Showing posts sorted by relevance for query Security bulletins. Sort by date Show all posts
Showing posts sorted by relevance for query Security bulletins. Sort by date Show all posts

Microsoft Patches Serious 34 Vulnerabilities

Posted by Avik Sarkar On 6/15/2011 10:00:00 pm



In today's Patch Tuesday, Microsoft released 16 bulletins addressing 34 vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET, SQL, Visual Studio, Silverlight, VML and ISA. Nine of the bulletins are rated Critical, with seven rated as Important. Wolfgang Kandek, Qualys CTO, comments: "The only bulletin with a known expoit in the wild is MS11-046, a local privilege escalation flaw in the "afd.sys" driver. IT admins can check with their end-point security providers for coverage, but should include this bulletin high on their to-do lists in any case, as it is only a matter of time until we see more attackers use malware taking advantage of this exploit to gain control of your workstations."

Here are the bulletins:-

Vulnerability in OLE Automation 
This security update resolves a privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user visits a Web site containing a specially crafted Windows Metafile (WMF) image. In all cases, however, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to convince users to visit a malicious Web site, typically by getting them to click a link in an e-mail message or Instant Messenger request.

Vulnerability in .NET Framework and Microsoft Silverlight
This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

Vulnerability in Threat Management Gateway Firewall Client 
This security update resolves a privately reported vulnerability in the Microsoft Forefront Threat Management Gateway (TMG) 2010 Client, formerly named the Microsoft Forefront Threat Management Gateway Firewall Client. The vulnerability could allow remote code execution if an attacker leveraged a client computer to make specific requests on a system where the TMG firewall client is used.

Vulnerability in Windows Kernel-Mode Drivers
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a network share (or visits a web site that points to a network share) containing a specially crafted OpenType font (OTF). In all cases, however, an attacker would have no way to force a user to visit such a web site or network share. Instead, an attacker would have to convince a user to visit the web site or network share, typically by getting them to click a link in an e-mail message or Instant Messenger message.

Vulnerabilities in Distributed File System
This security update resolves two privately reported vulnerabilities in the Microsoft Distributed File System (DFS). The more severe of these vulnerabilities could allow remote code execution when an attacker sends a specially crafted DFS response to a client-initiated DFS request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

Vulnerability in SMB Client
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit the vulnerability, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.

Vulnerability in .NET Framework
This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

Cumulative Security Update for Internet Explorer
This security update resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerability in Vector Markup Language
This security update resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerability.

The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerability in MHTML
This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially crafted URL from an attacker's Web site. An attacker would have to convince the user to visit the Web site, typically by getting them to follow a link in an e-mail message or Instant Messenger message.

Vulnerabilities in Microsoft Excel
This security update resolves eight privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1272, CVE-2011-1273, and CVE-2011-1279. Microsoft Excel 2010 is only affected by CVE-2011-1273 described in this bulletin. The automated Microsoft Fix it solution, "Disable Edit in Protected View for Excel 2010," available in Microsoft Knowledge Base Article 2501584, blocks the attack vectors for exploiting CVE-2011-1273.

Vulnerability in Ancillary Function Driver
This security update resolves a publicly disclosed vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.

Vulnerability in Hyper-V Could
This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

Vulnerability in SMB Server
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit this vulnerability.

Vulnerability in the Microsoft XML Editor
This security update resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.

Vulnerability in Active Directory Certificate Services Web Enrollment
This security update resolves a privately reported vulnerability in Active Directory Certificate Services Web Enrollment. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. An attacker who successfully exploited this vulnerability would need to send a specially crafted link and convince a user to click the link. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Releases Patch Fixes for Windows Server and PowerPoint

Posted by Avik Sarkar On 5/14/2011 09:44:00 pm


Microsoft fixed bugs in the WINS name server resolution protocol and a file format vulnerability in PowerPoint for its May Patch Tuesday.

 Microsoft addressed two security bulletins in May’s Patch Tuesday release. Security experts said administrators should apply the fixes immediately—because, despite their small size, they address significant threats.

