DarkFiber Consulting - IT Managed Services

Microsoft Releases Advance Notification for August Security Bulletin

DarkFiber Consulting — Fri, 06 Aug 2010 19:53:13 +0000

Microsoft has issued a Security Bulletin Advance Notification indicating that its August release will contain 14 bulletins. Eight bulletins will have the severity rating of critical and will be for Microsoft Windows, Internet Explorer, Office, and Silverlight. The remaining six bulletins will have the severity rating of important and will be for Microsoft Windows and Office. Release of these bulletins is scheduled for Tuesday, August 10, 2010.

DarkFiber Consulting will provide additional information as it becomes available.

Tags: Advance Notification, August 10, Bulletins, Internet Explorer, Microsoft, Microsoft Explorer, Microsoft Internet, Microsoft Office, Microsoft Security, Microsoft Windows, Security Bulletin, Severity Rating, Windows Explorer, Windows Internet

Cisco Releases Security Advisory for Firewall Services Module

DarkFiber Consulting — Fri, 06 Aug 2010 19:53:13 +0000

Cisco has released a security advisory to address multiple vulnerabilities in the Cisco Firewall Services Module. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Cisco security advisory cisco-sa-20100804-fwsm and apply any necessary updates to help mitigate the risks.

Tags: Address, Attacker, Cisco, Cisco Firewall, Cisco Security Advisory, Denial Of Service, Firewall Services, Necessary Updates, Security Firewall, Security Services, Vulnerabilities

Microsoft Releases Out-of-Band Security Bulletin to Address Shortcut Vulnerability

DarkFiber Consulting — Fri, 06 Aug 2010 19:53:12 +0000

Microsoft has released security bulletin MS10-046 to address a critical vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for shortcut files. By convincing a user to display a specially crafted shortcut file, a remote attacker may be able to execute arbitrary code.

DarkFiber Consulting strongly encourages users and administrators to review Microsoft security bulletin MS10-046 and apply any necessary updates to mitigate the risks.

Additional information regarding this vulnerability can be found in the following:

Microsoft Security Bulletin MS10-046
Microsoft Security Advisory 2286198
DarkFiber Consulting Current Activity Entry “Microsoft Windows .LNK Vulnerability“
DarkFiber Consulting Vulnerability Note VU#940193

Tags: Address, Arbitrary Code, Attacker, Critical Vulnerability, Current, Failure, Microsoft, Microsoft Icons, Microsoft Security Advisory, Microsoft Security Bulletin, Microsoft Windows, Necessary Updates, Shortcut Files, Vulnerability Note, Windows Icons

Microsoft Windows .LNK Vulnerability

DarkFiber Consulting — Fri, 06 Aug 2010 19:53:11 +0000

DarkFiber Consulting is aware of a vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for .LNK files. Microsoft uses .LNK files, commonly referred to as “shortcuts,” as references to files or applications.

By convincing a user to display a specially crafted .LNK file, an attacker may be able to execute arbitrary code that would give the attacker the privileges of the user. Viewing the location of an .LNK file with Windows Explorer is sufficient to trigger the vulnerability. By default, Microsoft Windows has AutoRun/AutoPlay features enabled. These features can cause Windows to automatically open Windows Explorer when a removable drive is connected, thus opening the location of the .LNK and triggering the vulnerability. Other applications that display file icons can be used as an attack vector for this vulnerability as well. Depending on the operating system and AutoRun/AutoPlay configuration, exploitation can occur without any interaction from the user. This vulnerability can also be exploited remotely through a malicious website, or through a malicious file or WebDAV share.

Microsoft has released Microsoft Security Advisory 2286198 in response to this issue. Users are
encouraged to review the advisory and consider implementing the workarounds
listed to reduce the threat of known attack vectors. Please note that
implementing these workarounds may affect functionality. The workarounds include

disabling the display of icons for shortcuts
disabling the WebClient service
blocking the download of .LNK and .PIF files from the internet

Microsoft has released a tool, Microsoft Fix it 50486, to assist users in disabling .LNK and .PIF file functionality. Users and administrators are encouraged to review Microsoft Knowledgebase article 2286198 and use the tool or the interactive method provided in the article to disable .LNK and .PIF functionality until a security update is provided by the vendor.

Update: Microsoft has issued a Security Bulletin Advance Notification indicating that it will be releasing an out-of-band security bulletin to address this vulnerability. Release of the security bulletin is scheduled for August 2, 2010.

