www.samba.org/
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
IBM DB2 9.7 Fixpack 3 Released
IBM has released IBM DB2 9.7 Fixpack 3. This contains a number of important security-related fixes. For more detail, please refer to the links below.
References:
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68015
http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406
http://www-01.ibm.com/support/docview.wss?uid=swg21446455
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
References:
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68015
http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406
http://www-01.ibm.com/support/docview.wss?uid=swg21446455
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Wednesday, September 15, 2010
Apple Quicktime Player 7.6.8 Released
Apple has released version 7.6.8 of their Quicktime Player for Windows. This version contains security fixes as described in the first link below, including a fix to address the remotely exploitable "_Marshaled_pUnk" vulnerability (for which publicly available exploit code exists).
References:
http://support.apple.com/kb/HT4339
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
References:
http://support.apple.com/kb/HT4339
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Tuesday, September 14, 2010
Google Chrome 6.0.472.59 Released
Google Chrome 6.0.472.59 has been released for Windows, Mac, and Linux. The update includes fixes for 10 vulnerabilities, 6 of which are classified as critical.
References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
New Vulns Used by Stuxnet Patched in Microsoft's Sept 2010 Patches
According to this article by Symantec, it looks like the top countries affected Stuxnet (by infection count) were Iran and some of its closest neighbors geographically. To me, it looks like an intelligence service lost a couple of arrows out of its quiver here. Microsoft is closing one of the vulnerabilites used by Stuxnet in the September 2010 Microsoft monthly patches.
The smart money is on the U.S. or Israel, but I guess the public storyline will never tell us for sure. Nation-state intelligence services cannot wait for a time of war to penetrate and exploit the infrastructure of potential enemies. That type of offensive penetration and espionage activity happens all the time. Like some others, the U.S. is very good at cyber offense and computer network exploitation. It very well could have been us that lost a couple privately held vulns this time around.
References:
http://www.symantec.com/connect/blogs/w32stuxnet-network-information
http://krebsonsecurity.com/2010/09/stuxnet-worm-far-more-sophisticated-than-previously-thought/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29
email: david @ sharpesecurity.com
website: http://www.sharpesecurity.com/
Twitter: twitter.com/sharpesecurity
The smart money is on the U.S. or Israel, but I guess the public storyline will never tell us for sure. Nation-state intelligence services cannot wait for a time of war to penetrate and exploit the infrastructure of potential enemies. That type of offensive penetration and espionage activity happens all the time. Like some others, the U.S. is very good at cyber offense and computer network exploitation. It very well could have been us that lost a couple privately held vulns this time around.
References:
http://www.symantec.com/connect/blogs/w32stuxnet-network-information
http://krebsonsecurity.com/2010/09/stuxnet-worm-far-more-sophisticated-than-previously-thought/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29
email: david @ sharpesecurity.com
website: http://www.sharpesecurity.com/
Twitter: twitter.com/sharpesecurity
Monday, September 13, 2010
Recent VBmania Mass Mailer Malware Deleted the Windows Automatic Updates Service
It looks like the recent VBmania ("Here You Have" and "Just for You") mass mailer malware deleted the Automatic Updates service from infected machines. Microsoft Automatic Updates, WSUS, and SCCM-integrated WSUS need the Automatic Updates service working to successfully install monthly Microsoft patches and other updates.
It looks like reinstalling the Automatic Updates service fixes the damage on affected machines. Your antivirus tool won't restore this broken configuration for you. You will need to do that as a follow up activity after the initial infections have been removed.
A quick way to tell if a machine lost its Automatic Updates service is to run services.msc (Start --> Run --> services.msc --> hit enter). On a clean and healthy Windows XP machine, you should see an entry like what is circled in red below.
Below is the disassembly of a portion of the relevant code from the most common variant of the malware referencing the "wuauserv" service name in preparation for disabling that service. The malware deletes the wuauserv service entirely. Click the image for a more legible view of the disassembly.
We have prepared a completely silent software deployment package to deploy out through your normal software deployment tool to fix Automatic Updates service instances broken by the VBmania/MM mass mailer worm. A normal reinstallation doesn't work due to the way the malware broke the service. This fixer package takes care of repairing that damage for you. This package will work through SCCM, Tivoli, Marimba, CA DSM, ZENworks, or any other software deployment system you might have. You can also PSexec it out silently as required. Given the serious nature of this problem, we are offering our fixer package for the low price of $50 USD - and that includes whatever follow up email-based support you need for cleanup and to answer any questions you might have about the data and access credential leakage vector this malware has. As always that is backed by our 100% money back satisfaction guarantee. Please contact us at sales@sharpesecurity.com if you need any assistance cleaning up after, or if you need help determining if any sensitive data or access credentials leaked during this outbreak.
email: david @ sharpesecurity.com
website: http://www.sharpesecurity.com/
Twitter: twitter.com/sharpesecurity
It looks like reinstalling the Automatic Updates service fixes the damage on affected machines. Your antivirus tool won't restore this broken configuration for you. You will need to do that as a follow up activity after the initial infections have been removed.
