Infologic Solutions

Infologic Solutions Security Alerts and Advice http://www.infologic.uk.com/ Copyright 2007 Infologic Solutions ltd. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. Wed, 13 Aug 2008 11:00:00 GMT matthew.mole@infologic.uk.com (Matthew Mole) Matthew Mole matthew.mole@infologic.uk.com 2008-08-13T11:00:00Z http://www.infologic.uk.com/images/centre.gif Infologic Solutions http://www.infologic.uk.com/ Medium Microsoft patches like mad in August; Seven vulns critical adfebef5-8d4d-4c29-ba35-59e504a00033 Wed, 13 Aug 2008 11:00:00 GMT Summary: 12 Aug 08, Microsoft released eleven security bulletins, fixing some 25 security vulnerabilities in their products. Five updates for various Office component, four rated Critical and one rated Important. Five patches for various Windows components (including Outlook Express and Messenger), one rated Critical and four rated Important and an Internet Explorer (IE) cumulative patch, rated Critical. It appears Microsoft pulled the bulletin that covered a vulnerability in Windows Media Player, but the remaining bulletins leave plenty for you to deal with. All of the critical vulnerabilities allow remote attackers to execute code your computers, potentially gaining control of them. With so many serious security vulnerabilities affecting such a wide range of popular Microsoft products, it's hard to say where to begin patching; Office seems to contain the majority of the critical vulnerabilities, so I'd probably start there. Then, I'd push the critical IE patch to make sure my users don't get in trouble while browsing the web. Finally, since only one of the Windows updates has a critical rating, I'd apply its patches last. You can learn more about these security bulletins from the tables provided in <a href="http://www.microsoft.com/technet/security/bulletin/ms08-aug.mspx"> Microsoft's Bulletin Summary for August</a>. Microsoft's tables (arranged in order of severity) link directly to this month's bulletins and patches. Expand the "Affected Software and Download Location" section of the Summary to find a valuable table that will help you develop your own deployment strategy. Matthew Mole matthew.mole@infologic.uk.com http://www.microsoft.com/technet/security/bulletin/ms08-aug.mspx Copyright 2006 WatchGuard Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2008-08-13T11:00:00Z 2008-08-13T11:00:00Z 33 true http://www.infologic.uk.com/security.xml 2008-08-13T11:00:00.370Z Medium Apple's July Security Update Fixes DNS Flaws in OS X adfebef5-8d4d-4c29-ba35-59e504a00032 Tue, 05 Aug 2008 12:00:00 GMT Summary: - These vulnerabilities affect: OS X 10.4.x (Tiger) and OS X 10.5.x (Leopard), both client and server versions - How an attacker exploits them: Multiple vectors of attack, including enticing one of your users into visiting a malicious web site or into downloading a malicious document - Impact: Various results; in the worst case, attacker executes code on your user's computer, potentially gaining full control of it - What to do: OS X administrators should download, test and install Security Update 2008-005 Late yesterday, Apple released a security update to fix vulnerabilities in OS X. The update fixes around 17 (number based on CVE-IDs) security issues in many software packages that ship as part of OS X, including BIND, CoreGraphics, and OpenSSL. Some of these vulnerabilities allow attackers to execute code on your OS X machines, so we rate this update Critical. Apply it as soon as you can. Three of the fixed vulnerabilities include: Two CoreGraphics code execution vulnerabilities: CoreGraphics is an OS X framework that helps developers display different types of graphics on an OS X computer. CoreGraphics suffers from both a buffer overflow vulnerability having to do with the way it handles PDF documents, and a memory corruption vulnerability involving how it handles specially crafted web pages. By luring on of your users to a malicious web site, or tricking that user into downloading and viewing a malicious PDF document, an attacker can exploit either flaw to execute code on that user's computer. By default, the attacker would only execute code with that user's privileges. However, other vulnerabilities described in Apple's Security Update could allow an attacker to elevate his privileges and gain complete control of your user's Mac. BIND DNS cache poisoning vulnerabilities. In previous alerts [1 / 2 ], we described new vulnerabilities found in the DNS protocol, which attackers could exploit to poison almost any DNS server's cache -- forcing your users to malicious web sites. BIND, the DNS service that ships with OS X, also suffers from these DNS cache poisoning vulnerabilities. Apple's update incorporates the patches to fix these DNS issues. Keep in mind that researchers have already released exploit code to leverage these serious DNS flaws; so, if you use an OS X machine as a DNS server, you should apply Apple's update immediately. For more information on these industry-wide DNS issues, listen to this month's episode of Radio Free Security: Firebox Special. CoreGraphics is an OS X framework that helps developers display different types of graphics on an OS X computer. CoreGraphics suffers from both a buffer overflow vulnerability having to do with the way it handles PDF documents, and a memory corruption vulnerability involving how it handles specially crafted web pages. By luring on of your users to a malicious web site, or tricking that user into downloading and viewing a malicious PDF document, an attacker can exploit either flaw to execute code on that user's computer. By default, the attacker would only execute code with that user's privileges. However, other vulnerabilities described in Apple's Security Update could allow an attacker to elevate his privileges and gain complete control of your user's Mac. QuickLook code execution vulnerability. QuickLook is an OS X feature that allows you to quickly preview the contents of many documents without actually opening them in separate programs. QuickLook suffers from an unspecified memory corruption vulnerability, having to do with the way it handles specially crafted Microsoft Office files. By enticing one of your users to download and preview a malicious Office document, an attacker can exploit this flaw to execute code on that user's computer, with that user's privileges. The attacker could then leverage other vulnerabilities (fixed by this Security Update) to potentially gain complete control of the user's computer. Apple's alert includes many more flaws, including other code execution flaws in addition to those described above. The remaining vulnerabilities also include Denial of Service (DoS) flaws, elevation of privilege flaws, and crash vulnerabilities, plus others. SOLUTION PATH: Apple has released OS X Security Update 2008-005 to fix these security issues. OS X administrators should download, test, and deploy the corresponding update as soon as they can. - <a href="http://www.apple.com/support/downloads/securityupdate2008005ppc.html">Security Update 2008-005 (PPC)</a> - <a href="http://www.apple.com/support/downloads/securityupdate2008005intel.html">Security Update 2008-005 (Intel)</a> - <a href="http://www.apple.com/support/downloads/securityupdate2008005serverppc.html">Security Update 2008-005 Server (PPC)</a> - <a href="http://www.apple.com/support/downloads/securityupdate2008005serverintel.html">Security Update 2008-005 Server (Intel)</a> - <a href="http://www.apple.com/support/downloads/securityupdate2008005leopard.html">Security Update 2008-005 (Leopard)</a> Matthew Mole matthew.mole@infologic.uk.com http://support.apple.com/kb/HT2647 For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. 