Microsoft fixed a critical vulnerability affecting Windows Server and an important bug in Microsoft Office PowerPoint, according to the Patch Tuesday advisory released May 10. Microsoft also assigned separate “exploitability” scores for newer versions of the software under the “improved” exploitability index ratings.
The team fixed a critical vulnerability (MS11-035) in the WINS component in Windows Server 2003 and 2008. WINS is a name-resolution service that resolves names in the NetBIOS namespace and does not require authentication to use. While usually not available by default in Windows Server, it is commonly used in the enterprise for internal network servers. Administrators who have enabled WINS in Windows Server should apply the patch immediately as attackers could remotely cause a denial of service, according to Wolfgang Kandek, the CTO of Qualys.
“What might make the WINS vulnerability appealing to attackers is that it is a server-side issue,” Joshua Talbot, security intelligence manager, Symantec Security Response, told eWEEK.
Unlike other threats, attackers don’t have to trick a user into doing anything since it’s just a matter of finding a vulnerable server and feeding the machine “a malicious string of data,” according to Talbot. It is also a more serious issue on Windows Server 2003 than on 2008 because Windows Server 2008 has built-in protections such as DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization). However, attackers can still create exploit code to get past those security features, Talbot said.
The other “important” bulletin (MS11-036) addressed a security flaw in all versions of Microsoft Office Power Point except Office 2010. The bug would allow attackers to take full control of the target machine as soon as the user opens a malicious PPT file.
Both WINS and PowerPoint vulnerabilities are fairly significant, according to Tyler Reguly, technical manager of security research and development at nCircle. File-format vulnerabilities are “popular exploits” but WINS is remote code execution, so it was “difficult” to decide which was the “biggest risk today.”
Microsoft listed both vulnerabilities using the new exploitability ratings. The PowerPoint bulletin was rated a “1” for a consistent exploit code likely for older software releases, but 0 for latest software because Office 2010 is not affected. The WINS patch was rated a “2” on both the latest and older versions because it affected all versions.
The updated rating system is intended to make it easier for IT administrators to determine their risk level, according to Microsoft.
“With massive updates such as we had in April, it’s easy to get overwhelmed. Microsoft’s new index simplifies the process, which will help IT administrators to prioritize which patches they tackle first,” said Dave Marcus, director of security research and communications at McAfee Labs.
The small release means administrators should “brace themselves for a larger update” in June, according to Kandek.
To complicate things for IT administrators, a fake Patch Tuesday update is making the rounds, according to security researchers at Websense Security Labs ThreatSeeker network. The malware is spread via a link inside an email message supposedly from “Microsoft Canada Co.” which informs users that Microsoft has issued a “Security Update for Microsoft Windows OS,” wrote Amon Sanniez, associate security researcher at Websense. Clicking on the link downloads the fake patch to the computer and infects the system with a Zeus Trojan variant, according to Sanniez.
It “ties in almost perfectly” with the real Patch Tuesday updates from Microsoft, Sanniez said.
The email looks quite legitimate and shows “some effort” went into the creation, as the message is presented in both English and French, and the display names within the headers actually say the mail originated from Microsoft Canada.
The malicious executable is currently not being detected by most major antivirus products tracked on VirusTotal, so IT managers should be careful that none of their staff members or users click on the link to get the security update. Websense said it is a low-volume threat, possibly aimed at a handful of companies. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