In addition to implementing the workarounds listed in Microsoft Security Advisory 2286198, DarkFiber Consulting encourages users and administrators to consider implementing the following best practice security measures to help further reduce the risks of this and other vulnerabilities:

Disable AutoRun as described in Microsoft Support article 967715.
Implement the principle of least privilege as defined in the Microsoft TechNet Library.
Maintain up-to-date antivirus software.

Additional information can be found in the DarkFiber Consulting Vulnerability Note VU#940193.

DarkFiber Consulting will provide additional information as it becomes available.

Tags: Arbitrary Code, Attacker, Autoplay, Autorun, Interactive Method, Internet Microsoft, Knowledgebase Article, Lnk File, Lnk Files, Malicious Website, Microsoft Knowledgebase, Microsoft Security, Microsoft Windows, Open Windows Explorer, Pif Files, Removable Drive, Vulnerability, Webclient Service, Webdav, Workarounds

Apple Releases Safari 5.0.1 and Safari 4.1.1

DarkFiber Consulting — Fri, 06 Aug 2010 19:53:10 +0000

Apple has released Safari 5.0.1 and Safari 4.1.1 for Windows and Mac OS X to address multiple vulnerabilities in Safari and WebKit. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

DarkFiber Consulting encourages users and administrators to review Apple article HT4276 and apply any necessary updates to help mitigate the risks.

Tags: Apple 1, Apple Article, Arbitrary Code, Attacker, Denial Of Service, Mac Os X, Necessary Updates, Os X, Safari, Vulnerabilities, Windows Os

Google Releases Chrome 5.0.375.125

DarkFiber Consulting — Fri, 06 Aug 2010 19:53:10 +0000

Google has released Chrome 5.0.375.125 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information.

DarkFiber Consulting encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.

Tags: Arbitrary Code, Attacker, Blog, Google, Linux, Linux Mac, Necessary Updates

Firefox Releases Firefox 3.6.8

DarkFiber Consulting — Fri, 06 Aug 2010 19:53:09 +0000

The Mozilla Foundation has released Firefox 3.6.8 to address a critical vulnerability. This vulnerability may allow an attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review the Mozilla Foundation security advisory MFSA 2010-48 and update to Firefox 3.6.8 to help mitigate the risks.

Tags: Address, Arbitrary Code, Attacker, Critical Vulnerability, Mfsa, Mozilla Foundation Security Advisory

Cisco Releases Security Advisory for CDS Internet Streamer

DarkFiber Consulting — Fri, 06 Aug 2010 19:53:08 +0000

Cisco has released a security advisory to address a vulnerability in the Cisco Internet Streamer application that is part of the Cisco Content Delivery System. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to obtain sensitive information, including password files and system logs. This information could be used to leverage subsequent attacks.

DarkFiber Consulting encourages users and administrators to review Cisco security advisory cisco-sa-20100721 and apply any necessary updates to help mitigate the risks.

Tags: Address, Attacker, Cds, Cisco, Cisco Internet, Cisco Security Advisory, Cisco System, Content Delivery, Delivery System, Necessary Updates, Password Files, Streamer, System Exploitation, System Logs, Vulnerability

Mozilla Releases Firefox 3.6.7

DarkFiber Consulting — Fri, 06 Aug 2010 19:53:07 +0000

The Mozilla Foundation has released Firefox 3.6.7 and Firefox 3.5.11 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, or conduct cross-site scripting attacks. Some of these vulnerabilities also affect Thunderbird and SeaMonkey.

DarkFiber Consulting encourages users and administrators to review the Mozilla Foundation security advisories released on July 20, 2010, and apply any necessary updates to help mitigate the risks.

Tags: Arbitrary Code, Attacker, Firefox, Mozilla Foundation Security Advisories, Mozilla Releases, Necessary Updates, Seamonkey, Security Restrictions, Thunderbird

Foxit Releases Foxit Reader 4.1.1.0805

DarkFiber Consulting — Fri, 06 Aug 2010 14:31:51 +0000

Foxit has released Foxit Reader 4.1.1.0805 to address a vulnerability associated with the improper rendering of PDF documents. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review the security release notes for Foxit Reader 4.1.1.0805 and apply any necessary updates to help mitigate the risks. Additional information regarding this vulnerability can be found in DarkFiber Consulting Vulnerability Note VU#275247.

DarkFiber Consulting will provide additional information as it becomes available.

Tags: Address, Arbitrary Code, Attacker, Foxit, Necessary Updates, Pdf Documents, Security Release, Vulnerability Note