2008-08-05T12:00:00Z 2008-08-05T12:00:00Z 32 true http://www.infologic.uk.com/security.xml 2008-08-05T12:00:00.370Z Medium Real releases patch for critical flaws in RealPlayer adfebef5-8d4d-4c29-ba35-59e504a00031 Tue, 29 Jul 2008 12:00:00 GMT Summary: - These vulnerabilities affect: RealPlayer 10.5 (and earlier versions of the formerly popular streaming media player). - How an attacker exploits them: Multiple vectors of attack, including enticing one of your users to visit a malicious web page - Impact: Various results; in the worst case, attacker executes code on your user's computer, gaining complete control of it - What to do: Apply Realplayers patches asap Late yesterday, the Mozilla Foundation released Firefox 3.0.1 and Firefox 2.0.0.16, fixing three security vulnerabilities (based on CVE-IDs) in the popular web browser. We summarize the vulnerabilities below: The advisory from Real follows an undesirable style of release which some vendors practice: It tells you nothing whatsoever about what the vulnerabilities are, what got fixed, whether the issue was critical... you know, all the facts that any diligent network administrator would like to know. However, a trip to BugTraq's site, cross-referenced with the people thanked in Real's advisory, reveals that the problems addressed include: - <a href="http://www.securityfocus.com/bid/28157/info">A memory corruption flaw</a> in the way RealPlayer handles Active X. An attacker exploits the flaw by getting a victim to view a malicious HTML page. If successful, the remote attacker could execute code on the victim's computer. This flaw has been exploited in the wild since April. - <a href="http://www.zerodayinitiative.com/advisories/ZDI-08-046/">A stack-based buffer overflow flaw</a>, also related to an Active X control. Same exploit path and possible results as the point above. - <a href="http://www.securityfocus.com/bid/30370/discuss">A heap-based buffer overflow flaw</a>, due to RealPlayer's failure to enforce boundaries on input from users. An attacker exploits this flaw by enticing a victim to open a maliciously-crafted Shockwave Flash (.SWF) file. There are other flaws, too, but by now, you get the idea. If you permit the use of RealPlayer on your network (which we don't recommend), or if you suspect your users have installed it without your permission, you should get patching. The severity of most of these flaws is rated as Critical. Matthew Mole matthew.mole@infologic.uk.com http://www.watchguard.com/RSS/showarticle.aspx?pack=RSS.RealJuly08 Copyright 2006 WatchGuard Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2008-07-29T12:00:00Z 2008-07-29T12:00:00Z 31 true http://www.infologic.uk.com/security.xml 2008-07-29T12:00:00.370Z Medium Trio of New Vulnerabilities for Firefox3 adfebef5-8d4d-4c29-ba35-59e504a00030 Mon, 21 Jul 2008 13:00:00 GMT Summary: - These vulnerabilities affect: Firefox 2.0.0.15 and 3.0 for Windows, Linux, and Macintosh - How an attacker exploits them: Multiple vectors of attack, including enticing one of your users to visit a malicious web page - Impact: Various results; in the worst case, attacker executes code on your user's computer, gaining complete control of it - What to do: Upgrade to Firefox 2.0.0.16 or 3.0.1 Late yesterday, the Mozilla Foundation released Firefox 3.0.1 and Firefox 2.0.0.16, fixing three security vulnerabilities (based on CVE-IDs) in the popular web browser. We summarise the vulnerabilities below: - CSS Reference Counter overflow vulnerability <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-34.html">2008-034 </a>. Firefox suffers from a vulnerability in one of its internal data structures (CSSValue Array). Specifically, Mozilla did not use a sufficient size for the variable used as a reference counter for CSS objects. By enticing one of your users to a web page that makes a large number of references to a CSS object, an attacker could exploit this vulnerability to overflow that particular variable and corrupt the memory. The attacker could then leverage this memory corruption either to crash Firefox or to execute code on your user's machine, with your user's privileges. Depending upon your user's level of privilege, an attacker could potentially exploit this flaw to gain complete control of that user's computer. Mozilla Impact rating: Critical - Internet-connected application can launch Firefox with multiple tabs <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-35.html">2008-035</a>. In their alert, Mozilla describes a very convoluted Firefox vulnerability that attackers will probably find difficult to exploit in the real world. In a nutshell, attackers can force other Internet-connected applications to launch Firefox and open multiple tabs. Firefox is supposed to prevent external applications from loading certain types of URIs. However, an attacker could exploit this vulnerability to force Firefox to handle URIs it otherwise wouldn't. By enticing one of your users into clicking a specially crafted link in some other web browser, at attacker might exploit this flaw either to read data on that user's disk or even to execute code on that user's computer. If your user has local administrative privileges, an attacker could exploit this flaw to gain complete control of that user's machine. Keep in mind, however, that an attacker can only leverage this flaw if your user has Firefox installed but doesn't have it running, and he visits the malicious link or web page in some other web browser, or Internet-connected application. For more details about this convoluted vulnerability, see Mozilla's advisory. Mozilla Impact rating: Critical - GIF image handling vulnerabilities <a href="http://www.mozilla.org/security/announce/2008/mfsa2008-36.html">2008-036</a>. Firefox suffers from a vulnerability involving the way it parses specially malformed GIF images. By enticing one of your users into visiting a web page containing a malicious GIF image, an attacker could exploit this flaw to execute code on that user's machine, with that user's privileges. This flaw only affects Firefox 3 running on OS X computers. Since OS X separates administrator privileges from typical user privileges, an attacker could not gain full control of OS X computers by leveraging this vulnerability alone. Mozilla Impact rating: Critical Solution Path: Mozilla has updated Firefox 2 and 3, correcting these security vulnerabilities. If you use Firefox in your network, we recommend that you download and deploy version 3.0.1 as soon as possible. Mozilla no longer supports the 1.5.x branch of Firefox; we recommend that 1.5.x users migrate to 3.0.1 now. - <a href="http://download.mozilla.org/?product=firefox-3.0.1&os=win&lang=en-US">Windows</a> - <a href="http://download.mozilla.org/?product=firefox-3.0.1&os=linux&lang=en-US">Linux </a> - <a href="http://download.mozilla.org/?product=firefox-3.0.1&os=osx&lang=en-US">Mac OS X </a> If you prefer to stick with Firefox 2, you can get the fixed version <a href="http://www.mozilla.com/en-US/firefox/all-older.html"> here (2.0.0.16).