Wednesday, April 29, 2009

Vulnerabilities In Adobe Reader & Adobe Acrobat

Adobe warns about two vulnerabilities in its Adobe Reader and Acrobat products. The vulnerabilities are related to the way of handling getAnnots() and customDictionaryOpen() JavaScript calls. The vulnerabilities can be exploited by luring user to open specially crafted PDF file. Successful exploitation makes it possible to execute arbitrary code in target system.

Vulnerable versions are:
* Adobe Reader and Acrobat 9.1 and earlier versions (Windows, Unix, Mac)
* Adobe Reader and Acrobat 8.1.4 and earlier versions (Windows, Unix, Mac)
* Adobe Reader and Acrobat 7.1.1 and earlier versions (Windows, Mac)

Currently, there's no update or schedule of upcoming one available. Adobe recommends disabling JavaScript support in Adobe products until update is available and installed.

Disabling can be done by following these steps:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK

Opening PDF documents received or found from dubious sources should be avoided.


More information can be found here.

Firefox Gets New Update Again

Mozilla released Firefox 3.0.9 last week and now it's time for a new one. Version 3.0.10 contains fixes to a security issue and to a major stability issue + other bug fixes. Details about the update can be found in release notes here.

Update will be provided thru automatic update functionality in Firefox. Alternatively, new version can be downloaded from http://getfirefox.net/.

Friday, April 24, 2009

Ransomware Takes PC Hostage

Security company Panda writes in their blog about malicious software that takes PC hostage. If user doesn't pay the ransom, PC can't be used. According to Panda, Trj/Smslock.A works differently from most older ransomware. Traditionally, ransomware has for example encrypted important folders and files (e.g. Gpcode). In order to get a decryption key user has been asked to pay ransom to the criminals.

However, Trj/Smslock.A is different from those older ones. It takes whole PC hostage locking the access to the system. Instructions for unlocking are displayed on the screen. The instructions ask user to send an SMS text message with a series of numbers to some service number. In return, user receives a code that will open the lock.

Used language indicates the target victims are Russian speaking users.

Wednesday, April 22, 2009

Firefox 3.0.9 Released

Mozilla has released a new version of its Firefox web browser. Version 3.0.9 contains updates for 12 vulnerabilities of which four are critical and may make it possible for an attacker to execute arbitrary code in target system.

Mozilla recommends all Firefox users to update to the latest version. Update can be made with automatic update functionality in Firefox or by installing new version from http://getfirefox.net.

Details about the update can be read from releasenotes of 3.0.9 version.

Monday, April 20, 2009

AV Antispyware - New Rogue Security Program

WinSpywareProtect, rogue security program family, has gotten a new member named as AV Antispyware.

Its associated sites are:
64.191.12.38 Av-antispyware com
195.88.81.74 Files scanner-antispy-av-files com
195.88.81.116 dl scan-antispy-4pc com
195.88.80.207 Int reporting32 com

Bleeping Computer has a tutorial that guides in uninstalling and removing this pest.

Wednesday, April 15, 2009

Critical Vulnerability In VMware

There has been found a critical vulnerability in VMware virtualization software products. The vulnerability in the virtual machine display function might allow a guest operating system to run code on the host.

Affected versions are:
-VMware Workstation 6.5.1 and earlier,
-VMware Player 2.5.1 and earlier,
-VMware ACE 2.5.1 and earlier,
-VMware Server 2.0,
-VMware Server 1.0.8 and earlier,
-VMware Fusion 2.0.3 and earlier,
-VMware ESXi 3.5 without patch ESXe350-200904201-O-SG,
-VMware ESX 3.5 without patch ESX350-200904201-SG,
-VMware ESX 3.0.3 without patch ESX303-200904403-SG,
-VMware ESX 3.0.2 without patch ESX-1008421.

Users of affected versions are recommended to update their versions according to the VMware's instructions.

Pack of Updates From Oracle

Oracle has released updates that contains fixes to 43 different vulnerabilities. The fixes are part of the company's quarterly CPU (critical patch update). Of the updates 16 are for Oracle Database, 12 for Oracle Application Server, three for Oracle E-Business Suite, four for PeopleSoft Enterprise and JDEdwards Suite and eight updates for BEA product Suite.

Exact list of the vulnerabilities and instructions how to apply the fixes can be read from Oracle's Critical Patch Update Advisory.

Next critical patch update Oracle plans to release 14 July 2009.

Tuesday, April 14, 2009

April 2009 Updates From Microsoft

Microsoft has released updates for April. In total there are 23 vulnerabilities fixed in eight updates. Five of the updates are categorized as critical, two as important and one as moderate. Some of these vulnerabilities are exploited already.

Update MS09-009 fixes two vulnerabilities in Microsoft Office Excel. Both of these could allow an attacker to execute arbitrary code in target system. Update is categorized as critical.

