Microsoft Security Advisory 975497 Released
By MSRCTEAM on Zero-Day Exploit
We’ve just released Microsoft released Security Advisory 975497 that provides information about a new, irresponsibly reported vulnerability in SMB 2.0. Our investigation has shown that Windows Vista, Windows Server 2008 and Windows 7 RC are affected by this vulnerability. Windows 7 RTM, Windows Server 2008 R2, Windows XP and Windows 2000 are not affected by this vulnerability.
The Security Advisory outlines steps that Windows Vista and Windows Server 2008 customers can take to help protect themselves while we work on a security update for this issue.
As always, we’ve provided information through Microsoft Active Protections Program (MAPP) as well as the Microsoft Security Response Alliance (MSRA) that they can use to help provide broader protections to customers.
We will update you through our security advisory and the MSRC Weblog as we have new information.
Thanks
Christopher
*This posting is provided "AS IS" with no warranties, and confers no rights*
Mozilla patches holes in Firefox 3.5, 3.0
By Stephen Shankland
Mozilla on Wednesday released two new versions of its browser, Firefox 3.5.3 and 3.0.14, that patch three critical security holes and fix assorted other bugs.
The updates can be fetched through the Help menu's Check for Updates option, or can be downloaded directly.
Although Mozilla ...
Originally posted at Deep Tech
Darknet - The Darkside
Ethical Hacking, Penetration Testing & Computer Security
Haraldscan – BlueTooth Discovery Scanner
By Darknet on python tool
I thought a while ago about posting some stuff on Bluetooth hacking, but never got round to it. Have posted a couple of new articles on Bluetooth but haven’t yet posted any tools. So let’s start with Haraldscan – a Bluetooth discovery scanner. The scanner will be able to determine Major and Minor device class of [...]
DarkReading - All Stories
DarkReading
DuPont Alleges Second Insider Breach In Two Years
DuPont claims former employee was headed to China with company secrets
Microsoft, Cisco Issue Defenses For TCP Denial-Of-Service Attack
Long-awaited security updates finally arrive for attacks targeting TCP, but still more to come
DarkReading - Security News
DarkReading
Expert Patrick Sweeney Explains Security and Political Implications of VoIP and Video Network Control
eWeek Security Watch
Mozilla Warning Users With Vulnerable Adobe Flash Plug-ins
In Web 2.0
Mozilla has built-in new detection to its Firefox browser to warn users if they are using an older version of Adobe's Flash Player plug-in.
Federal Computer Week: Security News
Trust, but let Google verify: Companies join government in identity authentication experiment
The OpenID and Information Card foundations today announced pilot identity management projects with federal agencies and vendors.
InformationWeek Security News
InformationWeek
Gov 2.0: FBI Official Fills In As Acting Cybersecurity Chief
By J. Nicholas Hoover
The FBI's Chris Painter steps in temporarily as federal CTO Aneesh Chopra expects a permanent appointee to be named in the "not too distant future.
Gov 2.0: Ten Companies Bring Open Identity To Government
By Thomas Claburn
Moving to make make online government resources both more social and more private, a coalition of companies has committed to supporting OpenID and Information Cards at federal Web sites.
Microsoft Fixes Eight Flaws, But Three Remain Open
By Thomas Claburn
The September patch set from Microsoft has fallen a bit short, leaving three zero-day vulnerabilities open to be exploited
Network World on Security
The latest security news, analysis, reviews and feature articles from NetworkWorld.com.
4 Ways to Get the Most from Your PCI QSAs
In an interview with CSOonline last month, Heartland Payment Systems Inc. CEO Robert Carr lashed out against qualified security assessors (QSAs) who audited his company for PCI security compliance, claiming they missed key network holes that ultimately enabled a massive data security breach. Readers hit back, slamming Carr for not owning up to problems rampant in his IT security operation -- for one example, read One Man's View: Heartland CEO Must Accept Responsibility.
DuPont sues Chinese scientist for trade-secret theft
For the second time in less than three years, a research scientist at DuPont has been accused of misappropriating trade secrets and attempting to use them to build competing products in China.