"April Patch" By Microsoft & Adobe Closed Critical Security Holes

Posted by Avik Sarkar On 4/11/2012 06:36:00 pm

"April Patch" By Microsoft & Adobe Closed Critical Security Holes

As per schedule two software giants Microsoft and Adobe today each issued security bulletin to plug security holes in their vulnerable products. The patch batch from Microsoft fixes at least 11 flaws in Windows, Internet Explorer (IE), Office and several other products, including one bug that attackers are already exploiting. The company also issued the first patch for Windows 8 Consumer Preview, the beta-like build Microsoft released at the end of February. Adobe’s update tackles four vulnerabilities that are present in current versions of Adobe Acrobat and Reader. 
Seven of the 11 bugs Microsoft fixed with today’s release earned its most serious “critical” rating, which Microsoft assigns to flaws that it believes attackers or malware could leverage to break into systems without any help from users. In its security bulletin summary for April 2012. Among those is an interesting weakness (MS12-024) in the way that Windows handles signed portable executable (PE) files. According to Symantec, this flaw is interesting because it lets attackers modify signed PE files undetected. Microsoft said that this patch the highest priority security update this month. “What makes this bulletin stand out is that Microsoft is aware of attacks in the wild against it and it affects an unsually wide-range of Microsoft products, including Office 2003 through 2010 on Windows, SQL Server 2000 through 2008 R2, BizTalk Server 2002, Commerce Server 2002 through 2009 R2, Visual FoxPro 8 and Visual Basic 6 Runtime,” Kandek said. “Attackers have been embedding the exploit for the underlying vulnerability (CVE-2012-0158) into an RTF document and enticing the target into opening the file, most commonly by attaching it to an e-mail. Another possible vector is through web browsing, but the component can potentially be attacked through any of the mentioned applications.” Other notable fixes from Microsoft this month include a .NETupdate, and a patch for at least five Internet Explorer flaws. Patches are available for all supported versions of Windows, and available through Windows Update. In March 2012 Security bulletins Microsoft closed a total of seven security holes in its products. Among them one Critical-class, four Important and one Moderate – addressing seven issues in Microsoft Windows, Visual Studio, and Expression Design. According to Microsoft (MS12-020) remote code execution vulnerability has been found in RDP (Remote Desktop Protocol).

After Microsoft here comes the turn for Adobe &  they updates fix critical problems in Acrobat and Reader on all supported platforms, including Windows, Mac OS X, and Linux. Users on Windows and Mac can use each products’ built-in update mechanism. The newest, patched version of both Acrobat and Reader is v. 10.1.3 for Windows and Mac systems. The default configuration is set to run automatic update checks on a regular schedule, but update checks can be manually activated by choosing Help > Check for Updates. Reader users who prefer direct links to the latest version can find them by clicking the appropriate OS, Windows, Mac or Linux (v. 9.5.1).




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Security Bulletin (March 2012) Closed Critical RDP Security Hole

Posted by Avik Sarkar On 3/15/2012 01:53:00 am

Microsoft Security Bulletin (March 2012) Closed Critical RDP Security Hole 

Microsoft released March 2012 Security bulletins to close a total of seven security holes in its products. Among them one Critical-class, four Important and one Moderate – addressing seven issues in Microsoft Windows, Visual Studio, and Expression Design. According to Microsoft (MS12-020) remote code execution vulnerability has been found in RDP (Remote Desktop Protocol).
The first of these is a "critical-class" issue in RDP that could be exploited by an attacker to remotely execute arbitrary code on a victim's system. Although RDP is disabled by default, many users enable it so they can administer their systems remotely within their organizations or over the Internet. All supported versions of Windows from Windows XP Service Pack 3 to Windows 7 Service Pack 1 and Windows Server 2008 R2 are affected. As the issue was reported to company by the Zero Day Initiative (ZDI), Microsoft says that it has yet to see any active attacks exploiting these in the wild, but warns that, "due to the attractiveness of this vulnerability to attackers", it anticipates "that an exploit for code execution will be developed in the next 30 days". Because of this it recommends that installing the updates should be made a priority. 
Microsoft has also provided a workaround and a no-reboot "Fix it" tool that enables Network-Level Authentication (NLA) to mitigate the problem. A second "moderate-class" denial-of-service (DoS) which can cripple an RDP server was also fixed.
A brief overview of all of these updates, including descriptions about each of the vulnerabilities, can be found in Microsoft's Security Bulletin Summary for March 2012.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft now issuing security advisories about third-party Windows bugs

Posted by Avik Sarkar On 4/26/2011 11:25:00 pm

 
Microsoft has expanded its vulnerability disclosure program to include security bulletins about third-party Windows software as well as its own applications.
The first bulletins, released last weekend, cover two flaws in Google Chrome and one in Opera ll, both of which were patched by December 2010. Microsoft has promised to contact third-party vendors before releasing advisories, but it has reserved the right to issue notification before a patch has been released in cases where a flaw is under active attack.
The software giant is following the same policy for the handling of bugs in third-party software as it does for flaws in its own applications, which it describes as a Coordinated Vulnerability Disclosure policy.
Microsoft has privately supplied security assessment about bugs to third-party suppliers since August 2008. By releasing these advisories in public, it hopes to bolster the security of the Windows ecosystem.
The process might conceivably lead to the release of third-party software updates during the regular Patch Tuesday update cycle but we're not there yet and it's unlikely that Google and Adobe would want to hand over too much control over this process to Redmon

