DarkFiber Consulting – IT Managed Services

Mozilla Releases Firefox 3.6.11

October 23rd, 2010 . by DarkFiber Consulting

The Mozilla Foundation has released Firefox 3.6.11 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, or cause a denial-of-service condition. The Mozilla Foundation has also released Firefox 3.5.14 to address these same vulnerabilities. Some of these vulnerabilities also affect Thunderbird and SeaMonkey and are addressed in Thunderbird 3.1.5 and 3.0.9 and SeaMonkey 2.0.9.

DarkFiber Consulting encourages users and administrators to review the Mozilla Foundation Security Advisories released on October 19, 2010 and apply any necessary updates to help mitigate the risks.

Google Releases Chrome 7.0.517.41

October 23rd, 2010 . by DarkFiber Consulting

Google has released Chrome 7.0.517.41 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct URL spoofing, or bypass security restrictions.

DarkFiber Consulting encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.

Apple Releases Java for Mac OS X 10.5 Update 8 and Java for Mac OS X 10.6 Update 3

October 23rd, 2010 . by DarkFiber Consulting

Apple has released Java for Mac OS X 10.5 update 8 and Java for Mac OS X 10.6 update 3 to address multiple vulnerabilities affecting the Java package. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Apple articles HT4417 and HT4418 and apply any necessary updates to help mitigate the risks.

RIM Releases Security Advisory for BlackBerry Enterprise Server

October 23rd, 2010 . by DarkFiber Consulting

RIM has released a security advisory to address a vulnerability in the PDF distiller of the BlackBerry attachment service for the BlackBerry Enterprise Server. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review BlackBerry security advisory KB24547 and apply any necessary updates to help mitigate the risks.

RealNetworks Releases Security Update for RealPlayer Vulnerabilities

October 23rd, 2010 . by DarkFiber Consulting

RealNetworks has issued a Security Update to address multiple vulnerabilities affecting RealPlayer. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review the RealNetworks security advisory and apply any necessary updates to help mitigate the risks.

Microsoft Releases October Security Bulletin

October 23rd, 2010 . by DarkFiber Consulting

Microsoft has released updates to address vulnerabilities in Microsoft Windows, .NET Framework, Server Software, Office, and Internet Explorer as part of the Microsoft Security Bulletin Summary for October 2010. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, operate with elevated privileges, cause a denial-of-service condition, or tamper with data.

DarkFiber Consulting encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Foxit Releases Foxit Reader 4.2

October 23rd, 2010 . by DarkFiber Consulting

Foxit has released Foxit Reader 4.2 to address multiple vulnerabilities. Exploitation of  these vulnerabilities may allow an attacker to execute arbitrary code, compromise the digital signature of PDF signatures or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review the Foxit security bulletin released on September 29, 2010, review the bug fix list for Foxit Reader 4.2, and apply any necessary updates to help mitigate the risks.

Cisco Releases Security Advisory for Firewall Services Module

August 6th, 2010 . by DarkFiber Consulting

Cisco has released a security advisory to address multiple vulnerabilities in the Cisco Firewall Services Module. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Cisco security advisory cisco-sa-20100804-fwsm and apply any necessary updates to help mitigate the risks.

Microsoft Releases Out-of-Band Security Bulletin to Address Shortcut Vulnerability

August 6th, 2010 . by DarkFiber Consulting

Microsoft has released security bulletin MS10-046 to address a critical vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for shortcut files. By convincing a user to display a specially crafted shortcut file, a remote attacker may be able to execute arbitrary code.

DarkFiber Consulting strongly encourages users and administrators to review Microsoft security bulletin MS10-046 and apply any necessary updates to mitigate the risks.

Additional information regarding this vulnerability can be found in the following:

Microsoft Windows .LNK Vulnerability

August 6th, 2010 . by DarkFiber Consulting

DarkFiber Consulting is aware of a vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for .LNK files. Microsoft uses .LNK files, commonly referred to as “shortcuts,” as references to files or applications.

By convincing a user to display a specially crafted .LNK file, an attacker may be able to execute arbitrary code that would give the attacker the privileges of the user. Viewing the location of an .LNK file with Windows Explorer is sufficient to trigger the vulnerability. By default, Microsoft Windows has AutoRun/AutoPlay features enabled. These features can cause Windows to automatically open Windows Explorer when a removable drive is connected, thus opening the location of the .LNK and triggering the vulnerability. Other applications that display file icons can be used as an attack vector for this vulnerability as well. Depending on the operating system and AutoRun/AutoPlay configuration, exploitation can occur without any interaction from the user. This vulnerability can also be exploited remotely through a malicious website, or through a malicious file or WebDAV share.

Microsoft has released Microsoft Security Advisory 2286198 in response to this issue. Users are
encouraged to review the advisory and consider implementing the workarounds
listed to reduce the threat of known attack vectors. Please note that
implementing these workarounds may affect functionality. The workarounds include

  • disabling the display of icons for shortcuts
  • disabling the WebClient service
  • blocking the download of .LNK and .PIF files from the internet

Microsoft has released a tool, Microsoft Fix it 50486, to assist users in disabling .LNK and .PIF file functionality. Users and administrators are encouraged to review Microsoft Knowledgebase article 2286198 and use the tool or the interactive method provided in the article to disable .LNK and .PIF functionality until a security update is provided by the vendor.

Update: Microsoft has issued a Security Bulletin Advance Notification indicating that it will be releasing an out-of-band security bulletin to address this vulnerability. Release of the security bulletin is scheduled for August 2, 2010.

In addition to implementing the workarounds listed in Microsoft Security Advisory 2286198, DarkFiber Consulting encourages users and administrators to consider implementing the following best practice security measures to help further reduce the risks of this and other vulnerabilities:

  • Disable AutoRun as described in Microsoft Support article 967715.
  • Implement the principle of least privilege as defined in the Microsoft TechNet Library.
  • Maintain up-to-date antivirus software.

Additional information can be found in the DarkFiber Consulting Vulnerability Note VU#940193.

DarkFiber Consulting will provide additional information as it becomes available.

« Previous Entries