Reader rabid: Gmail, Amazon blunders, gov't spying
It's time once again to recap the best of what's been pouring into my mailbox (now that my e-mail is working again). Here's what the residents of Cringeville had to say about what I've been saying lately.
Mozilla releases Flash-checking security update
Mozilla is pushing out a new release of its flagship Firefox browser that fixes critical security vulnerabilities in the software and, for the first time, checks to see if the browser's Flash Player is up-to-date.
Microsoft confirms critical unpatched Vista, Windows 7 RC bug
MIcrosoft late Tuesday confirmed that a bug in Windows Vista, Windows Server 2008, and the release candidates of Windows 7 and Windows Server 2008 R2, could be used to hijack PCs.
Swotting up on Facebook virus exposes web users
Web users searching the internet for information on the latest Facebook virus could be unintentionally putting themselves at risk of phishing scams, says Sophos.
Startup invents anti-theft tag for smartphones
A UK startup will this week start selling a cheap plastic tag it believes could banish forever the daily blight of mobile phone loss and theft.
Privacy groups: Obama has more work to do
U.S. President Barack Obama's administration received mixed grades from privacy groups after more than seven months in power, with the groups saying Obama has done little to change a surveillance-state environment created under former President George Bush.
The Register - Security
Biting the hand that feeds IT
Oz government sites floored in firewall protests
Small earthquake in Canberra. Not many websites hurt
Hackers reportedly knocked over the website of Australian prime minister Kevin Rudd for a few minutes on Wednesday in an apparent protest against government plans for compulsory internet content filtering.…
Guns, drugs, stolen identities - portrait of a phisher
The demise of 'cashout5050'
A California man has admitted he was part of an international phishing ring and stole tens of thousands of identities so he could support his methamphetamine habit.…
Critical bug infests newer versions of Microsoft Windows
Redmond OS hardening has its limits
Microsoft has promised to patch a serious flaw in newer versions of its Windows operating system after hackers released exploit code that allows them to take complete control of the underlying machines.…
German Pirate Party MP charged in child porn case
Immunity lifted
A German MP who recently quit the Social Democrats for the Pirate Party has been charged with possession and distribution of child pornography.…
Flight sim site turns over hacker evidence to UK cops
Shoot 'em down, says Avsim
A US-based flight simulator site targeted by a debilitating hacking attack back in May has reportedly tracked its attackers back to the UK.…
SANS Internet Storm Center, InfoCON: green
Healthcare Spam, (Thu, Sep 10th)
Shorty after President Obama finished his speech about healthcare earlier tonight, our reade ...(more)...
SANS NewsBites
All Stories From Vol: 11 - Issue: 71
Security Company in China Will Make Gigantic Malware Database Available to Others
KnownSec, a Chinese security company, has developed a gigantic database containing information about malware and malware infections in China available to others.......
Apache Issues Incident Report About Recent Attack (August 28 & September 3, 2009)
Administrators at Apache Software Foundation have posted a detailed account of a security breach that forced them to temporarily shut down their website.......
H1N1 Pandemic Preparedness Papers from SANS Technology Institute degree Candidates
If you are trying to decide how prepared you and your IT systems are for an H1N1 pandemic, you'll want to read the mini-thesis submitted by Jim Beechey and Rob VandenBrink as part of their candidacy for Master of Science in Security Engineering at the SANS Technology Institute.......
Oracle Quarterly Patch Update Delayed One Week; Adobe's Delayed One Month (September 3 & , 2009)
Oracle has said its scheduled quarterly patch releases slated for October 13 will be delayed.......
Chinese News Sites Requiring Commenters to Log On With True Identities (September 6, 2009)
Computer users wishing to make comments on Chinese news websites must log on with their real names and identification numbers; the sites have imposed the requirement to meet a confidential directive from China's State Council Information Office.......
Older Versions of WordPress Blogging Software Vulnerable to Worm Attack (September 5 & 7, 2009)
Bloggers using older versions of WordPress blogging software are urged to upgrade to version 2.......
