Thursday, September 30, 2010

ISC BIND 9.7.x DoS and Security Bypass Vulnerability

Certain downlevel versions of ISC BIND 9.7 have both a security bypass vulnerability and a denial of service vulnerability. ISC Bind versions 9.7.2 and 9.7.2-P1 are vulnerable. ISC Bind 9.7.2-P2 is not.


References:
http://www.kb.cert.org/vuls/id/784855
https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html
http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html


email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Monday, September 20, 2010

MANDIANT Memoryze 1.4.2900 Released

Jamie Butler and friends at MANDIANT have released Memoryze 1.4.2900. This new version supports Windows 7 32- and 64-bit and Windows Server 2008 64-bit. Despite how well the Volatility Framework works with Windows XP, I am fairly certain it has now been firmly relegated to third place behind HBGary Responder and MANDIANT Memoryze in the Windows RAM dump analysis space.


References:
http://blog.mandiant.com/archives/1459


email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Adobe Flash Player 10.1.85.3 Released

Adobe has released versions 10.1.85.3 of their Flash player product for Windows, Apple Mac, Solaris, and Linux. This new version contains a security-related update that addresses a vulnerability that is being actively exploited in the wild.

References:
http://www.adobe.com/support/security/bulletins/apsb10-22.html


email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Google Chrome 6.0.472.62 Released

Google Chrome 6.0.472.62 has been released for Windows, Mac, and Linux. The update includes fixes for 3 vulnerabilities, all 3 of which are classified as high or critical.


References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha



email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Friday, September 17, 2010

Wednesday, September 15, 2010

Apple Quicktime Player 7.6.8 Released

Apple has released version 7.6.8 of their Quicktime Player for Windows. This version contains security fixes as described in the first link below, including a fix to address the remotely exploitable "_Marshaled_pUnk" vulnerability (for which publicly available exploit code exists).

References:
http://support.apple.com/kb/HT4339


email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Tuesday, September 14, 2010

Google Chrome 6.0.472.59 Released

Google Chrome 6.0.472.59 has been released for Windows, Mac, and Linux. The update includes fixes for 10 vulnerabilities, 6 of which are classified as critical.


References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha



email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

New Vulns Used by Stuxnet Patched in Microsoft's Sept 2010 Patches

According to this article by Symantec, it looks like the top countries affected Stuxnet (by infection count) were Iran and some of its closest neighbors geographically. To me, it looks like an intelligence service lost a couple of arrows out of its quiver here. Microsoft is closing one of the vulnerabilites used by Stuxnet in the September 2010 Microsoft monthly patches.

The smart money is on the U.S. or Israel, but I guess the public storyline will never tell us for sure. Nation-state intelligence services cannot wait for a time of war to penetrate and exploit the infrastructure of potential enemies. That type of offensive penetration and espionage activity happens all the time. Like some others, the U.S. is very good at cyber offense and computer network exploitation. It very well could have been us that lost a couple privately held vulns this time around.



References:
http://www.symantec.com/connect/blogs/w32stuxnet-network-information
http://krebsonsecurity.com/2010/09/stuxnet-worm-far-more-sophisticated-than-previously-thought/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29


email: david @ sharpesecurity.com
website: http://www.sharpesecurity.com/
Twitter: twitter.com/sharpesecurity

Monday, September 13, 2010

Recent VBmania Mass Mailer Malware Deleted the Windows Automatic Updates Service

It looks like the recent VBmania ("Here You Have" and "Just for You") mass mailer malware deleted the Automatic Updates service from infected machines. Microsoft Automatic Updates, WSUS, and SCCM-integrated WSUS need the Automatic Updates service working to successfully install monthly Microsoft patches and other updates.

It looks like reinstalling the Automatic Updates service fixes the damage on affected machines.  Your antivirus tool won't restore this broken configuration for you.  You will need to do that as a follow up activity after the initial infections have been removed.

A quick way to tell if a machine lost its Automatic Updates service is to run services.msc (Start --> Run --> services.msc --> hit enter).  On a clean and healthy Windows XP machine, you should see an entry like what is circled in red below. 




Below is the disassembly of a portion of the relevant code from the most common variant of the malware referencing the "wuauserv" service name in preparation for disabling that service.  The malware deletes the wuauserv service entirely.   Click the image for a more legible view of the disassembly.



We have prepared a completely silent software deployment package to deploy out through your normal software deployment tool to fix Automatic Updates service instances broken by the VBmania/MM mass mailer worm. A normal reinstallation doesn't work due to the way the malware broke the service.  This fixer package takes care of repairing that damage for you.  This package will work through SCCM, Tivoli, Marimba, CA DSM, ZENworks, or any other software deployment system you might have. You can also PSexec it out silently as required.  Given the serious nature of this problem, we are offering our fixer package for the low price of $50 USD - and that includes whatever follow up email-based support you need for cleanup and to answer any questions you might have about the data and access credential leakage vector this malware has.  As always that is backed by our 100% money back satisfaction guarantee.  Please contact us at sales@sharpesecurity.com if you need any assistance cleaning up after, or if you need help determining if any sensitive data or access credentials leaked during this outbreak.


email: david @ sharpesecurity.com
website: http://www.sharpesecurity.com/
Twitter: twitter.com/sharpesecurity

Wednesday, September 8, 2010

Cisco Patches Vulns for Several Wireless LAN Controllers

Cisco lists the following devices as all being affected by at least one of the vulnerabilities. These devices are commonly found in enterprise environments, so it is likely you need to take action if you are a Cisco shop.

Cisco 2000 Series WLCs
Cisco 2100 Series WLCs
Cisco 4100 Series WLCs
Cisco 4400 Series WLCs
Cisco 5500 Series WLCs
Cisco Wireless Services Modules (WiSMs)
Cisco WLC Modules for Integrated Services Routers (ISRs)
Cisco Catalyst 3750G Integrated WLCs


References:
http://cisco.com/warp/public/707/cisco-sa-20100908-wlc.shtml


email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Apple iOS 4.1 Released for iPhone and iPod Touch

Apple has released iOS version 4.1. This version includes several security fixes (see link below) alongside many feature updates.


References:
http://support.apple.com/kb/HT4334



email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Apple Safari 5.0.2 and 4.1.2 Released

Apple has released security updates and other bugfixes for the Apple Safari 4.1 and 5.0 browser platforms. The latest versions are 5.0.2 and 4.1.2. Some of these security bugs are remotely exploitable according to Apple's release notes (below).


References:
http://support.apple.com/kb/HT4333


email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Monday, September 6, 2010

Firefox 3.6.9 Released

Mozilla has released Firefox 3.6.9 This version contains security fixes according to the release notes (below). Firefox 3.5.12 was released as well for those not wanting to move to 3.6.x.


References:
https://wiki.mozilla.org/Releases/Firefox_3.6.9
https://wiki.mozilla.org/Releases/Firefox_3.5.12



email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Thursday, September 2, 2010

New Security Update in Apple iTunes 10 Released

Apple has released iTunes version 10 (10.0.0.68) for Windows. This release includes several security updates - all in WebKit.

References:
http://support.apple.com/kb/HT4328


email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Google Chrome 6.0.472.53 Released

Google Chrome 6.0.472.53 has been released for Windows, Mac, and Linux. The update includes fixes for 14 vulnerabilities, 7 of which are classified as critical.

References:
http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html
http://sites.google.com/a/chromium.org/dev/Home/chromium-security


email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity