Search results matching tags 'Internet Applications' and 'Enterprise Applications'

Microsoft Security Advisory Notification - Issued: January 14, 2010

cmosby — Fri, 15 Jan 2010 05:00:00 GMT

********************************************************************

Title: Microsoft Security Advisory Notification

Issued: January 14, 2010

********************************************************************

Security Advisory Released Today

==============================================

* Microsoft Security Advisory (979352)

- Title: Vulnerability in Internet Explorer Could

Allow Remote Code Execution

- http://www.microsoft.com/technet/security/advisory/979352.mspx

- Revision Note: Advisory published.

0-day vulnerability in Internet Explorer 6, 7 and 8 - SANS Internet Storm Center

cmosby — Fri, 15 Jan 2010 05:00:00 GMT

0-day vulnerability in Internet Explorer 6, 7 and 8

Published: 2010-01-14,
Last Updated: 2010-01-14 22:19:56 UTC
by Bojan Zdrnja (Version: 1)

1 comment(s)

Microsoft just published an advisory about a critical security vulnerability in all versions of Internet Explorer (apart from 5 – but no one has that around anymore, right?).

While all versions of Internet Explorer are affected, the risk for everyone running Internet Explorer 8 is lower since it has DEP (Data Execution Prevention) enabled by default. DEP makes exploitation of this vulnerability more difficult so as a temporary workaround you might want to enable it for older IEs (keep in mind that it might break some add-ons).

Microsoft says that so far they only saw exploits against Internet Explorer 6. In a related post (here) McAfee said that this vulnerability was (one of those) used to compromise Google. So, it appears that it was maybe even a cocktail of 0-day exploits used (IE + Adobe).

0-day vulnerability in Internet Explorer 6, 7 and 8 - SANS Internet Storm Center

cmosby — Fri, 15 Jan 2010 05:00:00 GMT

0-day vulnerability in Internet Explorer 6, 7 and 8

Published: 2010-01-14,
Last Updated: 2010-01-14 22:19:56 UTC
by Bojan Zdrnja (Version: 1)

1 comment(s)

Microsoft Security Advisory Notification - Issued: January 14, 2010

cmosby — Fri, 15 Jan 2010 05:00:00 GMT

********************************************************************

Title: Microsoft Security Advisory Notification

Issued: January 14, 2010

********************************************************************

Security Advisory Released Today

==============================================

* Microsoft Security Advisory (979352)

- Title: Vulnerability in Internet Explorer Could

Allow Remote Code Execution

- http://www.microsoft.com/technet/security/advisory/979352.mspx

- Revision Note: Advisory published.

Adobe flash player and air patched – SANS Internet Storm Center

cmosby — Fri, 11 Dec 2009 05:00:00 GMT

Adobe flash player and air patched

Published: 2009-12-09,
Last Updated: 2009-12-10 00:54:00 UTC
by Swa Frantzen (Version: 4)

2 comment(s) acebook witter

The almost universally installed flash player of adobe has been update to version 10.0.42.34. Adobe air was upgraded as well to version 1.5.3.

Read more about it in the apsb09-19 bulletin from adobe.

The reason behind it are 7 vulnerabilities: CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800 and, CVE-2009-3951 of which 6 lead to arbitrary code execution and the last one is a windows-only issue leading to unauthorized information disclosure, related to CVE-2008-4820.

"Upgrade!" is the loud and clear message should our audience need that encouragement.

At this point we have no guidance for users wishing to know more about version 9 of the flash player aside of considering an upgrade to the latest incarnation of version 10.

Thanks for the heads-up go to David and Andrew.

UPDATE 1:

Martin wrote in with a link to the download page for those with licenses (where you can get e.g. MSI packages) and that states: "As of December 8, 2009, Flash Player 9 is no longer available for distribution. All Licensees should now distribute Flash Player 10". I guess that implies those still holding out on Flash player 9 have but one path forward.

UPDATE 2:

We were informed by a reader that the w removed link to the download page for those with licenses is in fact a secret link. From the email adobe sends to their customers getting this link rightfully:

**********
You may not share the above link, share information with others, or publish the above link on websites, blogs, or by any other means that can be publicly accessed. The information contained on this site is meant for your use only in accordance with Adobe Flash Player Distribution License Agreement you accepted. You may direct others to http://www.adobe.com/products/players/fpsh_distribution1.html to request distribution rights.
Regards,
Adobe Systems Incorporated
***********

We didn't know about it being a secret link. And apologize for unknowingly exposing it.

If anybody knows a non-secret link that clearly states Flash Player 9 is at the end of it's updates, please send it to us as it's the kind of pressure some out there need to get to be allowed to upgrade the software.

UPDATE 3:

Flash player 9 updates for unsupported platforms are available in KB 406791. Note that his is intended for those still using unsupported OSes from their respective vendors such as Windows 98, Windows ME, MacOS X 10.1-10.3, and Red Hat Enterprise Linux 3 and 4 operating systems, who cannot run Flash player 10. Note adobe nowheresaid these were updated to fix the same bugs as those fixed in Flash player 10: use at your own risk.

Adobe flash player and air patched – SANS Internet Storm Center

cmosby — Fri, 11 Dec 2009 05:00:00 GMT

Adobe flash player and air patched

Published: 2009-12-09,
Last Updated: 2009-12-10 00:54:00 UTC
by Swa Frantzen (Version: 4)

2 comment(s) acebook witter

The almost universally installed flash player of adobe has been update to version 10.0.42.34. Adobe air was upgraded as well to version 1.5.3.