Update MS09-010 fixes four vulnerabilities in Microsoft Wordpad and Office Text Converters. These could allow an attacker to execute arbitrary code in target system. Update is categorized as critical.

Update MS09-011 fixes a vulnerability in Microsoft DirectShow. This could allow an attacker to execute arbitrary code in target system. Update is categorized as critical.

Update MS09-013 fixes three vulnerabilities in Windows HTTP Services. These could allow an attacker to execute arbitrary code in target system. Update is categorized as critical.

Update MS09-014 fixes six vulnerabilities in Microsoft Internet Explorer. These could allow an attacker to execute arbitrary code in target system. Update is categorized as critical.

Update MS09-012 fixes four vulnerabilities in Microsoft Windows. These could allow an attacker to elevate privileges in target system. Update is categorized as important.

Update MS09-016 fixes two vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition). These could be used to cause denial of service in target system. Update is categorized as important.

Update MS09-015 fixes a vulnerability in SearchPath. This blended threat vulnerability could allow an attacker to elevate privileges in target system. Update is categorized as moderate.

New version of Microsoft Windows Malicious Software Removal Tool was released too.

More information about the updates can be read here.

For consumer the easist way to get the update is to use Microsoft automatic update service.

Sunday, April 12, 2009

Conficker Hits Utah University Network

"University of Utah officials say a computer virus has infected more than 700 campus computers, including those at the school's three hospitals", writes Associated Press (AP).

According to the university health sciences spokesman Chris Nelson the outbreak of the Conficker was first detected on Thursday. By Friday, the virus had infiltrated computers at the hospitals, medical school, and colleges of nursing, pharmacy and health.

Nelson states that no patient data and medical records have been compromised.

Friday, April 10, 2009

New Version of Conficker Discovered

Trend Micro has discovered a new Conficker version, now known as WORM_DOWNAD.E, sourced by a known Conficker P2P IP node. New finding may indicate more serious attacks coming.

WORM_DOWNAD.E uses random file and service names and it is known to connect at least myspace.com, msn.com, ebay.com, cnn.com and aol.com sites. The new variant propagates also via MS08-067 to external IPs if the Internet is available. If connections are not found then the worm uses local IPs.

Good summary of third party information on Conficker aka Downadup worm can be accessed on dshield web site.

Wednesday, April 8, 2009

Security Threat Summary For Q1/2009 From F-Secure

F-Secure has released their threat summary for the first quarter of 2009.

The summary focuses on:
- widespread Conficker worm,
- social networking,
- database breaches,
- mobile phone threats and
- Mac OSX.

The summary can be read here

Saturday, April 4, 2009

Patches Available For VMware software

VMware has patched some vulnerabilities found in its VMware -products. Vulnerabilities are related to ia VMware ESX Service Console's openssl, bind and vim implementations. Of vim there has been fixed a vulnerability that would make it possible to an attacker execute arbitrary code by luring user open specially crafted document. Among this, there have been fixed denial of service (DoS) and arbitrary code execution vulnerabilities in VMware ESX, ESXi, Server, ACE, Player and Workstation.

Vulnerable versions are:
- VMware Workstation 6.5.1 and earlier
- VMware Player 2.5.1 and earlier
- VMware ACE 2.5.1 and earlier
- VMware Server 2.0
- VMware Server 1.0.8 and earlier
- VMware ESXi 3.5 without updates ESXe350-200811401-O-SG and
ESXe350-200903201-O-UG
- VMware ESX 3.5 without updates ESX350-200811401-SG and
ESX350-200903201-UG
- VMware ESX 3.0.3 without updates ESX303-200811401-BG,
ESX303-200903406-SG, ESX303-200903405-SG and ESX303-200903403-SG
- VMware ESX 3.0.2 without updates ESX-1006980 ESX-1008409,
ESX-1008408 and ESX-1008406

Users of these mentioned versions are recommended to update by following VMware's instructions:
http://lists.vmware.com/pipermail/security-announce/2009/000053.html
http://lists.vmware.com/pipermail/security-announce/2009/000054.html

Friday, April 3, 2009

Vulnerability In Microsoft Office PowerPoint

Microsoft has released an advisory of a vulnerability in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. Microsoft states in the advisory that the attacks they are currently aware of are limited and targeted ones.

Affected (supported) software versions are:
- Microsoft Office PowerPoint 2000 Service Pack 3
- Microsoft Office PowerPoint 2002 Service Pack 3
- Microsoft Office PowerPoint 2003 Service Pack 3
- Microsoft Office 2004 for Mac

Microsoft Office 2007 and Microsoft Office for Mac 2008 are not affected by this vulnerability.

Microsoft recommends Office users to avoid opening or saving Office files that are received from un-trusted sources or that are received unexpectedly from trusted sources.

About other workarounds can be read from the advisory.