Sunday, February 27, 2011

TDL Rootkit Under Glass

Security Researcher Curt W from Perpetual Horizon Security Research Labs has written about his findings related to widely spread TDL rootkit. Parts 1 & 2 are available for reading at Perpetual Horizon blog:
Peeling Apart TDL4 and Other Seeds of Evil Part I
Peeling Apart TDL4 and Other Seeds of Evil Part II

Wednesday, February 16, 2011

New Java Updates Available

Oracle has released update for Java SE and Java for Business. The update fixes 21 security vulnerabilities of which 19 can be exploited to execute arbitrary code in affected system.

Affected versions are:
- Java SE:
• JDK and JRE 6 Update 23 and earlier for Windows, Solaris, and Linux
• JDK 5.0 Update 27 and earlier for Solaris 9
• SDK 1.4.2_29 and earlier for Solaris 8

- Java for Business:
• JDK and JRE 6 Update 23 and earlier for Windows, Solaris and Linux
• JDK and JRE 5.0 Update 27 and earlier for Windows, Solaris and Linux
• SDK and JRE 1.4.2_29 and earlier for Windows, Solaris and Linux

More information about the update can be read from Java critical patch update document.

Java users are recommended to update their versions to the latest one available.

Thursday, February 10, 2011

RealPlayer Update Available

RealNetworks has released updated version of their RealPlayer. New version contains a fix to following vulnerability:

CVE-2011-0694
RealPlayer Predictable Temporary File Remote Code Execution Cross Domain Scripting Vulnerability
Affected software: Windows RealPlayer 14.0.1 and prior; RealPlayer Enterprise 2.1.4 and prior.


Users of affected versions are advised to update their RealPlayer to the latest one available. More information can be read from related security advisory.

Shockwave Player Update

Adobe has released updated version of their Shockwave Player. The new version fixes a bunch of vulnerabilities:
- a memory corruption vulnerability in the dirapi.dll module that could lead to code execution (CVE-2010-2587).
- a memory corruption vulnerability in the dirapi.dll module that could lead to code execution (CVE-2010-2588).
- an integer overflow vulnerability in the dirapi.dll module that could lead to code execution (CVE-2010-2589).
- a use-after-free vulnerability that could lead to code execution (CVE-2010-4092).
- a memory corruption vulnerability that could lead to code execution (CVE-2010-4093).
- a memory corruption vulnerability that could lead to code execution (CVE-2010-4187).
- a memory corruption vulnerability in the dirapi.dll module that could lead to code execution (CVE-2010-4188).
- a memory corruption vulnerability in the IML32 module that could lead to code execution (CVE-2010-4189).
- a memory corruption vulnerability that could lead to code execution (CVE-2010-4190).
- a memory corruption vulnerability that could lead to code execution (CVE-2010-4191).
- a memory corruption vulnerability that could lead to code execution (CVE-2010-4192).
- an input validation vulnerability that could lead to code execution (CVE-2010-4193).
- an input validation vulnerability in the dirapi.dll module that could lead to code execution (CVE-2010-4194).
- an input validation vulnerability in the TextXtra module that could lead to code execution (CVE-2010-4195).
- an input validation vulnerability in the Shockwave 3d Asset module that could lead to code execution (CVE-2010-4196).
- a memory corruption vulnerability that could lead to code execution (CVE-2010-4306).
- a buffer overflow vulnerability that could lead to code execution (CVE-2010-4307).
- a memory corruption vulnerability that could lead to code execution (CVE-2011-0555).
- a memory corruption vulnerability in the Font Xtra.x32 module that could lead to code execution (CVE-2011-0556).
- an integer overflow vulnerability that could lead to code execution (CVE-2011-0557).
- a memory corruption vulnerability in the Font Xtra.x32 module that could lead to code execution (CVE-2011-0569).



Users of Adobe Shockwave Player 11.5.9.615 and earlier should update to Adobe Shockwave Player 11.5.9.620. More information can be read from Adobe's security bulletin.

Wednesday, February 9, 2011

Security Update For Flash Player

Adobe has released updated version of their Flash Player. The new version fixes a bunch of vulnerabilities:
- an integer overflow vulnerability that could lead to code execution (CVE-2011-0558).
- a memory corruption vulnerability that could lead to code execution (CVE-2011-0559).
- a memory corruption vulnerability that could lead to code execution (CVE-2011-0560, CVE-2011-0561).
- multiple memory corruption vulnerabilities that could lead to code execution (CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574).
- a library-loading vulnerability that could lead to code execution (CVE-2011-0575).
- a font-parsing vulnerability that could lead to code execution (CVE-2011-0577).
- a memory corruption vulnerability that could lead to code execution (CVE-2011-0578).
- a memory corruption vulnerability that could lead to code execution (CVE-2011-0607).
- a memory corruption vulnerability that could lead to code execution (CVE-2011-0608).


Users of Adobe Flash Player 10.1.102.64 and earlier should update to Adobe Flash Player 10.2.152.26. More information can be read from Adobe's security bulletin.

Adobe Reader And Acrobat Updates

Adobe has released a security update for Adobe Reader and Adobe Acrobat.

Affected versions:

*of series X (10.x)
Adobe Reader older than 10.0.1
Adobe Acrobat older than 10.0.1

*of series 9.x
Adobe Reader older than 9.4.2
Adobe Acrobat older than 9.4.2

*of series 8.x
Adobe Reader older than 8.2.6
Adobe Acrobat older than 8.2.6


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended
Acrobat 3D


More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Tuesday, February 8, 2011

Microsoft Security Updates For February 2011

Microsoft has released security updates for February 2011. This month update contains fixes to 22 vulnerabilities.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

Thursday, February 3, 2011

MessageLabs Intelligence Report: January 2011

MessageLabs has published their Intelligence report that sums up the latest threat trends for January 2011.

Report highlights:
- Spam – 78.6% in January (a decrease of 3.1 percentage points since December 2010)

- Viruses – One in 364.8 emails in January contained malware (a decrease of 0.03 percentage points since December 2010)

- Phishing – One in 409.7 emails comprised a phishing attack (an increase of 0.004 percentage points since December 2010)

- Malicious websites – 2,751 websites blocked per day (a decrease of 21.5% since December 2010)

- 41.1% of all malicious domains blocked were new in January (an increase of 7.9 percentage points since December 2010). An increase in malicious domains may be related to the high proportion of email malware that also contained malicious hyperlinks; 65.1% of email malware in January contained malicious links.

- 21.8% of all web-based malware blocked was new in January (a decrease of 3.1 percentage points since December 2010)

- Spam volumes fall to lowest level in two years

- Why did global spam volumes decline in December 2010?

- The balance of power shifts between pharmaceutical spam gangs

- Blog: Targeted attack reveals new social engineering twist


The report can be viewed here.

Tuesday, February 1, 2011

Vulnerabilities In VLC Player

VideoLAN project has released a new version of their VLC media player. Version 1.1.7 fixes two vulnerabilities:
-When parsing an invalid CDG file, insufficient boundary checks might lead to corruption of the heap. (advisory)
-When parsing an invalid MKV (Matroska or WebM) file, input validation are insufficient. (advisory)

The first vulnerability affects VLC Player version 1.1.5 and the second one version 1.1.6.1 and earlier.

At the moment of writing this, version 1.1.7 is not available on the download page, yet. However, it can be manually downloaded from VLC FTP archive.