DarkFiber Consulting – IT Managed Services

RIM Releases Security Advisory for BlackBerry Enterprise Server

October 23rd, 2010 . by DarkFiber Consulting

RIM has released a security advisory to address a vulnerability in the PDF distiller of the BlackBerry attachment service for the BlackBerry Enterprise Server. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review BlackBerry security advisory KB24547 and apply any necessary updates to help mitigate the risks.

Oracle Releases Pre-Release Announcement for October 2010

October 23rd, 2010 . by DarkFiber Consulting

Oracle has issued a critical patch update pre-release announcement indicating that its October release will contain 81 new vulnerability fixes. Release of the critical patch update is scheduled for Tuesday, October 12, 2010.

DarkFiber Consulting encourages users and administrators to review the pre-release announcement. Additional information will be provided as it becomes available.

Microsoft Windows .LNK Vulnerability

August 6th, 2010 . by DarkFiber Consulting

DarkFiber Consulting is aware of a vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for .LNK files. Microsoft uses .LNK files, commonly referred to as “shortcuts,” as references to files or applications.

By convincing a user to display a specially crafted .LNK file, an attacker may be able to execute arbitrary code that would give the attacker the privileges of the user. Viewing the location of an .LNK file with Windows Explorer is sufficient to trigger the vulnerability. By default, Microsoft Windows has AutoRun/AutoPlay features enabled. These features can cause Windows to automatically open Windows Explorer when a removable drive is connected, thus opening the location of the .LNK and triggering the vulnerability. Other applications that display file icons can be used as an attack vector for this vulnerability as well. Depending on the operating system and AutoRun/AutoPlay configuration, exploitation can occur without any interaction from the user. This vulnerability can also be exploited remotely through a malicious website, or through a malicious file or WebDAV share.

Microsoft has released Microsoft Security Advisory 2286198 in response to this issue. Users are
encouraged to review the advisory and consider implementing the workarounds
listed to reduce the threat of known attack vectors. Please note that
implementing these workarounds may affect functionality. The workarounds include

  • disabling the display of icons for shortcuts
  • disabling the WebClient service
  • blocking the download of .LNK and .PIF files from the internet

Microsoft has released a tool, Microsoft Fix it 50486, to assist users in disabling .LNK and .PIF file functionality. Users and administrators are encouraged to review Microsoft Knowledgebase article 2286198 and use the tool or the interactive method provided in the article to disable .LNK and .PIF functionality until a security update is provided by the vendor.

Update: Microsoft has issued a Security Bulletin Advance Notification indicating that it will be releasing an out-of-band security bulletin to address this vulnerability. Release of the security bulletin is scheduled for August 2, 2010.

In addition to implementing the workarounds listed in Microsoft Security Advisory 2286198, DarkFiber Consulting encourages users and administrators to consider implementing the following best practice security measures to help further reduce the risks of this and other vulnerabilities:

  • Disable AutoRun as described in Microsoft Support article 967715.
  • Implement the principle of least privilege as defined in the Microsoft TechNet Library.
  • Maintain up-to-date antivirus software.

Additional information can be found in the DarkFiber Consulting Vulnerability Note VU#940193.

DarkFiber Consulting will provide additional information as it becomes available.

Cisco Releases Security Advisory for CDS Internet Streamer

August 6th, 2010 . by DarkFiber Consulting

Cisco has released a security advisory to address a vulnerability in the Cisco Internet Streamer application that is part of the Cisco Content Delivery System. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to obtain sensitive information, including password files and system logs. This information could be used to leverage subsequent attacks.

DarkFiber Consulting encourages users and administrators to review Cisco security advisory cisco-sa-20100721 and apply any necessary updates to help mitigate the risks.

Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat

June 23rd, 2010 . by DarkFiber Consulting

Adobe has released a security advisory to notify users of a vulnerability in Adobe Flash Player, Reader, and Acrobat. Exploitation of this vulnerability may allow an attacker to execute arbitrary code and take control of the affected system. The advisory indicates that Adobe is aware of active exploitation of this vulnerability.

DarkFiber Consulting encourages users and administrators to review Adobe security advisory APSA10-01 and apply any necessary workarounds until a fix is released by the vendor.

DarkFiber Consulting will provide additional information as it becomes available.

Adobe Releases a Security Update for Download Manager

March 1st, 2010 . by DarkFiber Consulting

Adobe has released a security bulletin to address a vulnerability in the Adobe Download Manager. This vulnerability could allow an attacker to download and install unauthorized software.

DarkFiber Consulting encourages users and administrators to review security bulletin APSB10-08 and review the steps to mitigate the issue.

Microsoft Releases Security Advisory 977981

December 10th, 2009 . by DarkFiber Consulting

Microsoft has released security advisory 977981 to address a vulnerability in Microsoft Internet Explorer. This vulnerability may allow an attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review Microsoft Security Advisory 977981  and implement the suggested workarounds listed in the advisory to help mitigate the risks.

Microsoft Releases Security Advisory 977544

December 10th, 2009 . by DarkFiber Consulting

Microsoft has released security advisory 977544 to address a vulnerability in the Server Message Block (SMB) protocol. This vulnerability may allow an attacker to cause a denial-of-service condition. This vulnerability only affects Windows 7 and Server 2008 software.

DarkFiber Consulting encourages users and administrators to review Microsoft security advisory 977544 and apply the workarounds.

SSL and TLS Vulnerable to Man-in-the-middle Attacks

December 10th, 2009 . by DarkFiber Consulting

DarkFiber Consulting is aware of reports of publicly available exploit code for a vulnerability within the SSL and TLS protocols. Reports indicate that exploitation of this vulnerability may allow an attacker to conduct a man-in-the-middle attack, allowing an attacker to inject plaintext into the beginning of the application protocol stream.

DarkFiber Consulting encourages OpenSSL users and administrators to review the OpenSSL 0.9.8l release and apply any updates.

DarkFiber Consulting has not received any reports of active exploitation and will continue to provide additional information as it becomes available.

Microsoft Releases Fix It for SMB Vulnerability

October 14th, 2009 . by DarkFiber Consulting

Microsoft has released Microsoft Knowledge Base Article 975497 to address a previously reported vulnerability in Microsoft Sever Message Block (SMB). This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Microsoft Knowledge Base Article 975497 and Microsoft Security Advisory 975497 and apply the Fix it tool or workarounds. Microsoft Knowledge Base Article 975497 addresses the vulnerability that was previously reported in the “Microsoft Releases Security Advisory 975497” Current Activity entry.

DarkFiber Consulting is aware that exploit code for this vulnerability has been made publicly available as part of the Metasploit Framework. Users and system administrators are strongly encouraged to apply the Microsoft Fix it solution or other workarounds until a patch is released.

« Previous Entries