Posts Tagged ‘Technical Cyber Security Alert’

Microsoft Internet Explorer Vulnerabilities

Source: US-CERT

Systems Affected

* Microsoft Internet Explorer

Overview

Microsoft has released out-of-band updates to address critical
vulnerabilities in Internet Explorer.

I. Description

Microsoft has released updates for multiple vulnerabilities in
Internet Explorer, including the vulnerability detailed in
Microsoft Security Advisory (981374) and US-CERT Vulnerability Note
VU#744549.

II. Impact

By convincing a user to view a specially crafted HTML document or
Microsoft Office document, an attacker may be able to execute
arbitrary code with the privileges of the user.

III. Solution

Apply updates

Microsoft has released updates to address these vulnerabilities.
Please see Microsoft Security Bulletin MS10-018 for more
information.

Apply workarounds

Microsoft has provided workarounds for some of the vulnerabilities
in MS10-018.

IV. References

* Microsoft Security Bulletin MS10-018 -
<http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx>

* Microsoft Security Advisory (981374) -
<http://www.microsoft.com/technet/security/advisory/981374.mspx>

* Microsoft Internet Explorer iepeers.dll use-after-free
vulnerability -
<http://www.kb.cert.org/vuls/id/744549>

Microsoft Updates for Multiple Vulnerabilities

Source: US-CERT

Systems Affected

* Microsoft Windows
* Microsoft Office

Overview

Microsoft has released updates to address vulnerabilities in
Microsoft Windows and Microsoft Office.

I. Description

Microsoft has released security bulletins for multiple
vulnerabilities in Microsoft Movie Maker, Microsoft Office Producer
2003, and Microsoft Office Excel. These bulletins are described in
the Microsoft Security Bulletin Summary for March 2010. Microsoft
notes that affected versions of Microsoft Movie Maker were either
included with Microsoft Windows or available as an optional
download.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code or
cause a vulnerable application to crash.

III. Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for March 2010. The security
bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any
potentially adverse effects. Administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS).

Microsoft notes that there is no security update available for
Microsoft Producer 2003 at this time of this writing. Users can
mitigate the impact to systems with Microsoft Producer 2003 by
applying the automated solution to remove the Microsoft Producer
file associations using the Fix it found in Microsoft Knowledge
Base Article 975561, and by applying the workarounds in Microsoft
Security Bulletin MS10-016.

IV. References

* Microsoft Security Bulletin Summary for March 2010 -
<http://www.microsoft.com/technet/security/bulletin/MS10-mar.mspx>

* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>

* Microsoft Knowledge Base Article 975561 -
<http://support.microsoft.com/kb/975561>

* Microsoft Security Bulletin MS10-016 -
<http://www.microsoft.com/technet/security/bulletin/ms10-016.mspx>

Microsoft Updates for Multiple Vulnerabilities

Source: US-CERT

Systems Affected

* Microsoft Windows and Windows Server
* Microsoft Internet Explorer
* Microsoft Office

Overview

Microsoft has released updates to address vulnerabilities in
Microsoft Windows, Windows Server, Internet Explorer, and Microsoft
Office.

I. Description

Microsoft has released multiple security bulletins for critical
vulnerabilities in Microsoft Windows, Windows Server, Internet
Explorer, and Microsoft Office. These bulletins are described in
the Microsoft Security Bulletin Summary for February 2010.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code,
gain elevated privileges, or cause a vulnerable application or
system to crash.

III. Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for February 2010. The security
bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any
potentially adverse effects. Administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS).

IV. References

* Microsoft Security Bulletin Summary for February 2010 -
<http://www.microsoft.com/technet/security/bulletin/MS10-feb.mspx>

* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>

Microsoft Internet Explorer Vulnerabilities

Source: US-CERT

Systems Affected

* Microsoft Internet Explorer

Overview

Microsoft has released out-of-band updates to address critical
vulnerabilities in Internet Explorer.

I. Description

Microsoft has released updates for multiple vulnerabilities in
Internet Explorer, including the vulnerability detailed in
Microsoft Security Advisory 979352 and US-CERT Vulnerability Note
VU#49251.

II. Impact

By convincing a user to view a specially crafted HTML document or
Microsoft Office document, an attacker may be able to execute
arbitrary code with the privileges of the user.

III. Solution

Apply updates

Microsoft has released updates to address these vulnerabilities.
Please see Microsoft Security Bulletin MS10-002 for more
information.

Apply workarounds

Microsoft has provided workarounds for some of the vulnerabilities
in MS10-002.

IV. References

* Microsoft Security Bulletin MS10-002 -
<http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx>

* Microsoft Security Advisory 979352 -
<http://www.microsoft.com/technet/security/advisory/979352.mspx>

* US-CERT Vulnerability Note VU#49251 -
<http://www.kb.cert.org/vuls/id/492515>

Adobe Reader and Acrobat Vulnerabilities

Source: US-CERT

Systems Affected

* Adobe Reader and Acrobat 9.2 and earlier 9.x versions
* Adobe Reader and Acrobat 8.1.7 and earlier 8.x versions

Overview

Adobe has released Security bulletin APSB10-02, which describes
multiple vulnerabilities affecting Adobe Reader and Acrobat.

I. Description

Adobe Security Advisory APSB10-02 describes a number of
vulnerabilities affecting Adobe Reader and Acrobat. These
vulnerabilities affect Reader  9.2 and earlier 9.x versions and
8.1.7 and earlier 8.x versions.  Further details are available in
the US-CERT Vulnerability Notes Database.

An attacker could exploit these vulnerabilities by convincing a
user to open a specially crafted PDF file. The Adobe Reader browser
plug-in is available for multiple web browsers and operating
systems, which can automatically open PDF documents hosted on a
website.

Some of these vulnerabilities are being actively exploited.

II. Impact

These vulnerabilities could allow a remote attacker to execute
arbitrary code, write arbitrary files or folders to the file
system, escalate local privileges, or cause a denial of service on
an affected system as the result of a user opening a malicious PDF
document.

III. Solution

Update

Adobe has released updates to address this issue. Users are
encouraged to read Adobe Security Bulletin APSB10-02 and update
vulnerable versions of Adobe Reader and Acrobat.

Disable JavaScript in Adobe Reader and Acrobat

Disabling JavaScript may prevent some exploits from resulting in
code execution. Acrobat JavaScript can be disabled using the
Preferences menu (Edit -> Preferences -> JavaScript; un-check
Enable Acrobat JavaScript).

Prevent Internet Explorer from automatically opening PDF documents

The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to a safer option that
prompts the user by importing the following as a .REG file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\AcroExch.Document.7]
“EditFlags”=hex:00,00,00,00

Disable the display of PDF documents in the web browser

Preventing PDF documents from opening inside a web browser will
partially mitigate this vulnerability. If this workaround is
applied it may also mitigate future vulnerabilities.

To prevent PDF documents from automatically being opened in a web
browser, do the following:

1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the preferences option.
4. Choose the Internet section.
5. Un-check the “Display PDF in browser” check box.

Do not access PDF documents from untrusted sources

Do not open unfamiliar or unexpected PDF documents, particularly
those hosted on websites or delivered as email attachments. Please
see Cyber Security Tip ST04-010.

IV. References

* Adobe Security Bulletin APSB10-02 -
<http://www.adobe.com/support/security/bulletins/apsb10-02.html>

* Vulnerability Note VU#508357 -
<https://www.kb.cert.org/vuls/id/508357>

* Vulnerability Note VU#773545 -
<https://www.kb.cert.org/vuls/id/773545>