October 2010 - Posts - Chris Mosby at myITforum.com

CVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability – SANS Internet Storm Center

CVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability

Published: 2010-10-28,
Last Updated: 2010-10-28 21:51:01 UTC
by Manuel Humberto Santander Pelaez (Version: 1)

Adobe released today APSA10-05 advisory, which shows a 0-day vulnerability that can be exploited remotely for Adobe Flash Player, Adobe Reader and Acrobat. Adobe says the update will exist hopefully by the Nov 15 week.

The following are the mitigation measures recommended by adobe:

Adobe Reader and Acrobat 9.x - Windows
Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content.

The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:Program FilesAdobeReader 9.0Readerauthplay.dll for Adobe Reader or C:Program FilesAdobeAcrobat 9.0Acrobatauthplay.dll for Acrobat.

Adobe Reader 9.x - Macintosh
1) Go to the Applications->Adobe Reader 9 folder.
2) Right Click on Adobe Reader.
3) Select Show Package Contents.
4) Go to the Contents->Frameworks folder.
5) Delete or move the AuthPlayLib.bundle file.

Acrobat Pro 9.x - Macintosh
1) Go to the Applications->Adobe Acrobat 9 Pro folder.
2) Right Click on Adobe Acrobat Pro.
3) Select Show Package Contents.
4) Go to the Contents->Frameworks folder.
5) Delete or move the AuthPlayLib.bundle file.

Adobe Reader 9.x - UNIX
1) Go to installation location of Reader (typically a folder named Adobe).
2) Within it browse to Reader9/Reader/intellinux/lib/ (for Linux) or Reader9/Reader/intelsolaris/lib/ (for Solaris).
3) Remove the library named "libauthplay.so.0.0.0."

More information at http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

Posted Friday, October 29, 2010 8:08 AM by cmosby | with no comments

Filed under: Security and Anti-Virus, Internet Applications, Configuration Management, Enterprise Applications, Software Vulnerabilites, Adobe

Microsoft Security Bulletin Minor Revisions - Issued: October 13, 2010

********************************************************************

Title: Microsoft Security Bulletin Minor Revisions

Issued: October 13, 2010

********************************************************************

Summary

=======

The following bulletins have undergone a minor revision increment.

Please see the appropriate bulletin for more details.

* MS10-082 - Important

* MS10-079 - Important

* MS10-077 - Critical

* MS10-072 - Important

* MS10-071 - Critical

* MS10-070 - Important

Bulletin Information:

=====================

* MS10-082 - Important

- http://www.microsoft.com/technet/security/bulletin/ms10-082.mspx

- Reason for Revision: V1.1 (October 13, 2010): Corrected the

download link in the Affected Software table for Windows

Media Player 11 on Windows XP Professional x64 Edition

Service Pack 2.

- Originally posted: October 12, 2010

- Updated: October 13, 2010

- Bulletin Severity Rating: Important

- Version: 1.1

* MS10-079 - Important

- http://www.microsoft.com/technet/security/bulletin/ms10-079.mspx

- Reason for Revision: V1.1 (October 13, 2010): Corrected the

package name for the Microsoft Office Compatibility Pack

(KB2345043) update. This is an informational change only.

Customers who have already successfully updated their systems

do not need to take any action.

- Originally posted: October 12, 2010

- Updated: October 13, 2010

- Bulletin Severity Rating: Important

- Version: 1.1

* MS10-077 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms10-077.mspx

- Reason for Revision: V1.1 (October 13, 2010): Changed the

vulnerability severity rating for Windows Server 2008 and

Windows Server 2008 R2 to Important. Also added a link to

Microsoft Knowledge Base Article 2160841 under Known Issues

in the Executive Summary, and revised the vulnerability mitigations.

- Originally posted: October 12, 2010

- Updated: October 13, 2010

- Bulletin Severity Rating: Critical

- Version: 1.1

* MS10-072 - Important

- http://www.microsoft.com/technet/security/bulletin/ms10-072.mspx

- Reason for Revision: V1.1 (October 13, 2010): Added a link to

Microsoft Knowledge Base Article 2412048 under Known Issues

in the Executive Summary.