</a> Matthew Mole matthew.mole@infologic.uk.com http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.1 Copyright 2006 WatchGuard Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2008-07-09T10:00:00Z 2008-07-09T10:00:00Z 30 true http://www.infologic.uk.com/security.xml 2008-07-21T13:00:00.370Z Medium Fix for phishing websites adfebef5-8d4d-4c29-ba35-59e504a00029 Wed, 09 Jul 2008 10:00:00 GMT Summary: - These vulnerabilities affect: All versions of Windows; also SQL Server - How an attacker exploits them: Multiple vectors of attack, including sending specially crafted network traffic or enticing your users into downloading and opening malicious files - Impact: Various results; in the worst case, attacker can gain complete control of your Windows computer - What to do: Install the appropriate Microsoft patches immediately All versions of Windows ship with a DNS client. The server versions of Windows also ship with a DNS server. According to Microsoft's bulletin, both of these Windows DNS components suffer from vulnerabilities that can allow an attacker to redirect your user's Internet traffic from legitimate web sites to malicious ones. The vulnerabilities differ technically, but an attacker triggers them in a similar manner: By sending your DNS server specially crafted DNS queries or responses, an attacker could poison its cache with arbitrary IP addresses, thus forcing your users to visit arbitrary malicious web sites. An attacker might leverage this kind of DNS cache poisoning attack to force your users to visit a malicious drive-by download site. Note: These vulnerabilities are part of a recently disclosed set of common deficiencies in the DNS protocol that allows for DNS cache poisoning. Many vendors' products and devices also suffer from these flaws. We will post more about these overarching DNS vulnerabilities in another alert. There are many points of attacks to individual PC's that can send your page requests to go to specially formatted spoofing websites. If you receive an email from a bank, building society, auction house, charity or even from friends and trusted colleagues asking you to login to a website to confirm details, always go to the home of that web page manually and not click through the weblink that could redirect you without you noticing. - <a href="http://news.bbc.co.uk/1/hi/technology/7496735.stm">BBC news story</a> - <a href="http://www.watchguard.com/RSS/showarticle.aspx?pack=RSS.MS.July08.sum">Watchgaurd security bulletin</a> - <a href="http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx">Microsoft Security Bulletin MS08-037</a> Matthew Mole matthew.mole@infologic.uk.com https://www.watchguard.com/archive/showhtml.asp?pack=72796 Copyright 2006 WatchGuard Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2008-07-09T10:00:00Z 2008-07-09T10:00:00Z 29 true http://www.infologic.uk.com/security.xml 2008-07-09T10:00:00.370Z High OS X 10.5.3 Fixes Over 40 Security Vulnerabilities adfebef5-8d4d-4c29-ba35-59e504a00026 Thur, 29 May 2008 10:00:00 GMT Summary: - These vulnerabilities affect: OS X 10.4.x (Tiger) and OS X 10.5.x (Leopard), both client and server versions - How an attacker exploits them: Multiple vectors of attack, including enticing one of your users into visiting a URL or web site - Impact: Various results; in the worst case, attacker executes code on your user's computer, potentially gaining control of your user's computer - What to do: OS X administrators should download, test and install Security Update 2008-003 / Mac OS X 10.5.3 Today, Apple released a <a href="http://support.apple.com/kb/HT1897/">security update</a> fixing at least 41 (number based on CVE-IDs) security issues in software packages that ship as part of OS X, including Apache, iCal, and Mail. Some of these vulnerabilities allow attackers to execute code on your OS X machines, so we rate this update Critical. Apply it as soon as you can. Three of the vulnerabilities which have been fixed are: - AppKit code execution vulnerability: AppKit is a OS X framework that helps developers implement graphical, event-driven user interfaces. According to Apple, Appkit suffers from an unspecified vulnerability involving the way it process specially crafted document files. By luring one of your users into downloading a malicious document, then enticing that user to open the document in an editor that uses AppKit (such as TextEdit), an attacker could exploit this flaw to execute code on your user's computer, with that user's privileges. - Help Viewer buffer overflow vulnerability: Help Viewer is an OS X component responsible for displaying Apple's help content. Help Viewer suffers from a buffer overflow vulnerability involving the way it handles specially malformed help:topic URLs. By enticing one of your users into clicking a specially crafted link, an attacker can exploit this flaw to execute code on that user's computer. By default, the attacker would only execute code with that user's privileges. - CoreGraphics code execution vulnerability: CoreGraphics is a OS X framework that helps developers display different types of graphics on an OS X computer. CoreGraphics suffers from a what Apple calls a uninitialized variable issue having to do with the way it handles PDF documents. By tricking one of your users into downloading and viewing a malicious PDF document, an attacker can exploit this flaw to execute code on that user's computer. By default, the attacker would only execute code with that user's privileges. Apple's alert includes many, many more flaws, including other code execution flaws in addition to those described above. The remaining vulnerabilities also include Denial of Service (DoS) flaws, elevation of privilege flaws, and information disclosure vulnerabilities, plus others. Solution Path: Apple has released OS X Security Update 2008-003 / OS X 10.5.3 to fix all these security issues. OS X administrators should download, test, and deploy the corresponding update as soon as they can: - <a href="http://www.apple.com/support/downloads/securityupdate2008003ppc.html">Security Update 2008-003 (PPC) </a> - <a href="http://www.apple.com/support/downloads/securityupdate2008003intel.html">Security Update 2008-003 (Intel) </a> - <a href="http://www.apple.com/support/downloads/securityupdate2008003serverppc.html">Security Update 2008-003 Server (PPC) </a> - <a href="http://www.apple.com/support/downloads/securityupdate2008003serveruniversal.html">Security Update 2008-003 Server (Universal) </a> - <a href="http://www.apple.com/support/downloads/macosx1053update.html">Security Update OS X 10.5.3 (Leopard) </a> - <a href="http://www.apple.com/support/downloads/macosx1053comboupdate.html">Security Update OS X 10.5.3 Combo Update (Leopard) </a> Note: If you have trouble figuring out which of these patches corresponds to your version of OS X, we recommend that you let OS X's Software Update utility pick the correct update for you automatically. Matthew Mole matthew.mole@infologic.uk.com http://support.apple.com/kb/HT1897/ For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. 