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Released Security Bulletins To Patch 23 Vulnerabilities (Including Internet Explorer, .NET, Silverlight)

Posted by Avik Sarkar On 10/12/2011 05:45:00 pm

Microsoft has released eight security bulletins to address a total of 23 vulnerabilities across a number of its products on its October Patch Tuesday. One update for Internet Explorer alone closes eight critical holes. An update for .NET and Silverlight closes another critical vulnerability that only requires victims to visit a specially crafted web page in order to infect their computers with malicious code. Microsoft says that this hole can also be exploited to compromise a server if an attacker has the ability to upload ASP.NET pages to an Internet Information Server (IIS) and execute them there.
The remaining updates are rated as important by Microsoft; they fix vulnerabilities in the Microsoft Active Accessibility and Windows Media Center components, in the Windows kernel, in the Host Integration Server, in the Windows Ancillary Function Driver and in the Forefront Unified Access Gateway (UAG). Although some of these holes also enable attackers to inject and execute code, they require more user interaction than those in Internet Explorer.
Microsoft has also released further patches to fix vulnerabilities that are based on "binary planting", an attack which involves causing Windows to load DLLs from shared network volumes without a user's permission. As with the previous Patch Tuesday, an updated version of the Microsoft Windows Malicious Software Removal Tool (MSRT) was released at the same time.

-News Source (The H, Microsoft)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

FBI Said: Anonymous is Not so Anonymous Anymore

Posted by Avik Sarkar On 9/13/2011 05:52:00 pm


Anonymous is not so anonymous anymore. The computer hackers, chat-room denizens and young people who make up the loosely affiliated Internet collective have drawn the attention of the FBI, the Department of Homeland Security and other federal investigators. What was once a small group of pranksters has become a potential national security threat, federal officials say. The FBI has carried out more than 75 raids and arrested 16 people this year in connection with illegal hacking claimed by Anonymous.
Since June, Homeland Security has issued three “bulletins” warning cybersecurity professionals of hacking successes and future threats by Anonymous and related groups — including a call in Manhattan to physically occupy Wall Street on Sept. 17 to protest various U.S. government policies.
San Francisco police arrested more than 40 protesters last month during a rowdy demonstration organized by Anonymous that disrupted the evening commute. The group called for the demonstration after the Bay Area Rapid Transit system blocked cellphone service in San Francisco stations to quell a planned protest over a police shooting on a subway platform.
“Anonymous’ activities increased throughout 2011 with a number of high-profile attacks targeting both public- and private-sector entities,” one of the bulletins issued last month said.
Some members of the group have called for shutting down Facebook in November over privacy issues, though other Anonymous followers are disavowing such an attack, underscoring just how loosely organized the group is and how problematic it is to police.

“Anonymous insist they have no centralized operational leadership, which has been a significant hurdle for government and law enforcement entities attempting to curb their actions,” an Aug. 1 Homeland Security bulletin noted. “With that being said, we assess with high confidence that Anonymous and associated groups will continue to exploit vulnerable publicly available Web servers, Web sites, computer networks and other digital information mediums for the foreseeable future.”
Followers posting to Twitter and conversing on Internet Relay Chat insist there are no defined leaders of Anonymous and that it’s more of a philosophy than a formal club, though a small group of members do the most organizing online.

“Anonymous is not a group, it does not have leaders, people can do ANYTHING under the flag of their country,” wrote one of the more vocal members who asked not to be identified.

“Anything can be a threat to National Security, really,” the member said in an e-mail interview. “Any hacker group can be.”