- Originally posted: October 12, 2010

- Updated: October 13, 2010

- Bulletin Severity Rating: Important

- Version: 1.1

* MS10-071 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms10-071.mspx

- Reason for Revision: V1.1 (October 13, 2010): Corrected the

update package names for Internet Explorer in the Windows

Server 2008 deployment reference table. This is an

informational change only. Customers who have already

successfully updated their systems do not need to take any action.

- Originally posted: October 12, 2010

- Updated: October 13, 2010

- Bulletin Severity Rating: Critical

- Version: 1.1

* MS10-070 - Important

- http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx

- Reason for Revision: V2.1 (October 13, 2010): Added three update

FAQs to clarify affected software.

- Originally posted: September 28, 2010

- Updated: October 13, 2010

- Bulletin Severity Rating: Important

- Version: 2.1

Posted Thursday, October 14, 2010 8:07 AM by cmosby | with no comments

Filed under: SMS, Patch Management, Microsoft Windows, Security, Configuration Management, ConfigMgr, Software Vulnerabilites

October 2010 Microsoft Black Tuesday Summary – SANS Internet Storm Center

October 2010 Microsoft Black Tuesday Summary

Share |

Published: 2010-10-12,
Last Updated: 2010-10-12 17:23:36 UTC
by Adrien de Beaupre (Version: 1)

1 comment(s)

Overview of the October 2010 Microsoft Patches and their status.

#	Affected	Contra Indications	Known Exploits	Microsoft rating	ISC rating(*)
clients	servers
MS10-071	Cumulative Security Update for Internet Explorer (Replaces MS10-053 )
Internet Explorer CVE-2010-0808 CVE-2010-3243 CVE-2010-3324 CVE-2010-3325 CVE-2010-3326 CVE-2010-3327 CVE-2010-3328 CVE-2010-3329 CVE-2010-3330 CVE-2010-3331	KB 2360131	CVE-2010-3325 and CVE-2010-3324 have been disclosed publicly.	Severity:Critical Exploitability: ?,3,3,3,?,1,1,3,1	Critical	Important
MS10-072	Vulnerabilities in SafeHTML (Replaces MS10-039 )
Internet Explorer CVE-2010-3243 CVE-2010-3324	KB 2412048	No known exploits.	Severity:Important Exploitability: 3,3	Less urgent	Important
MS10-073	Vulnerabilities in Windows Kernel-Mode Drivers (Replaces MS10-048 )
Kernel Mode Drivers CVE-2010-2549 CVE-2010-2743 CVE-2010-2744	KB 981957	No known exploits.	Severity:Important Exploitability: 3,?,1	Important	Important
MS10-074	Vulnerability in Microsoft Foundation Classes (Replaces MS07-012 )
Foundation Classes CVE-2010-3227	KB 2387149	No known exploits.	Severity:Moderate Exploitability: ?	Important	Important
MS10-075	Vulnerability Media Player Network Sharing Service
Media Player Network Sharing Service CVE-2010-3225	KB 2281679	no known exploits.	Severity:Critical Exploitability: ?	Critical	Important
MS10-076	Vulnerability in the Embedded OpenType Font Engine
OpenType Font Engine CVE-2010-1883	KB 982132	No known exploits.	Severity:Critical Exploitability: ?	Critical	Important
MS10-077	Vulnerability in .NET Framework Could Allow Remote Code Execution
.NET Framework CVE-2010-3228	KB 2160841	No known exploits.	Severity:Critical Exploitability: 1	Critical	PATCH NOW!
MS10-078	Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (Replaces MS10-037 )
OpenType Font (OTF) CVE-2010-2740 CVE-2010-2741	KB 2279986	No known exploits.	Severity:Important Exploitability: 1,1	Critical	Important
MS10-079	Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (Replaces MS09-068 MS10-056 )
Microsoft Word CVE-2010-3214 CVE-2010-3216	KB 2293194	No known exploits.	Severity:Important Exploitability: 1,1	Critical	Important
MS10-080	Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (Replaces MS10-038 MS10-057 )
Excel CVE-2010-3232 CVE-2010-3234 CVE-2010-3235 CVE-2010-3236 CVE-2010-3238 CVE-2010-3239	KB 2293211	No known exploits.	Severity:Important Exploitability: 1,1,1,1,1,1	Important	Important
MS10-081	Comctl32 Heap Overflow Vulnerability
Comctl32 CVE-2010-2746	KB 2296011	No known exploits.	Severity:Important Exploitability: 1	Critical	Important
MS10-082	Vulnerability in Windows Media Player Could Allow Remote Code Execution (Replaces MS10-027 )
Microsoft Windows CVE-2010-2745	KB 2378111	No known exploits.	Severity:Important Exploitability: 1	PATCH NOW!	Critical
MS10-083	Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution
Internet Explorer CVE-2010-1263	KB 2405882	No known exploits.	Severity:Important Exploitability: 1	PATCH NOW!	Critical
MS10-084	Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (Replaces MS10-066 )
Microsoft Windows CVE-2010-3222	KB 2360937	This vulnerability has been disclosed publicly.	Severity:Important Exploitability: 1	Critical	Important
MS10-085	Vulnerability in SChannel Could Allow Denial of Service (Replaces MS10-049 )
Microsoft Windows, IIS CVE-2010-3229	KB 2183461	No known exploits.	Severity:Important Exploitability: 3	Important	Important
MS10-086	Vulnerability in Windows Shared Cluster Disks Could Allow Tampering
Microsoft Windows	KB 2294255	No known exploits.	Severity:Moderate Exploitability: ?	Important	Important