2008-05-29T10:00:00Z 2008-05-29T10:00:00Z 26 true http://www.infologic.uk.com/security.xml 2008-05-29T10:00:00.370Z High Legitimate Web Sites Serving Zero Day Flash Player Exploit adfebef5-8d4d-4c29-ba35-59e504a00025 Thur, 29 May 2008 10:00:00 GMT Summary: - These vulnerabilities affect: Adobe Flash Player 9.0.124.0 and earlier on Windows (potentially affects OS X, Unix, and Linux as well) - How an attacker exploits them: By enticing one of your users into playing a maliciously crafted Flash (.SWF) file - Impact: An attacker could execute code on the victim's computer, and take control of it - What to do: Adobe hasn't released a patch yet; see the solution section below for workarounds Adobe Flash Player displays interactive, animated web content called Flash, often formatted as a Shockwave (.SWF) file. Adobe's Flash Player ships by default with many web browsers, including Internet Explorer (IE). It also runs on many operating systems. Late yesterday, Symantec, SANS Internet Storm Center Handler's Diary and <a href="http://www.securityfocus.com/bid/29386/info/">SecurityFocus</a> all warned of a serious zero day Flash Player vulnerability which they have found attackers exploiting in the wild. As of this writing, researchers do not know the technical details about this new vulnerability; they do know, however, that if one of your users downloads and plays a specially crafted Shockwave Flash (.SWF) file, an attacker could exploit the unpatched flaw to execute code on that user's computer, with that user's privileges. Since most Windows administrators grant their users local administrative privileges, an attacker could potentially exploit these flaws to gain complete control of a victim's computer. The malicious .SWF file could be hosted on a web site, sent via an HTML e-mail, or delivered in other ways via applications that embed Flash. According to the last <a href="http://www.securityfocus.com/bid/29386/exploit/">update</a> from SecurityFocus, attackers are exploiting this zero day vulnerability in great numbers. They warn that attackers have injected this malicious .SWF exploit into approximately 20,000 legitimate web sites, using web-based attack techniques like those we recently described in our recent Radio Free Security podcast. On the other hand, this morning Symantec updated their Threatcon information claiming this Flash Player vulnerability may not be as new as they originally thought. Their latest technical analysis reveals that the flaw appears similar to one Adobe has already patched. Even with that, Symantec has still observed this new exploit affecting fully patched versions of Adobe Flash Player. So, either this is a true zero day variant of the original flaw, or Adobe's patch is not working as reliably as it should. Regardless, if you allow Adobe Flash Player in your network, you should remain concerned about this new exploit and follow the workarounds suggested below. Solution Path: Because researchers first found this vulnerability being exploited in the wild, Adobe has not had time to release a patch for Flash Player. Until they do, the following workarounds will mitigate the risk of this new exploit affecting your users: - Internet Explorer (IE) users can set the killbit for Adobe's Flash Player. This prevents IE from playing any Flash content with the Adobe Flash Player. Bear in mind that this also prevents legitimate Flash content from playing. Refer to this <a href="http://support.microsoft.com/kb/240797/">Microsoft Knowledge Base article</a> for more details on how to set a killbit. Flash Player's CLSID is BD96C556-65A3-11D0-983A-00C04FC29E36. - Firefox users should install the NoScript extension. <a href="http://noscript.net/">NoScript</a> prevents web sites from running JavaScript, Java, Flash, or other executable web content by default. While NoScript does prevent legitimate web sites from executing scripts as well, you can easily add those trusted sites to your white list to allow them to run the content you need. - Use a gateway device, like WatchGuard's Firebox products, to block .SWF files from entering your network. See below for more details. Matthew Mole matthew.mole@infologic.uk.com http://www.symantec.com/security_response/threatcon/index.jsp Copyright 2006 WatchGuard Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2008-05-29T10:00:00Z 2008-05-29T10:00:00Z 25 true http://www.infologic.uk.com/security.xml 2008-05-29T10:00:00.370Z High Safari Vulnerabilities Allow Attackers to Execute Code adfebef5-8d4d-4c29-ba35-59e504a00024 Thur, 17 Apr 2008 13:00:00 GMT Summary: - These vulnerabilities affect: Safari 3 for OS X (and Windows) - How an attacker exploits them: By enticing one of your users to a malicious web page - Impact: Numerous flaws, various results; in the worst case, an attacker could execute code on the victim's computer - What to do: Update to Safari 3.1.1 at your earliest convenience Safari is the default web browser that ships with OS X. Recently, Apple also released Safari for Windows, <a href="http://www.watchguard.com/RSS/showarticle.aspx?pack=RSS.Apple.SU"> pushing</a> it to Quicktime and iTunes users via Apple Software Update. Today, Apple released an <a href="http://support.apple.com/kb/HT1467">advisory</a> describing four vulnerabilities that affect Safari, and components that ship with it. The flaws affect both the OS X and Windows versions of Safari. The worst of these vulnerabilities potentially allows attackers to execute malicious code on your Safari user's machines. If you use Safari in your network -- whether on a PC or Mac -- you should update to version 3.1.1 at your earliest convenience. Solution Path: Apple has release Safari 3.1.1 for OS X and Windows. If you use Safari in your network, you should <a href="http://www.apple.com/safari/download/">download</a> and install this update at your earliest convenience. Note: You can also use Apple and OS X's Software Update utility to install Safari updates automatically. Matthew Mole matthew.mole@infologic.uk.com http://support.apple.com/kb/HT1467 For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. 