Amazon Offers to Restore Animal Farm and 1984 to Kindle Users' Devices (September 5, 2009)
Amazon is offering Kindle owners whose copies of Animal Farm and 1984 were removed from their devices without notice earlier this summer the choice of having the books restored or being issued a US $30 credit.......
Some Web Monitoring Software Collects and Sells Chat Contents (September 4, 2009)
Certain web monitoring software is collecting the contents of users' chats and selling the data to companies that use it to fine tune their marketing strategies.......
Australian Man Will be Tried for Cyber Crimes (September 4, 2009)
An Australian man has been charged with numerous offenses in connection with allegedly compromising thousands of computers around the world with malware designed to steal financial account information.......
Infected USB Drive Wreaks Havoc on London Area Council IT Systems (September 4, 2009)
One infected USB drive cost the Ealing Council more than GBP 500,000 (US $817,000) in lost revenue and repairs.......
Apple Releases Java Update (September 3 & 4, 2009)
Apple has released a security update to address vulnerabilities in Java for Apple that could be exploited to elevate privileges, execute arbitrary code, or terminate applications.......
Canadian Privacy Commissioner Wants Bell Canada to be Forthright About Data Collection (September 3, 2009)
Canada's Privacy Commissioner Jennifer Stoddart is demanding that Bell Canada inform all of its subscribers that in the process of managing Internet traffic, it collects some identifying information.......
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft issues SMB vulnerability advisory, patch pending
By Robert Westervelt
With attack code widely available, companies could take steps to mitigate the threat. Windows 7 and Vista users are at risk.
SecuriTeam
Welcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.
VMWare VMnc Codec Mismatched Dimensions Buffer Overflow
A vulnerability has been discovered in various VMWare products, which can be exploited by malicious people to compromise a user's system. This vulnerability is caused due to a boundary error in the VMnc codec (vmnc.dll) and can be exploited to cause a heap-based buffer overflow via a specially crafted video file with mismatched dimensions.
Orion Application Server Example Pages XSS Vulnerability
Orion application server is a java based web application server. Various Orion application application server example pages are vulnerable to XSS.
ChartDirector for .NET File Access Vulnerability
CharrtDirector 5.01 for .NET is a widely used chart component on financial & stock trading website. It includes a query variable "cacheId=" that is not sanitized. This allows an attacker to download files.
Microsoft Windows XP/Vista TCP/IP Orphaned Connections Vulnerability
The TCP/IP-Stack of the Microsoft Windows XP/Vista Operating System is vulnerable to a remote resource exhaustion vulnerability. By taking advantage of this vulnerability, an attacker can cause a connection's Transmission Control Block (TCB) to remain in memory for an indefinite amount of time without the need for the attacker to further maintain the connection's activity.
Microsoft Internet Explorer JScript arguments Invocation Memory Corruption
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
Security - RSS Feeds
Security - RSS Feeds
Tech Giants Join Open Identity Partnership with Government
Yahoo, AOL and Google are among 10 companies that are working with the government to push support for OpenID and Information Card technologies for members of the public using government Websites.
- Ten companies ranging from Yahoo to PayPal to Google are supporting plans to support pilot programs aimed at enabling users to log in to government Websites using OpenID and Information Card technologies. The initiative is meant to fit into President Obamas memorandum to make it easy for ind...
Windows 7 Security Bug Emerges at Worst Time for Microsoft
News Analysis: Microsoft's Windows 7 is experiencing a well-publicized security problem that reportedly affects a release candidate. The software giant contends that the security bug doesn't affect the production version of Windows 7 that the company is releasing to PC manufacturers, consumers and retail store shelves. It's time for Microsoft to focus on building customer confidence that the shipping version will truly be more secure than earlier Windows editions.
- In what could be a major issue for Microsoft as it prepares for the release of Windows 7 next month, the company announced that it has found a bug that could hijack PCs running Windows Vista, Windows Server 2008 and Windows 7. Security researchers found that the issue affects the Windows 7 Rel...