We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.
The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.
Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.
All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them

Thanks to fellow handlers Johannes, Scott, and Guy!

Posted Tuesday, October 12, 2010 12:36 PM by cmosby | with no comments

Filed under: Patch Management, Microsoft Windows, Internet Explorer, Microsoft Office, Internet Applications, Security, Configuration Management, ConfigMgr, Enterprise Applications, Software Vulnerabilites

ADVANCE NOTIFICATION - October 2010 Microsoft Security Bulletin Release

oooo now this should be fun! 16 patches out next week…

On October 12, 2010, Microsoft is planning to release sixteen (16) new security bulletins. Below is a summary.

New Bulletin Summary

Bulletin ID	Maximum Severity Rating	Vulnerability Impact	Restart Requirement	Affected Software
Bulletin 1	Critical	Remote Code Execution	Requires restart	Internet Explorer on Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Bulletin 2	Critical	Remote Code Execution	May require restart	Microsoft Windows Vista and Windows 7.
Bulletin 3	Critical	Remote Code Execution	May require restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Bulletin 4	Critical	Remote Code Execution	May require restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Bulletin 5	Important	Information Disclosure	May require restart	Microsoft Windows SharePoint Services, SharePoint Foundation 2010, Office SharePoint Server 2007, and Groove Server 2010.
Bulletin 6	Important	Elevation of Privilege	Requires restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Bulletin 7	Important	Elevation of Privilege	Requires restart	Microsoft Windows XP and Windows Server 2003
Bulletin 8	Important	Remote Code Execution	May require restart	Microsoft Office Word 2002, Word 2003, Word 2007, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Word Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Office Web Apps, and Word Web App.
Bulletin 9	Important	Remote Code Execution	May require restart	Microsoft Excel 2002, Excel 2003, Excel 2007, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Excel Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.
Bulletin 10	Important	Remote Code Execution	Requires restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Bulletin 11	Important	Remote Code Execution	May require restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Bulletin 12	Important	Remote Code Execution	Requires restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Bulletin 13	Important	Elevation of Privilege	Requires restart	Microsoft Windows XP and Windows Server 2003.
Bulletin 14	Important	Denial of Service	Requires restart	Microsoft Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Bulletin 15	Moderate	Remote Code Execution	May require restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Bulletin 16	Moderate	Tampering	Requires restart	Microsoft Windows Server 2008 R2.