Fore More Info click Here
-News Source (Washington Post)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft to issue critical Windows bulletin, revamps Exploitability Index

Posted by Avik Sarkar On 5/06/2011 09:40:00 pm


Microsoft is planning a light patching month in May, indicating in its advance notification to customers on Thursday that it would issue two bulletins on Patch Tuesday, one rated “critical,” addressing a vulnerability in Microsoft Windows.
The software giant said the critical bulletin addresses a single Windows vulnerability affecting Windows Server 2003, 2008 and 2008 r2. A second bulletin, rated “important” addresses two flaws in Microsoft Office PowerPoint 2002, 2003 and 2007, as well as Microsoft Office 2004 and 2008 for Mac. The bulletins are scheduled to be issued on May 10.

Exploitability Index changes
In addition, Microsoft announced changes to its Exploitability Index, designed to help IT administrators prioritize patching deployments. The index assigns a number based on the likelihood of functioning exploit code surfacing over the first 30 days of a patch release.
The revamped index will include two index ratings per vulnerability, assigning a rating for the most recent platform and for older versions of the software. The goal of the changes are to make vulnerability assessment more clear and digestible for customers, wrote Maarten Van Horenbeeck, senior security program manager, in the Microsoft Security Response Center blog.
“This change makes it easier for customers on recent platforms to determine their risk given the extra security mitigations and features built in to Microsoft’s newest products,” wrote Van Horenbeeck. “Under the previous system, vulnerabilities were given an aggregate rating across all product versions.”
Van Horenbeeck said the Exploitability Index was criticized for not taking into account more recent mitigations implemented in the operating systems, such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other technologies that are in place to help prevent exploitation of vulnerabilities. ASLR, for example, is not implemented by default on Windows XP.

Denial of service risk
The revamped Exploitability Index will also take into account the risk posed by denial-of-service (DoS) attacks, which can cause a system to become unresponsive or crash. The index will indicate whether a DoS attack would be “permanent,” making a program or operating system crash and causing it to be unresponsive during an attack.
“For administrators of Internet-facing services, this can often be the difference between a highly important, and insignificant vulnerability,” wrote Van Horenbeeck.
In an review of Exploitability Index ratings over the last eight months, Microsoft found that out of a total of 256 ratings, 97 issues were less serious or not applicable in the latest version of the product. There were seven instances in which the most recent product version was affected and not older platforms.
Paul Henry, security and forensic analyst at vulnerability management vendor, Lumension Security Inc., said the revamped index improves upon an already helpful assessment tool for administrators who need to fine tune their priorities.
"Microsoft already does the best job in the industry with background info on their patches and now they have taken it up another notch," Henry wrote in an email message.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Plugs Internet Explorer Security Hole (Which was Exposed in A Contest)

Posted by Avik Sarkar On 8/17/2011 03:57:00 am


Microsoft last week patched the last vulnerability in Internet Explorer (IE) used by a researcher in March to win $15,000 at the
The company had patched IE twice before to quash bugs exploited by Stephen Fewer of Harmony Security to bring down IE8 on Windows 7 at Pwn2Own. For his efforts, Fewer was awarded a cash prize of $15,000 and a Sony notebook.

Microsoft internet explorer Fewer chained three exploits , each for a different vulnerability, to bypass IE's sandbox, called "Protected Mode," and compromise IE8. Pwn2Own sponsor HP Tipping Point called the feat "impressive" at the time.
Microsoft patched the third IE bug in a multiple-flaw update to its browser, part of a 13-bulletin collection .
Although Microsoft credited Fewer in the MS11-057 bulletin for reporting the third vulnerability, it said the bug wasn't a security flaw. "Yes, this update addresses a Protected Mode bypass issue, publicly referenced as CVE-2011-1347," Microsoft said in response to an FAQ query, "Does this update contain any non-security related changes to functionality?"
At Pwn2Own, Fewer used the bypass bug to escape Protected Mode so he could circumvent the browser's sandbox, which allowed him to add a file to the machine, a task that mimicked a hacker's insertion of malware.

Fewer confirmed that last week's IE update fixed the final flaw he used at Pwn2Own.
"Yes MS11-057 patches the final bug, the protected mode bypass, that I used in my Pwn2Own exploit, the other two being a use-after-free which was patched in MS11-018 and an information leak patched in MS11-050," Fewer said today in an email reply to questions.