Symantec Norton 2010 Pushes Reputation Technology in Malware Battle
Symantec releases Norton Internet Security 2010 and Norton AntiVirus 2010 and touts the products' anti-malware use of reputation technology. This exemplifies a trend among security vendors in recent years of moving beyond traditional signature-based approaches to fighting malware.
- It is no secret that the anti-virus market has been struggling to keep up with threats. For that reason, many security vendors have been moving away from a strictly signature-based approach in favor of other types of malware protection using techniques like whitelisting and behavioral-based det...
Microsoft Warns of New Windows Bug, Advises Users to Take Precautions
Microsoft confirms the existence of a bug in Windows Server 2008, Windows Vista and release candidates of Windows 7 that could be used to hijack PCs. While users await a patch, there are a few steps they can take to protect themselves.
- Hours after its latest Patch Tuesday release, Microsoft confirmed the presence of a serious zero-day bug in Windows Vista, Windows Server 2008 and release candidates of Windows 7. The vulnerability, which lies in Windows' SMB (Server Message Block) 2, is due to the SMB implementation impro...
Security Fix
Brian Krebs on computer and Internet security
Cyber Thieves Steal $447,000 From Wrecking Firm
In Latest Warnings
Organized cyber thieves are increasingly looting businesses in heists that can net hundreds of thousands of dollars. Security vendors and pundits may be quick to suggest a new layer of technology to thwart such crimes, but in a great many cases, the virtual robbers are foiled because an alert observer spotted something amiss early on and raised a red flag. In mid-July, computer crooks stole $447,000 from Ferma Corp., a Santa Maria, Calif.-based demolition company, by initiating a large batch of transfers from Ferma's online bank account to 39 "money mules," willing or unwitting accomplices who typically are ensnared via job search Web sites into bogus work-at-home schemes. Ferma President Roy Ferrari said he learned of the fraud not from his bank but from a financial institution at which several of the mules had recently opened accounts. Ferma employees worked extensively with that bank and several others to reverse the
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Serious security bug found in Windows Vista
Serious security bug found in Windows Vista
TaoSecurity
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
MS09-048 on Windows XP: Too Hard to Fix
By Richard Bejtlich
This is a follow-up to MS09-048 is Microsoft's Revenge Against XP in the Enterprise. Everyone is talking about how Windows 2000 will not receive a patch for MS09-048:
If Microsoft Windows 2000 Service Pack 4 is listed as an affected product, why is Microsoft not issuing an update for it?
The architecture to properly support TCP/IP protection does not exist on Microsoft Windows 2000 systems, making it infeasible to build the fix for Microsoft Windows 2000 Service Pack 4 to eliminate the vulnerability. To do so would require rearchitecting a very significant amount of the Microsoft Windows 2000 Service Pack 4 operating system, not just the affected component. The product of such a rearchitecture effort would be sufficiently incompatible with Microsoft Windows 2000 Service Pack 4 that there would be no assurance that applications designed to run on Microsoft Windows 2000 Service Pack 4 would continue to operate on the updated system.
Let's think about that for a minute. Vista's TCP/IP stack is the Next Generation TCP/IP Stack. This means XP shares at least some of the TCP/IP stack of Windows 2000. Microsoft (as noted in my last post) didn't patch XP because it said the client firewall mitigated the problem, as long as you don't expose any ports -- not because XP is invulnerable. From what we can gather, XP is at least vulnerable to the two DoS flaws (TCP/IP Zero Window Size Vulnerability - CVE-2008-4609 and TCP/IP Orphaned Connections Vulnerability - CVE-2009-1926).
In other words, patching Windows XP is also architecturally "infeasible."
This appears to be more than a theory. Just about the only straight answer I could get from a Microsoft rep this evening was the answer that MS09-048 is too hard to fix on XP, just like it was too hard to fix on 2000.
I think it's time to tell Microsoft this situation is not acceptable.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
MS09-048 is Microsoft's Revenge Against XP in the Enterprise
By Richard Bejtlich
MS09-048 worries me.