2008-04-17T13:00:00Z 2008-04-17T13:00:00Z 24 true http://www.infologic.uk.com/security.xml 2008-04-17T13:00:00.370Z High April Updates's from Microsoft adfebef5-8d4d-4c29-ba35-59e504a00023 Wed, 09 Apr 2008 10:00:00 GMT Summary: Microsoft released eight security bulletins, fixing a total of ten vulnerabilities in its various products; these include Windows, IE, Project, and Visio. Microsoft rates five of the eight vulnerabilities as Critical. - Microsoft Windows Kernel Privilege Escalation Vulnerability - Microsoft Windows hxvz.dll ActiveX Control Memory Corruption - Microsoft Windows GDI Image Parsing Buffer Overflows - Microsoft Windows DNS Client Predictable Transaction ID Vulnerability - Microsoft Visio Two File Processing Vulnerabilities - Microsoft Project Unspecified Code Execution Vulnerability - Internet Explorer Data Stream Handling Vulnerability and - Microsoft VBScript/JScript Script Decoding Buffer Overflow Solution Path: For more information, you can go read the <a href="http://www.microsoft.com/technet/security/bulletin/ms08-apr.mspx"> Security Bulletin.</a> Microsoft has released patches for Windows which correct all of these vulnerabilities. Run windows update to automatically download, test, and deploy the appropriate patches throughout your network immediately. Note: Microsoft no longer officially supports Windows NT 4.0, 98, ME or XP with SP1. If you manage any of these operating systems, Microsoft suggests you migrate to supported versions to prevent potential exposure to vulnerabilities. You can learn more about Microsoft's extended security update support at its Product Support Services Web site. Matthew Mole matthew.mole@infologic.uk.com http://www.microsoft.com/technet/security/bulletin/ms08-apr.mspx For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. 2008-04-09T10:00:00Z 2008-04-09T10:00:00Z 23 true http://www.infologic.uk.com/security.xml 2008-04-09T10:00:00.370Z High OS X Update Fixes Almost 100 Security Flaws adfebef5-8d4d-4c29-ba35-59e504a00022 Wed, 19 Mar 2008 10:30:00 GMT Summary: - These vulnerabilities affect: OS X 10.4.x (Tiger) and OS X 10.5.x (Leopard), both client and server versions - How an attacker exploits them: Multiple vectors of attack, including enticing one of your users into visiting a URL or web site - Impact: Various results; in the worst case, attacker executes code on your user's computer, potentially gaining complete of your user's computer - What to do: OS X administrators should download, test and install Security Update 2008-002 Today, Apple released a <a href="http://docs.info.apple.com/article.html?artnum=307562">security update</a> fixing over 95 (number based on CVE-IDs) security issues in software packages that ship as part of OS X, including Apache, Preview, and Help Viewer. Some of these vulnerabilities allow attackers to execute any code they choose on your OS X machines, so we rate this update Critical. Apply it as soon as you can. This is a huge update fixing many security vulnerabilities, some of which pose a critical security risk. If you manage OS X machines, we highly recommend you apply this update right away. Solution Path: Apple has released OS X Security Update 2008-002 to fix all these security issues. OS X administrators should download, test, and deploy Security Update 2008-002 as soon as they can. - <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&cat=1&platform=osx&method=sa/SecUpd2008-002PPC.dmg">Security Update 2008-002 v1.0 (PPC)</a> - <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18158&cat=1&platform=osx&method=sa/SecUpd2008-002Univ.dmg">Security Update 2008-002 v1.0 (Universal)</a> - <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18159&cat=1&platform=osx&method=sa/SecUpd2008-002.dmg">Security Update 2008-002 v1.0 (Leopard)</a> - <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18161&cat=1&platform=osx&method=sa/SecUpdSrvr2008-002PPC.dmg">Security Update 2008-002 v1.0 Server (PPC)</a> - <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18165&cat=1&platform=osx&method=sa/SecUpdSrvr2008-002Univ.dmg">Security Update 2008-002 v1.0 Server (Universal)</a> - <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18160&cat=1&platform=osx&method=sa/SecUpdSrvr2008-002.dmg">Security Update 2008-002 v1.0 Server (Leopard)</a> Note: If you have trouble figuring out which of these patches corresponds to your version of OS X, we recommend you let OS X's Software Update utility pick the correct update for you automatically. Matthew Mole matthew.mole@infologic.uk.com http://docs.info.apple.com/article.html?artnum=307562 Copyright 2006 WatchGuard Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2008-03-19T10:30:00Z 2008-03-19T10:30:00Z 22 true http://www.infologic.uk.com/security.xml 2008-03-19T10:30:00.370Z Medium Safari 3 security flaws for OS X and Windows adfebef5-8d4d-4c29-ba35-59e504a00021 Wed, 19 Mar 2008 10:30:00 GMT Summary: - These vulnerabilities affect: Safari 3 for OS X and Windows - How an attacker exploits them: By enticing one of your users into visiting a malicious web site - Impact: Various results; in the worst case, attacker executes code on your user's computer, with your user's privileges - What to do: Install Safari 3.1 Today, Apple released a <a href="http://docs.info.apple.com/article.html?artnum=307563">security update </a> fixing thirteen security issues in Safari 3 for OS X and Windows. The worst of these vulnerabilities potentially allows attackers to execute malicious code on your Safari user's machines. If you use Safari in your network - whether on a PC or Mac - you should update to version 3.1 as soon as you can. Solution Path: Apple has released Safari 3.1 for OS X and Windows to correct these security vulnerabilities. Safari users should <a href="http://www.apple.com/safari/download/">download and install version 3.1</a> as soon as possible. Note: You can also use Apple and OS X's Software Update utility to install the Safari 3.1 update for you automatically. Matthew Mole matthew.mole@infologic.uk.com http://docs.info.apple.com/article.html?artnum=307563 For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. 2008-03-19T10:30:00Z 2008-03-19T10:30:00Z 21 true http://www.infologic.uk.com/security.xml 2008-03-19T10:30:00.370Z High MS Office Security risks for PC and Mac adfebef5-8d4d-4c29-ba35-59e504a00020 Wed, 12 Mar 2008 10:30:00 GMT Summary: - These vulnerabilities affect: Most current versions of Microsoft Office for Windows, and in some cases for Mac (and some other Office-related programs) - How an attacker exploits them: By enticing you to open maliciously crafted Office documents, visit a malicious web site, or click a malicious link - Impact: An attacker can execute code, potentially gaining complete control of your computer - What to do: Run Windows Update and install the appropriate Office or Office related patches immediately. Solution Path: If you'd like to learn more about each individual flaw, drill into the "Vulnerability Details" section of the security bulletins listed below: - Multiple Excel vulnerabilities: <a href="http://www.microsoft.com/technet/security/bulletin/MS08-014.mspx">MS08-014</a> - Outlook mailto: URI handling vulnerability: <a href="http://www.microsoft.com/technet/security/bulletin/MS08-015.mspx">MS08-015</a> - Two Office remote code execution vulnerabilities: <a href="http://www.microsoft.com/technet/security/bulletin/MS08-016.mspx">MS08-016</a> - Two Office Web Component vulnerabilities: <a