Earlier Flaws Addressed

MS11-018 and MS11-050 were the designations of the April and June bulletins, respectively, that patched the two other vulnerabilities he reported to Microsoft via Tipping Point's bug bounty program.
According to Aaron Portnoy, manager of TippingPoint security research team and the company's Pwn2Own organizer, Tuesday's IE update wraps up patching for the 2011 contest.
During Pwn2Own, Microsoft said that IE9, the browser that launched shortly after Fewer's hack, did not contain the bugs he exploited.
Including Tuesday's update, IE9 has been patched twice since its March launch. Of the August bugs Microsoft acknowledged as security issues, one was reported by Fewer.
"Yes, I have been doing some research into IE9 and actually my first IE9 vulnerability was also patched this Tuesday as part of MS11-057," Fewer said, referring to a separate bug he was credited with this week.
That flaw, dubbed "CVE-2011-1964," was reported via TippingPoint to Microsoft in May, and was ranked critical for IE9 when run on Vista or Windows 7.
Fewer wouldn't commit to taking on IE9 at next year's Pwn2Own, but he left the door open to a repeat performance. "I don't have any plans as of yet for next year's competition, but if I have a few new bugs handy closer to the time, who knows?"
August's security updates, including MS11-057 for IE, can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.

-News Source (PC-World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Leaked FBI Documents is Calling "Anonymous is A National Security Threat"

Posted by Avik Sarkar On 9/17/2011 02:42:00 pm


According to a PDF containing what purports to be a leaked psychological assessment of the leaders of LulzSec and Anonymous by the FBI's Behavioral Science Unit (which also profiles serial killers), Anonymous is not only not a collection of individuals, it's a coherent group that poses a threat to national security.
Neither the FBI nor Dept. of Homeland Security have commented on the "leak," which may be a fake according to the TechHerald, but seems to reflect accurately the thinking behind a series of DHS warning bulletins and crackdowns that have resulted in 75 raids and 16 arrests of Anonymous members just this year.
Anons themselves refer to the group as a rough, almost coincidental collective of individuals that occasionally cooperate on projects to protest specific things. There are approximately eight vortices of special interest within the collective, according to interviews, postings and counter-arguments posted by various Anonymi in response to invective by those it attacked.
Attacks are the work of small groups of interested individuals who, on their own initiative and using public argument as their weapon, gather like-minded Anonymi to protest governmental outrages or attack injustice in whatever form they find it, according to de facto leaders in the non-existent but vocal #OPpublicrelations.
In March, for example, members of Anonymous and 4Chan debated, in the finest traditions of American Democracy and citizen activism, whether to attack and defeat the Internet scourge that is Rebecca Black – the annoying but harmless pop "singer" whose made herself famous with a mom-and-dad-funded music video on YouTube that repeated the same lyrics so often it became apparent those might be the only words she knows.(Other, less world-shaking Anonymous projects resulted in significant attacks against the embattled governments of Egypt and Syria, the exposure of government atrocities in Bolivia, civil protest against censorship on the Bay Area Rapid Transit System, attacks on Visa, Mastercard and Paypal in support of whistleblower site WikiLeaks and a long-simmering, high-profile protest against unrestricted greed, corrosive dishonesty of Wall Street and the and economic destruction from which the rest of the country suffers while financiers continues to prosper.)
The FBI has analyzed various instant messages, forum postings, emails, Twitter posts and other documentation and decided Anonymous behaves more like a coherent organization led by a small number of powerful and focused activists, not a politically involved group of individuals using the Anonymous banner as gathering point.
  • "The Anonymous ‘collective’ has risen from an amorphous group of individuals on the Internet to the current state of a potential threat to national security. Due to the nature of Anonymous, they believe that they are a leaderless collective. However, it has been shown that there is a defined leadership group," the document reads.

  • "A thorough assessment of each UNSUB’s online activities, speech patterns, and general writings was collected by the FBI. Each UNSUB was individually assessed by members of the SBU (sic) and a psychological profile created from these datasets."

  • Most of the members of Anonymous are under 30, but the bulk of its leadership are not teenage hacker/script-kids as many portray themselves, according to the FBI.