Read more about it in the apsb09-19 bulletin from adobe.

"Upgrade!" is the loud and clear message should our audience need that encouragement.

At this point we have no guidance for users wishing to know more about version 9 of the flash player aside of considering an upgrade to the latest incarnation of version 10.

Thanks for the heads-up go to David and Andrew.

UPDATE 1:

UPDATE 2:

We were informed by a reader that the w removed link to the download page for those with licenses is in fact a secret link. From the email adobe sends to their customers getting this link rightfully:

We didn't know about it being a secret link. And apologize for unknowingly exposing it.

UPDATE 3:

Curiosity as a Malicious PDF – McAfee Labs Blog

cmosby — Wed, 02 Dec 2009 05:00:00 GMT

Curiosity as a Malicious PDF

Friday November 20, 2009 at 7:00 am CST
Posted by Karthik Raman

1 Comment
Trackback

What would you do if you saw an email in your inbox with a PDF named “U.S. ship thwarts second pirate attack November 18, 2009.pdf”? Would the title pique your curiosity? I hope not enough for you open the document!

This PDF is the latest in the ugly line of exploit- and malware-ridden embedded PDFs that damage your computer. If you were unfortunate enough to open the file, you’d see what the malware writers expect you to see: a file named “Adobe.pdf” with details on a real story about piracy off the coast of East Africa.

But behind the scenes, sinister things occur. The malicious PDF runs some JavaScript that exploits the Adobe Collab overflow (CVE-2007-5659) and Adobe getIcon (CVE-2009-0927) vulnerabilities. This screenshot shows the beginning of the compressed JavaScript stream:

In addition, two variants of ProcKill-EM are dropped into the Windows system folder, usually C:\Windows\system32.

As always, if you receive a document–PDF or otherwise–from someone you don’t know, don’t open it. And even if you know the document’s sender, scan the file with your anti-virus program with the latest signatures before you open it.

McAfee customers are protected in the 5809 DATs against the threats mentioned above, as Exploit-PDF.aa and ProcKill-EM. Keep your signatures up to date and stay secure!

Curiosity as a Malicious PDF – McAfee Labs Blog

cmosby — Wed, 02 Dec 2009 05:00:00 GMT

Curiosity as a Malicious PDF

Friday November 20, 2009 at 7:00 am CST
Posted by Karthik Raman

1 Comment
Trackback

In addition, two variants of ProcKill-EM are dropped into the Windows system folder, usually C:\Windows\system32.

McAfee customers are protected in the 5809 DATs against the threats mentioned above, as Exploit-PDF.aa and ProcKill-EM. Keep your signatures up to date and stay secure!

ASProx Resurfaces with a Mass Compromise in Tow – Trend Labs Malware Blog

cmosby — Thu, 15 Oct 2009 04:00:00 GMT

ASProx Resurfaces with a Mass Compromise in Tow

5:44 am (UTC-7) | by Det Caraig (Technical Communications)

A specially crafted .PDF file, detected by Trend Micro as TROJ_PIDIEF.ASP, was recently found to have infected several Indian, Thai, and New Zealand websites.

The Trojan takes advantage of critical vulnerabilities in Adobe Reader 9.1.3 and Acrobat 9.1.3; Adobe Reader 8.1.6 and Acrobat 8.1.6 for Windows, Macintosh, and UNIX; and Adobe Reader 7.1.3 and Acrobat 7.1.3 for Windows and Macintosh. These vulnerabilities can cause the application to crash and can potentially allow an attacker to take control of an affected system. Adobe has thus advised users to patch their systems and download the necessary updates.

The Trojan belongs to an old but notable malware family known as “ASProx,” which plagued the Web last year. It was so notable that it made its way to Trend Micro’s Top 8 in 2008 list.

Most ASProx variants, including this most recent one, exhibited the same payload. They first compromised several websites. Visiting the said sites then triggerred redirections to various malicious URLs that ultimately led to the download of more malicious files.

The recent reemergence of the ASProx code or the cybercriminals behind it may not have brought anything new to the table but it is noteworthy in that this attack seemingly brought the botnet back from the dead after almost a year of inactivity.

Users, as usual, are thus warned to refrain from opening suspicious-looking files. They are also strongly advised to patch their systems regularly to avoid becoming prey to vulnerability exploits.

Trend Micro Smart Protection Network™ protects users from this threat by blocking access to malicious URLs and preventing the download of malicious files. Mac users are also protected through Trend Micro Security for Mac and Smart Surfing for Mac.

Non-Trend Micro product users, on the other hand, can also stay protected with Housecall, Trend Micro’s highly popular and capable on-demand scanner for identifying and removing viruses, Trojans, worms, unwanted browser plugins, and other malware.

ASProx Resurfaces with a Mass Compromise in Tow – Trend Labs Malware Blog

cmosby — Thu, 15 Oct 2009 04:00:00 GMT

ASProx Resurfaces with a Mass Compromise in Tow

5:44 am (UTC-7) | by Det Caraig (Technical Communications)

A specially crafted .PDF file, detected by Trend Micro as TROJ_PIDIEF.ASP, was recently found to have infected several Indian, Thai, and New Zealand websites.

The Trojan belongs to an old but notable malware family known as “ASProx,” which plagued the Web last year. It was so notable that it made its way to Trend Micro’s Top 8 in 2008 list.

Users, as usual, are thus warned to refrain from opening suspicious-looking files. They are also strongly advised to patch their systems regularly to avoid becoming prey to vulnerability exploits.