Microsoft Windows Updates

Posted on February 13, 2008 by Adam Hostetler

Microsoft has released their updates for the February patch cycle. There are quite a few updates that should be tested and applied ASAP. One of these is MS08-010, IE security update, for which there is already an exploit circulating in the wild. There are also several other critical updates that need to be applied.

A reminder, as another popular holiday is coming up. Watch for “Valentines Cards” in your emails, especially if you don’t know who they’re from. Even if you do know who they’re from, use caution, and don’t run any untrusted executables or visit untrusted sites.

Linux Local Kernel Exploit

Posted on February 11, 2008 by Adam Hostetler

Two proof of concept kernel exploits have been released into the wild that exploit a newly discovered vulnerability. Kernel versions 2.6.17 to 2.6.24.1 are affected. The vulnerability is found within the vmsplice function call. This exploit effectively gives local root access on a wide range of Linux distributions.
Kernel version 2.6.24.2 fixes the issue. It’s recommended to disable all shell access until your kernel is updated, either by building from sources, or waiting for your Linux distribution to release an update.

Adobe Reader, Acrobat Vulnerabilities

Posted on February 8, 2008 by Adam Hostetler

Vulnerabilities have been reported within Adobe Reader and Acrobat. Some of the vulnerabilities could allow an attacker to compromise the user’s system. Other vulnerabilities have an unknown risk. Adobe is currently working on an update. It is recommended that all users of Adobe Reader to upgrade to version 8.1.2.

WS_FTP Buffer Overflow Vulnerability

Posted on February 4, 2008 by Adam Hostetler

A vulnerability has been identified in IpSwitch’s WS_FTP Server with SSH software. The vulnerability is a buffer overflow. It is possible to exploit this issue to cause a denial of server condition, and it may be possible to execute code. The vulnerability is confirmed in IpSwitch WS_FTP Server with SSH version 6.1. Other versions may also be affected.

Excel Exploit In The Wild

Posted on January 16, 2008 by Adam Hostetler

Microsoft reported today that a previously unknown vulnerability in Excel is being actively exploited. According to the release the issue affects older versions of Excel, including Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000, and Microsoft Excel 2004 for OS X. The exploit requires the victim to open a malicious Excel file in order for the exploit to execute.

There is currently no fix for this issue, other than being very careful about which Excel files are opened. Microsoft said that they are working on a fix that may come out before the next patch cycle.

Microsoft’s advisory is at: http://www.microsoft.com/technet/security/advisory/947563.mspx

Quicktime PoC

Posted on January 15, 2008 by Adam Hostetler

Apple released an update to Quicktime yesterday, and attackers wasted no time coming up with a new exploit for it. Already in the public is a proof of concept exploit for Quicktime 7.3.1.70. It seems that Apple still hasn’t fixed the root cause of the RTSP vulnerability.

In other news, a survey over the past year on Oracle admins found that only 1 in 3 Oracle database admins bother to patch their databases. 68% of the admins admitted to never applying any patches at all. If that is true, it’s rather frightening.

Realplayer Exploit

Posted on January 4, 2008 by Adam Hostetler

RealNetworks has not yet patched the vulnerability for the issue we discussed a few days ago. With proof of concept code already released, its assumed that there are malicious versions of the exploit already out there, or at least being worked on. We highly recommend that real video files be blocked, or real player be uninstalled on machines for the time being. RealNetworks is still investigating the issue, and its unknown when a fix is expected.

More Storm Worm

Posted on December 27, 2007 by Adam Hostetler

Not a lot happening today in vulnerability news. However, a new round of the storm worm has been circulating. This time the emails are coming with “Happy New Years” themes. This one is seems to be pointing to the domain “uhavepostcard.com”. So be wary of any ecards in your inbox.

Novell Identity Manager, Groove Office

Posted on December 26, 2007 by Adam Hostetler

Groove Virtual Office is reported to have a vulnerable ActiveX control. The vulnerability is a buffer overflow which could potentially allow code execution if an exploit were successful. This vulnerability applies to Groove Virtual Office 3.x, and does not affect the newest version included in Office 2007. At this time there’s no patch, so it is recommended to disable the ActiveX control.

A vulnerability has also been reported in Novell Identity Manager. This vulnerability could be exploited by a remote attacker to cause a Denial of Service condition. It’s reported that version 3.5.1 is affected, but may also affect other versions. Novell has issued a patch for this issue.

Flash and Web 2.0

Posted on December 24, 2007 by Adam Hostetler

A new book due to be released, details vulnerabilities within Web “2.0” content. We expect this to create a rise in general knowledge among these web applications. One specific area within the book details , as of yet, unpatched Adobe Flash XSS vulnerabilities. It is speculated that there are thousands of Flash apps out there that are potentially vulnerable to these issues. It’s also known that many Flash authoring tools generate code with these bugs. It’s recommended that end users disable Flash for the time being. Adobe is expected to release updates for these issues within the coming weeks.

MSI :: State of Security

Insight from the Information Security Experts

Author Archives: Adam Hostetler