  • "It is likely" that Sabu, one of the more vocal spokestrolls for the LulzSec mini-collective of Anonymous, "works in the information security sector and has been doing so since the early days of the internet and hacking activities. His use of net speak is interspersed with proper American English diction and grammar that implies he is an American citizen and has been educated,” the FBI notes said.

BS, quoth the Anon:

"Anonymous is not a group, it does not have leaders, people can do ANYTHING under the flag of their country," according to one member in an email interview with the AP. "Anything can be a threat to National Security, really," the member said in an email interview. "Any hacker group can be."
If the document is real, it ends on a disturbingly dangerous and presumptive conclusion: that attacks and protests by Anonymous will eventually lead to the death of members of Anonymous, law enforcement or the public that will drive many supporters away from Anonymous.
Until then, Anonymous, whether collectively or individually, may be unstoppable in practical terms.

The overall assessment for the movement however is the following:

1. The movement is out of control and there seems to be no real coherent motivation
2. The leaders have begun to hide themselves a bit more due to arrests that have been made
3. Their reliance on technology will eventually be their downfall
4. Their interpersonal relationships are weak points, as such they should be leveraged
5. Their increasing attacks on infrastructure will eventually lead to serious results that could in fact lead to deaths

-News Source (IT World)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft released 13 New Security Bulletins To Resolve Security Vulnerabilities

Posted by Avik Sarkar On 8/10/2011 04:32:00 pm


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Windows RDP Exploit Can Give You A Reward of $1,500 From Open-source Community

Posted by Avik Sarkar On 3/16/2012 07:33:00 pm

Windows RDP Exploit Can Give You A Reward of $1,500 From Open-source Community 
Yesterday Microsoft released March 2012 Security bulletins to close a total of seven security holes in its products. Among them one Critical-class, four Important and one Moderate – addressing seven issues in Microsoft Windows, Visual Studio, and Expression Design. According to Microsoft (MS12-020) remote code execution vulnerability has been found in RDP (Remote Desktop Protocol).
Tuesday has sparked some greed. Both Black and White Hats are currently trying to develop an exploit that could remotely compromise an unpatched Windows system – as long as the RDP (Remote Desktop Protocol) server is active on the target system and accessible over the web. On the hacker job site gun.io, a reward of about $1,500 has even been offered for a Metasploit module that can be used to exploit the vulnerability. If someone wants to claim the reward, they will have to release the Metasploit module under an open source licence and make it available to the public. Also  GitHub, offering a reward of around $1,500 for functional code that exploits the Windows RDP flaw. The goal, according to founder Rich Jones, is to “advance the culture of independent software development.”





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft plugs critical hole in Windows

Posted by Avik Sarkar On 5/11/2011 12:22:00 pm


Microsoft today fixed a critical hole in Windows and two less serious holes in Office in one of the lightest Patch Tuesdays in recent history.
The critical bulletin, MS11-035, fixes a vulnerability in the Windows Internet Name Service (WINS) that "could allow remote code execution if a user received specially crafted malware on an affected system running the WINS service," according to the bulletin advisory. It affects Windows Server 2003 and 2008.
WINS is not installed on the affected operating system software by default, so only customers who manually install it are affected and will be offered the update, Microsoft said.
"Microsoft is downplaying the bug, but there is potential here for remote code execution," and thus total control of the computer, said Andrew Storms, director of security operations at nCircle. "WINS is a network-aware application that does not require authentication, and many enterprises require WINS on their networks. Taken together, these factors mean that a lot of enterprises will find their internal network servers vulnerable to a remote code bug. Initially, most attackers will probably only trigger a DoS (denial-of-service) event, but finding the remote code exploit won't be far behind."
The second bulletin, MS11-036, fixes two vulnerabilities in Microsoft PowerPoint that could allow remote code execution if a user opens a malicious PowerPoint file. The vulnerabilities affect Office XP, Office 2003, Office 2007, Office 2004 for Mac, and Office 2008 for Mac.
Microsoft also changed its Exploitability Index, the guide it uses to provide customers information on how likely a vulnerability is of being exploited. The company will be publishing two ratings per vulnerability, one for the most recent platform and a second as an aggregate rating for all older versions of the software.
Patch Tuesday has been fairly hectic recently, including last month when 17 bulletins were released to fix 64 vulnerabilities.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search