Non-Affected Software
Operating System
Windows XP Service Pack 2 and Windows XP Service Pack 3*
How are default configurations of Windows XP not affected by this vulnerability?
By default, Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2 do not have a listening service configured in the client firewall and are therefore not affected by this vulnerability. For the denial of service to succeed, an affected system must have a listening service with an exception in the client firewall. Windows XP Service Pack 2 and later operating systems include a stateful host firewall that provides protection for computers against incoming traffic from the Internet or from neighboring network devices on a private network.
Someone please tell me I am misinterpreting this. It looks to me like this is bad news for the enterprise that operates any listening services on their Windows XP systems. Oh, I don't know, maybe something like Microsoft SMB/CIFS? In other words, if you expose a service within the enterprise, and you allow other systems to connect to it, then you are vulnerable to MS09-048 -- and Microsoft isn't publishing a patch for XP SP2 or XP SP3?
What's worse is that I can't tell if XP SP2 or SP3 is vulnerable to this vulnerability in MS09-048:
TCP/IP Timestamps Code Execution Vulnerability - CVE-2009-1925
A remote code execution vulnerability exists in the Windows TCP/IP stack due to the TCP/IP stack not cleaning up state information correctly. This causes the TCP/IP stack to reference a field as a function pointer when it actually contains other information. An anonymous attacker could exploit the vulnerability by sending specially crafted TCP/IP packets to a computer that has a service listening over the network. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
So, at best we have an unpatched vulnerability that lets anyone in the enterprise remotely crash any XP SP2 and XP SP3 system with at least one listening service (139, 445 TCP) that the attacker can reach. At worst we have an unpatched vulnerability that lets anyone in the enterprise remotely exploit any XP SP2 and XP SP3 system with at least one listening service (139, 445 TCP) that the attacker can reach.
Does anyone know if TCP/IP Timestamps Code Execution Vulnerability - CVE-2009-1925 applies to XP SP2 or XP3?
Incidentally, running Microsoft Update on a Windows XP SP3 system does not show a patch for MS09-048 as available.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
WindowSecurity.com
WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.
Document placement: File Shares or SharePoint?
By blue@jinx.dk (Jesper M. Christensen)
Choosing the right location for your files and how SharePoint can help you secure certain information.
Yahoo! News: Security News
Security News
Critical Patch Tuesday Misses Serious Hole in FTP (NewsFactor)
In technology
NewsFactor - Before the dust even settled on Patch Tuesday, Microsoft confirmed a bug in several versions of its Windows operating system that could leave the door open to malicious hackers. Windows Vista, Windows Server 2008, and the release candidates of Windows 7 and Windows Server 2008 R2 are vulnerable.
Zero Day
Tracking the hackers
'Anonymous' group attempts DDoS attack against Australian government
By Dancho Danchev on Pen testing
Following a threat posted on YouTube a month ago, the the well known malicious pattern of the “Anonymous group” failed to materialize earlier today when the group attempted to launch a distributed denial of service (DDoS) attack against the web sites of Australia’s Prime Minister and the Australian Communications and Media Authority’s web site as [...]
iPhone, QuickTime bitten by security bugs
By Ryan Naraine on iPhone
Apple has released security patches to cover serious security vulnerabilities in its iPhone, iPod Touch and QuickTime products.
Microsoft confirms SMB2 vulnerability, warns of code execution risk
By Ryan Naraine on Zero-day attacks
Microsoft has issued a formal security advisory to confirm the remote reboot flaw in its implementation of the SMB2 protocol, going a step further to warn that a successful attack could lead to remote code execution and full system takeover.
Windows 7, Vista exposed to 'teardrop attack'
By Ryan Naraine on Zero-day attacks
Exploit code for a remote reboot flaw in Microsoft's implementation of the SMB2 protocol has been posted on the internet, exposing users of Windows 7 and Windows Vista to teardrop attacks.
Posts
No comments:
Post a Comment