href="http://www.microsoft.com/technet/security/bulletin/MS08-017.mspx">MS08-017</a> Matthew Mole matthew.mole@infologic.uk.com http://www.watchguard.com/RSS/showarticle.aspx?pack=RSS.MS.Mar08.summ Copyright 2006 WatchGuard Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2008-03-12T10:30:00Z 2008-03-12T10:30:00Z 20 true http://www.infologic.uk.com/security.xml 2008-03-12T10:30:00.370Z Medium Sun Java exploits for Windows, Solaris and Linux adfebef5-8d4d-4c29-ba35-59e504a00019 Mon, 10 Mar 2008 10:00:00 GMT Summary: - These vulnerabilities affect: All versions of Sun Java Runtime Environment (JRE) released before 4 March, on Windows, Solaris, and Linux platforms - How an attacker exploits them: By enticing your users to a malicious web page that contains a specially crafted Java applet or application - Impact: Various results; in the worst case, attacker can gain complete control of your computer - What to do: Install the appropriate JRE update as soon as possible Solution Path: Sun has released various JRE and SDK updates to correct these issues. If you use Sun JRE in your network, download and deploy the corresponding updates as soon as possible: - JRE and JDK 6.0: Download <a href="https://sdlc2b.sun.com/ECom/EComActionServlet;jsessionid=D859231F697005C8BBA79A6598753962">JRE</a> or <a href="https://sdlc4b.sun.com/ECom/EComActionServlet;jsessionid=2220154A607E73FD8C29D16EBB433039">JDK</a> 6.0 Update 5 - JRE and JDK 5.0: Download <a href="https://sdlc5b.sun.com/ECom/EComActionServlet;jsessionid=5FAA0999490447ECAE6EA13107E0E655">JRE</a> or <a href="https://sdlc2e.sun.com/ECom/EComActionServlet;jsessionid=C70FF1D1E82C1F566C65241E9F8C562C">JDK</a> 5.0 Update 15 - JRE and SDK 1.4.x: Download <a href="https://sdlc4a.sun.com/ECom/EComActionServlet;jsessionid=DFB9E0424E7461C4D023759025DD2E54">JRE</a> or <a href="https://sdlc5e.sun.com/ECom/EComActionServlet;jsessionid=AF617DC4C4EA6B0AADAF0A569517BF84">SDK</a> 1.4.2_17 - JRE and SDK 1.3.x: Download <a href="http://java.sun.com/j2se/1.3/download.html">JRE or SDK 1.3.1_22</a> Matthew Mole matthew.mole@infologic.uk.com http://www.us-cert.gov/cas/techalerts/TA08-066A.html Copyright 2006 WatchGuard Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2008-03-10T10:00:00Z 2008-03-10T10:00:00Z 19 true http://www.infologic.uk.com/security.xml 2008-03-10T10:00:00.370Z Early Warning Windows Vista SP1 upgrade - 3rd party compatability adfebef5-8d4d-4c29-ba35-59e504a00018 Fri, 22 Feb 2008 11:55:00 GMT Service Packs are among the biggest updates Microsoft issues for its various operating systems. The software firm said SP1 makes Vista more secure and reliable and introduces some new features. The list of programs affected by SP1 is divided into three. Some will be blocked by the update, some will not run and others will lose some of their functions. - BitDefender AV - Fujitsu Shock Sensor - Jiangmin KV Antivirus 10 - Jiangmin KV Antivirus 2008 - Trend Micro Internet Security - Zone Alarm Security Suite - Iron Speed Designer - Xheo Licensing - Free Allegiance - NYT Reader - Rising Personal Firewall - Novell ZCM Agent Matthew Mole matthew.mole@infologic.uk.com http://news.bbc.co.uk/1/hi/technology/7205059.stm Copyright 2006 WatchGuard Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2008-02-22T11:55:00Z 2008-02-22T11:55:00Z 18 true http://www.infologic.uk.com/security.xml 2008-02-22T11:55:00.370Z Medium More social engineering - Full Moon trojans adfebef5-8d4d-4c29-ba35-59e504a00017 Fri, 22 Feb 2008 11:00:00 GMT Astronomy buffs take note: A significant amount of spam has been spotted promising such things as "Lunar Eclipse Video" and "Shocking video with Total moon eclipse." Don't fall for it! It's a dispiriting example of a trend that's on the increase: Spam generated around timely events and targeted to specific interest groups. Matthew Mole matthew.mole@infologic.uk.com http://www.watchguard.com/RSS/showarticle.aspx?pack=RSS.EclipseTaxScams Copyright 2006 WatchGuard Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2008-02-22T11:00:00Z 2008-02-22T11:00:00Z 17 true http://www.infologic.uk.com/security.xml 2008-02-22T11:00:00.370Z Critical Update - Microsoft patches in February adfebef5-8d4d-4c29-ba35-59e504a00016 Wed, 13 Feb 2008 11:00:00 GMT From our early warning post sent Tue, 12 Feb 2008 10:00:00 GMT, Microsoft posted their <a href="http://www.microsoft.com/technet/security/bulletin/ms08-feb.mspx">Advanced Notification</a>. Microsoft released 11 security bulletins, fixing some 17 vulnerabilities in their products. With so many bulletins rated as Critical, where do you patch first? Here are some of our thoughts, which may help you formulate your own. - WebDAV. If you run a Windows web server, it's a bigger target than any of your users' desktops. This flaw is rather breathtaking: It requires no user interaction, and a single malicious packet sent to port 80 could give up your server to an attacker. We agree with Microsoft's listing of this as the most critical of today's flaws. - OLE and the Office flaws. In our minds, these are a virtual tie; each of these flaws can be exploited using the techniques that commonly dupe users. We'd give the OLE flaw a slightly higher priority, because users are probably unaware that this component is present on their machines. - Internet Explorer "roll-up" patch. Prioritizing this patch over the Office flaws should be based upon whether your environment does more Web surfing or more document sharing. For the fabled "typical" office, we'd suggest installing the OLE patch first, then the IE patch, and finally the Office patches, because most of the offices we visit do more web-clicking than doc-passing. The Office patches are also required for MAC users. We highly recomend running windows update to install the other updates. You can view all of the updates from the Microsoft bulletin site. Matthew Mole matthew.mole@infologic.uk.com http://www.microsoft.com/technet/security/bulletin/ms08-feb.mspx Copyright 2006 WatchGuard Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2008-02-13T10:00:00Z 2008-02-13T10:00:00Z 16 true http://www.infologic.uk.com/security.xml 2008-02-13T10:00:00.370Z Mac Eleven Urgent Apple OSx Updates adfebef5-8d4d-4c29-ba35-59e504a00015 Tue, 12 Feb 2008 10:00:00 GMT Today, Apple released a <a href="http://docs.info.apple.com/article.html?artnum=307430"> security update</a> fixing over 11 security issues in software packages that ship as part of OS X, including Mail, Launch Services, and Samba. Many of these vulnerabilities allow attackers to execute any code they choose on your OS X machines, so we rate this update Critical. Apply it as soon as you can. Solution: Apple has released updates to fix these vulnerabilities for both OS X 10.4.11 and 10.5.x. Apple OS X administrators should download, test, and deploy the appropriate updates as soon as possible. - <a href="http://www.apple.com/support/downloads/securityupdate2008001ppc.html">Security Update 2008-001 (PPC)</a> - <a href="http://www.apple.com/support/downloads/securityupdate2008001universal.html">Security Update 2008-001 (Universal)</a> - <a href="http://www.apple.com/support/downloads/macosx1052comboupdate.html">Mac OS X 10.5.2 Combo Update (Client)</a> - <a href="http://www.apple.com/support/downloads/macosxserver1052comboupdate.html">Mac OS X 10.5.2 Combo Update (Server)</a> Note: If you have trouble figuring out which of these patches corresponds to your version of OS X, we recommend you let OS X's Software Update utility automatically pick the correct update for you. Matthew Mole matthew.mole@infologic.uk.com http://docs.info.apple.com/article.html?artnum=307430 For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. 