* The list of affected software in the summary table is an abstract. To see the full list of affected components please click on the "Advance Notification Webpage" link below and review the "Affected Software" section.

Although we do not anticipate any changes, the number of bulletins, products affected, restart information, and severities are subject to change until released.

Advance Notification Webpage: The full version of the Microsoft Security Bulletin Advance Notification for this month can be found at http://www.microsoft.com/technet/security/bulletin/ms10-oct.mspx.

Microsoft Windows Malicious Software Removal Tool: Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Monthly Security Bulletin Webcast: To address customer questions on these bulletins Microsoft will host a webcast next Wednesday, October 13, 2010, at 11:00 A.M. Pacific Time (U.S. and Canada). Registration for this event and other details can be found at http://www.microsoft.com/technet/security/bulletin/summary.mspx.

Posted Thursday, October 07, 2010 12:48 PM by cmosby | with no comments

Filed under: Patch Management, Microsoft Windows, Internet Explorer, Microsoft Office, Security, Configuration Management, ConfigMgr, Software Vulnerabilites

Adobe Product Security Incident Response Team (PSIRT) Blog - Security updates released for Adobe Reader and Acrobat - October 5, 2010

Adobe Product Security Incident Response Team (PSIRT) Blog /

Security updates released for Adobe Reader and Acrobat

by David Lenoe

Created

October 5, 2010

Today, a Security Bulletin has been posted in regards to this quarter’s security updates for Adobe Reader and Acrobat. The updates address critical security issues in the products, including CVE-2010-2883 referenced in Security Advisory APSA10-02 and CVE-2010-2884 referenced in the Adobe Flash Player Security Bulletin APSB10-22. Adobe recommends that users apply the updates for their product installations.

Note that today’s updates represent an accelerated release of the quarterly security update originally scheduled for October 12, 2010. With this accelerated schedule, Adobe will not release additional updates for Adobe Reader and Acrobat on October 12, 2010. The next quarterly security updates for Adobe Reader and Acrobat are scheduled for February 8, 2011.

This posting is provided “AS IS” with no warranties and confers no rights.

Posted Wednesday, October 06, 2010 8:29 AM by cmosby | with no comments

Filed under: Security and Anti-Virus, Patch Management, Internet Applications, Enterprise Applications, Software Vulnerabilites, Adobe

Adobe Product Security Incident Response Team (PSIRT) Blog - Prenotification: Quarterly Security Updates for Adobe Reader and Acrobat

Adobe Product Security Incident Response Team (PSIRT) Blog /

Prenotification: Quarterly Security Updates for Adobe Reader and Acrobat

by Wendy Poland

Created

September 30, 2010

A prenotification Security Advisory has been posted in regards to the upcoming quarterly Adobe Reader and Acrobat updates scheduled for October 5, 2010. The updates will address critical security issues in the products, including CVE-2010-2883 referenced in Security Advisory APSA10-02 and CVE-2010-2884 referenced in the Adobe Flash Player Security Bulletin APSB10-22. These security updates will be made available for Windows, Macintosh and UNIX.

Note that the October 5, 2010 updates represent an accelerated release of the next quarterly security update originally scheduled for October 12, 2010. With this accelerated schedule, Adobe will not release additional updates for Adobe Reader and Acrobat on October 12, 2010.

We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.

Posted Friday, October 01, 2010 1:57 PM by cmosby | with no comments

Filed under: Security, Software Vulnerabilites, Adobe

Chris Mosby at myITforum.com

Search

Tags

News

Unique Visitors

Navigation

Archives

Microsoft Links

SMS Links

Great Blogs

My Links

Security Links

Anti-Virus Links

Things I Have Done or I Am Involved In

Published Works