A quick way to tell if a machine lost its Automatic Updates service is to run services.msc (Start --> Run --> services.msc --> hit enter). On a clean and healthy Windows XP machine, you should see an entry like what is circled in red below.
Below is the disassembly of a portion of the relevant code from the most common variant of the malware referencing the "wuauserv" service name in preparation for disabling that service. The malware deletes the wuauserv service entirely. Click the image for a more legible view of the disassembly.
We have prepared a completely silent software deployment package to deploy out through your normal software deployment tool to fix Automatic Updates service instances broken by the VBmania/MM mass mailer worm. A normal reinstallation doesn't work due to the way the malware broke the service. This fixer package takes care of repairing that damage for you. This package will work through SCCM, Tivoli, Marimba, CA DSM, ZENworks, or any other software deployment system you might have. You can also PSexec it out silently as required. Given the serious nature of this problem, we are offering our fixer package for the low price of $50 USD - and that includes whatever follow up email-based support you need for cleanup and to answer any questions you might have about the data and access credential leakage vector this malware has. As always that is backed by our 100% money back satisfaction guarantee. Please contact us at sales@sharpesecurity.com if you need any assistance cleaning up after, or if you need help determining if any sensitive data or access credentials leaked during this outbreak.
email: david @ sharpesecurity.com
website: http://www.sharpesecurity.com/
Twitter: twitter.com/sharpesecurity
Wednesday, September 8, 2010
Cisco Patches Vulns for Several Wireless LAN Controllers
Cisco lists the following devices as all being affected by at least one of the vulnerabilities. These devices are commonly found in enterprise environments, so it is likely you need to take action if you are a Cisco shop.
Cisco 2000 Series WLCs
Cisco 2100 Series WLCs
Cisco 4100 Series WLCs
Cisco 4400 Series WLCs
Cisco 5500 Series WLCs
Cisco Wireless Services Modules (WiSMs)
Cisco WLC Modules for Integrated Services Routers (ISRs)
Cisco Catalyst 3750G Integrated WLCs
References:
http://cisco.com/warp/public/707/cisco-sa-20100908-wlc.shtml
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Cisco 2000 Series WLCs
Cisco 2100 Series WLCs
Cisco 4100 Series WLCs
Cisco 4400 Series WLCs
Cisco 5500 Series WLCs
Cisco Wireless Services Modules (WiSMs)
Cisco WLC Modules for Integrated Services Routers (ISRs)
Cisco Catalyst 3750G Integrated WLCs
References:
http://cisco.com/warp/public/707/cisco-sa-20100908-wlc.shtml
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Apple iOS 4.1 Released for iPhone and iPod Touch
Apple has released iOS version 4.1. This version includes several security fixes (see link below) alongside many feature updates.
References:
http://support.apple.com/kb/HT4334
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
References:
http://support.apple.com/kb/HT4334
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Apple Safari 5.0.2 and 4.1.2 Released
Apple has released security updates and other bugfixes for the Apple Safari 4.1 and 5.0 browser platforms. The latest versions are 5.0.2 and 4.1.2. Some of these security bugs are remotely exploitable according to Apple's release notes (below).
References:
http://support.apple.com/kb/HT4333
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
References:
http://support.apple.com/kb/HT4333
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Monday, September 6, 2010
Firefox 3.6.9 Released
Mozilla has released Firefox 3.6.9 This version contains security fixes according to the release notes (below). Firefox 3.5.12 was released as well for those not wanting to move to 3.6.x.
References:
https://wiki.mozilla.org/Releases/Firefox_3.6.9
https://wiki.mozilla.org/Releases/Firefox_3.5.12
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
References:
https://wiki.mozilla.org/Releases/Firefox_3.6.9
https://wiki.mozilla.org/Releases/Firefox_3.5.12
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Thursday, September 2, 2010
New Security Update in Apple iTunes 10 Released
Apple has released iTunes version 10 (10.0.0.68) for Windows. This release includes several security updates - all in WebKit.
References:
http://support.apple.com/kb/HT4328
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
References:
http://support.apple.com/kb/HT4328
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Google Chrome 6.0.472.53 Released
Google Chrome 6.0.472.53 has been released for Windows, Mac, and Linux. The update includes fixes for 14 vulnerabilities, 7 of which are classified as critical.
References:
http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
References:
http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Subscribe to:
Posts (Atom)