2008-02-12T10:00:00Z 2008-02-012T10:00:00Z 15 true http://www.infologic.uk.com/security.xml 2008-02-12T10:00:00.370Z Early Warning Twelve Microsoft patches in February adfebef5-8d4d-4c29-ba35-59e504a00014 Fri, 08 Feb 2008 11:00:00 GMT Microsoft posted their <a href="http://www.microsoft.com/technet/security/bulletin/ms08-feb.mspx">Advanced Notification</a> today, predicting that next Tuesday they would release seven Critical bulletins and five ranked Important. They can be categorized as follows: - Four bulletins detailing remote code execution vulnerabilities affecting Windows, rated Critical - Three bulletins detailing remote code execution vulnerabilities affecting Office, rated Critical - Two bulletins detailing Denial of Service vulnerabilities affecting Windows, rated Important - One bulletin detailing an Elevation of Privilege flaw affecting Windows and IIS, rated Important - Two bulletins detailing remote code execution vulnerabilities in Windows, Office, and Works, rated Important The vulnerabilities to be revealed on Tuesday affect other Microsoft applications, too, including Internet Explorer, Active Directory, and Visual Basic. Matthew Mole matthew.mole@infologic.uk.com http://www.watchguard.com/RSS/showarticle.aspx?pack=RSS.MS.Feb08.notify Copyright 2006 WatchGuard Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2008-02-08T11:00:00Z 2008-02-08T11:00:00Z 14 true http://www.infologic.uk.com/security.xml 2008-02-08T11:00:00.370Z High Quicktime Media Handling Flaws - All Versions adfebef5-8d4d-4c29-ba35-59e504a00013 Thur, 07 Feb 2008 11:00:00 GMT This vulnerability is related to the previous Quicktime Media Handling Flaw we informed you about on the 14th of Jan. News of this flaw was originally released with no warning to Apple, and with Proof of Concept (PoC) code provided to the public. Apple have now created a fix which we recommend you download asap. This affects all Operating systems and all versions of Apple iTunes and Quicktimes media player. Solution : If you use these Apple multimedia products, update immediately to Quicktime 7.4.1, available from the <a href="http://www.apple.com/support/downloads/">Apple Downloads</a> site. Matthew Mole matthew.mole@infologic.uk.com http://www.apple.com/support/downloads/ For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. 2008-02-07T11:00:00Z 2008-02-07T11:00:00Z 13 true http://www.infologic.uk.com/security.xml 2008-02-07T11:00:00.370Z Mac iPhoto update for all Mac users adfebef5-8d4d-4c29-ba35-59e504a00012 Thur, 07 Feb 2008 10:30:00 GMT According to Apple, iPhoto suffers from a format string vulnerability involving the way it handles maliciously crafted photocasts. iPhoto ships with all current Macs, so all Mac users have it, whether or not they use it. If you have Macs, you should install the iPhoto update even if you rarely use the program and have never heard of a photocast before today. Solution : Download the iPhoto update from apple <a href="http://www.apple.com/support/downloads/iphoto712.html">here.</a> Matthew Mole matthew.mole@infologic.uk.com http://www.watchguard.com/RSS/showarticle.aspx?pack=RSS.iPhoto.photocast Copyright 2006 WatchGuard Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2008-02-07T10:30:00Z 2008-02-07T10:30:00Z 12 true http://www.infologic.uk.com/security.xml 2008-02-07T10:30:00.370Z Medium Skype, Facebook and Myspace allow hackers to reach out and touch you adfebef5-8d4d-4c29-ba35-59e504a00011 Mon, 04 Feb 2008 10:15:00 GMT Skypefind XSS Vulnerability - "Skypefind" is a Skype feature that allows users to promote their own businesses. If the attacker can entice you into viewing a business he has reviewed using a maliciously crafted name, he can exploit this vulnerability to execute his malicious script on your machine with full local zone privileges. Skype has implemented a server-side fix that should mitigate the risk of this vulnerability. However, to completely protect Skype users. We recommend you disable Skypefind and provides instructions to do so in the finders <a href="http://aviv.raffon.net/2008/01/31/AttackersCanSkypeFindYou.aspx">blog post.</a> Buffer Overflow in MySpace and Facebook ActiveX Control - Both MySpace and FaceBook use Aurigma's ImageUploader ActiveX control to allow users to upload images to their accounts. If you use Internet Explorer (IE), and you've uploaded images to MySpace or FaceBook, you probably have the vulnerable ActiveX control on your machine. What to do : MySpace and Facebook haven't had time to fix this flaw yet; We suggest holding back from using these sites for the near future. Matthew Mole matthew.mole@infologic.uk.com http://www.watchguard.com/RSS/showarticle.aspx?pack=RSS.SkypeMyspace Copyright 2006 WatchGuard Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2008-02-04T10:15:00Z 2008-02-04T10:15:00Z 11 true http://www.infologic.uk.com/security.xml 2008-02-04T10:15:00.370Z Medium FireFox session stealing adfebef5-8d4d-4c29-ba35-59e504a00010 Mon, 04 Feb 2008 10:00:00 GMT A flaw in Firefox could allow hackers to take advantage of extensions packaged in a particular way, helping them hijack your web sessions. If a victim has such an extension installed, and the attacker can entice them to a malicious web page, then he can exploit this flaw in an information disclosure attack that would allow him to steal information from certain files on your computer. Firefox doesn't have a patch for this flaw yet, although they do plan to release one on February 5th. What to do : Until then, you can implement the Firefox's NoScript extension. <a href="http://noscript.net/">http://noscript.net/</a> Matthew Mole matthew.mole@infologic.uk.com http://www.watchguard.com/RSS/showarticle.aspx?pack=RSS.Firefox.ext.0day Copyright 2006 WatchGuard Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2008-02-04T10:00:00Z 2008-02-04T10:00:00Z 10 true http://www.infologic.uk.com/security.xml 2008-02-04T10:00:00.370Z Medium Google links scam adfebef5-8d4d-4c29-ba35-59e504a00009 Tue, 22 Jan 2008 15:00:00 GMT Google searches for Avira and the company's anti-malware product Antivir, a free version of which is available for personal use in the German home market and elsewhere, are producing sponsored links to a subscription-based software download site specialising in providing 'free' security products. Clicking on the sponsored link, rather than the direct links to Avira further down the page, takes users to a site offering subscriptions to a package of security and system maintenance tools. After unchecking several boxes the system can be bypassed to lead eventually to an Antivir page at a separate freeware download site where many users have felt tricked into buying the firm's wares in the belief that payment was necessary to access the Avira software. What to do : Try to ensure that all purchases are made from legitimate and traceable sources. Report suspect sites to your security provider, to the search engine or other site which led you there, to banks in cases of phishing or financial loss, and in serious cases to law enforcement agencies. Matthew Mole matthew.mole@infologic.uk.com http://www.virusbtn.com/news/2008/01_21.xml Copyright 2007 Infologic Solutions ltd. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2008-01-22T15:00:00Z 2008-01-22T15:00:00Z 9 true http://www.infologic.uk.com/security.xml 2008-01-22T15:00:00.370Z Mac Mac DNS changers Trojan:OSX/DNSChanger.BK adfebef5-8d4d-4c29-ba35-59e504a00008 Mon, 21 Jan 2008 10:40:00 GMT Unwanted Mac Software has been a recent topic so we are now releasing Security warnings for Mac Computers to ensure you are kept upto date. Social engineering techniques are used to persuade the user into downloading and running this trojan. Websites hosting video (often elicit) claim that the video cannot be viewed without installing a new codec. The user is prompted to install the "needed" codec. The trojan infects both 10.4 and 10.5 versions of Mac OS X. Full information can be found at F-Secure What to do : Only download codec's from recognised/known sources. Example: Download Quicktime codecs from the Quicktime website etc. Matthew Mole matthew.mole@infologic.uk.com http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml Copyright 2007 Infologic Solutions ltd. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2008-01-21T10:40:00Z 2008-01-21T10:40:00Z 8 true http://www.infologic.uk.com/security.xml 2008-01-21T10:40:00.370Z Medium Quicktime Media Handling Flaws adfebef5-8d4d-4c29-ba35-59e504a00007 Mon, 14 Jan 2008 10:00:00 GMT This vulnerability affects: Quicktime 7.3.1.70 and earlier, on Windows and Mac computers (and possibly earlier versions). How an attacker exploits it: By enticing your users to download and play a malicious Quicktime media file Impact: Attacker executes code on your user's computer, potentially gaining complete control of it. What to do: Apple has released Quicktime version 7.4 (or iTunes 7.6) to correct these flaws. Matthew Mole matthew.mole@infologic.uk.com http://docs.info.apple.com/article.html?artnum=307301 For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. 2008-01-14T10:00:00Z 2008-01-14T10:00:00Z 7 true http://www.infologic.uk.com/security.xml 2008-01-14T10:00:00.370Z Critical Microsoft TCP/IP critical flaw adfebef5-8d4d-4c29-ba35-59e504a00006 Wed, 09 Jan 2008 10:30:00 GMT For January's Patch Tuesday, Microsoft only released two security bulletins; one of these bulletins, however, fixes a doozy of a hole in Windows' TCP/IP component. By sending specially crafted multicast packets to your computer, an attacker could exploit this critical vulnerability to gain complete control of it. WatchGuard Fireboxes block multicast traffic by default; if you have one, it will protect you from this critical vulnerability. Solution: You should apply Microsoft's Critical patch as soon as possible using the windows update tool. Matthew Mole matthew.mole@infologic.uk.com http://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx Copyright 2006 WatchGuard Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2008-01-09T10:30:00.370Z 2008-01-09T10:30:00.370Z 6 true http://www.infologic.uk.com/security.xml 2008-01-09T10:30:00.370Z High Real Player Zero Day Security Flaw adfebef5-8d4d-4c29-ba35-59e504a00005 Thur, 03 Jan 2008 09:30:00 GMT A Russian security research team has discovered a zero day vulnerability in the latest version of RealPlayer. Instead of releasing technical details about this new flaw, they have released a short flash video showing their Proof-of-Concept in action. Luckily, the Gleg researchers haven't released any technical details about this flaw; so the bad guys don't know how to exploit it... yet Solution: At best, I suggest you remain wary when visiting web sites that host RealPlayer media streams. You might even avoid using RealPlayer at all until this issue gets fixed. Matthew Mole matthew.mole@infologic.uk.com http://www.watchguard.com/RSS/showarticle.aspx?pack=RSS.RP.0day.Jan08 Copyright 2006 WatchGuard Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2008-01-03T09:30:00.370Z 2008-01-03T09:30:00.370Z 5 true http://www.infologic.uk.com/security.xml 2008-01-03T09:30:00.370Z High Adobe Flash Player Flaws adfebef5-8d4d-4c29-ba35-59e504a00004 Thur, 19 Dec 2007 09:30:00 GMT These vulnerabilities affect: Adobe Flash Player 9.0.48.0 and earlier, 8.0.35.0 and earlier, and 7.0.70.0 and earlier, on Windows, OS X, Unix and Linux computers. How an attacker exploits them: By enticing one of your users into playing a maliciously crafted Flash (.SWF) file. Impact: Numerous flaws, various results. In the worst case, an attacker could execute code on the victim's computer, and take control. What to do: Deploy Flash Player 9.0.115.0 as soon as possible. Solution: Adobe recommends all users of Adobe Flash Player 9.0.48.0 and earlier versions upgrade to the newest version 9.0.115.0 Matthew Mole matthew.mole@infologic.uk.com http://www.adobe.com/support/security/bulletins/apsb07-20.html For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. 2007-12-19T09:30:00Z 2007-12-19T09:30:00Z 4 true http://www.infologic.uk.com/security.xml 2007-12-19T09:30:00.370Z Critical Trio of Quicktime Media Handling Flaws adfebef5-8d4d-4c29-ba35-59e504a00003 Fri, 14 Dec 2007 09:12:00 GMT This vulnerability affects: Quicktime 7.3 for Mac and PC (and possibly earlier versions) How an attacker exploits it: By enticing your users to download and play a malicious Quicktime media file Impact: Attacker executes code on your user's computer, potentially gaining complete control of it. What to do: If you allow Quicktime (or iTunes), upgrade to 7.3.1. Otherwise, remove these applications from your company's computers. Matthew Mole matthew.mole@infologic.uk.com http://docs.info.apple.com/article.html?artnum=307176 For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. 2007-12-14T09:12:00Z 2007-12-14T09:12:00Z 3 true http://www.infologic.uk.com/security.xml 2007-12-14T09:12:00.370Z Early Warning Microsoft says"Bah, humbug!" with seven December security bulletins adfebef5-8d4d-4c29-ba35-59e504a00002 Fri, 07 Dec 2007 00:43:25 GMT Expect seven security bulletins this Tuesday, with three revealing flaws of critical severity. Even if Scrooge hadn't been frightened by the Ghost of Christmas Future, he'd moan at the Ghost of Christmas Patch. Matthew Mole matthew.mole@infologic.uk.com http://www.watchguard.com/RSS/showarticle.aspx?pack=RSS.MS.Notif.De07 Copyright 2006 WatchGuard Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice. 2007-12-07T00:43:25Z 2007-12-07T00:43:25Z 2 true http://www.infologic.uk.com/security.xml 2007-12-11T09:22:12.370Z