Internet Security Systems - AlertCon(TM)

Redirecting

Posted by RF on May 22, 2013 at 3:56 PM EDT.

April 2013 Super Tuesday

Posted by YongChuan Koh on April 09, 2013 at 1:36 PM EDT.

The Microsoft security update for Apr is relatively 'light' in terms of impact. Of the nine bulletins, only two are rated 'Critical' and seven are rated 'Important'. KB2828223 addresses a single use-after-free in RDP while (not surprising) KB2817183 addresses two use-after-free in IE. I am still waiting for the day which IE is not affected in the monthly MS update :)


KB2828223: Vulnerability in Remote Desktop Client Could Allow Remote Code Execution
This vulnerability exists in mstcax.dll when it tries to access a deleted object. The RDP ActiveX could be loaded easily in webpage. Therefore users are advised to exercise caution during browsing. RDP connection 6.0/6.1/7.0 clients are affected.

 

KB2817183: Cumulative Security Update for Internet Explorer
This bulletin covers CVE-2013-1303 and CVE-2013-1304. Both are use-after-free vulnerabilities leading to remote code execution and affects IE 6-10. However the 0-days that Vupen used at Pwn2Own 2013 are still alive. Perhaps next month? Nonetheless this update should still be applied to all systems immediately.

IBM X-Force 2012 Annual Trend & Risk report has released!

Posted by Leslie Horacek on March 27, 2013 at 9:16 AM EDT.

Key highlights in the IBM X-Force 2012 Trend & Risk Report

March 2013 Super Tuesday Update

Posted by Zubair Ashraf on March 12, 2013 at 1:31 PM EDT.

After having quite a busy patch Tuesday last month and seeing a lot of browser updates in the last week this month's MS Patch Tuesday is pretty usual.
 
We have a few critical Remote Code Execution vulnerabilities being patched in IE with exploit for CVE-2013-1288 being publicly available.
 
One interesting update is MS13-027 which fixes a vulnerability in the USB Driver. This vulnerability enables anyone with the ability to get a malicious USB plugged in to the system to execute arbitrary code as kernel. This attack vector has been seen to be exploited in the past, especially for targeted attacks. I would like to take this opportunity to emphasize the importance of user education on this and other safe practices. 
 
So there you have it, a pretty short entry for patch Tuesday, until next time, have a safe time, and remember its not a good idea to plug in untrusted USB drives into your system, and if somebody from the audience (a fan of yours) asks you for a copy of your presentation at a conference and hands you a USB, thank him for his interest and let him download your slides from your or conference's website.

February 2013 Super Tuesday Update

Posted by YongChuan Koh on February 12, 2013 at 3:42 PM EST.

The Microsoft security update for Feb is huge; there are five 'Critical' and seven 'Important' bulletins covering 57 CVEs. Among these, KB2792100 (Critical, Internet Explorer) addresses 13 CVEs and KB2778344 (Important, Windows Kernel-Mode Drivers) addresses 30 CVEs. It seems that these two components remains an attractive target for attackers. There are 2 bulletins for IE; one for DOM parsing and the other in VML.

Here is a summary of the critical updates, which I feel should be applied to affected systems immediately.

  • MS13-009 (KB2792100) Cumulative Security Update for Internet Explorer
    The majority of the 13 CVEs covered in this bulletin are use-after-free vulnerabilities leading to remote code execution, and affects IE 6-10. This update should be applied to all systems immediately. As a 2nd-line of defense, users are also encouraged to use browsers with sandboxing-capabilities to limit the impact.

  • MS13-010 (KB2797052) Vulnerability in Vector Markup Language Could Allow Remote Code Execution
    The single vulnerability in this bulletin exists in the way IE handles VML objects, leading to memory corruption. This affects IE6-10. Users have to be persuaded to visit a malicious webpage. This update should be applied to all systems immediately.

  • MS13-011 (KB2780091) Vulnerability in Media Decompression Could Allow Remote Code Execution
    This bulletin addresses a single publicly reported vulnerability in the decompression of media content in Microsoft DirectShow. The media content could either be a crafted media file (eg: .MPG) or streaming content. Attackers could also embed such malicious files in Office documents and web pages to reach more victims. This update should be applied immediately.

  • MS13-012 (KB2809279) Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution
    This bulletin addresses two publicly disclosed vulnerabilities, with the more severe allowing remote code execution in Microsoft Exchange Server. These vulnerabilities are due to the Outlook Web App's (OWA) WebReady Document Viewing feature, which uses Oracle's Outside-In technology, to render some types of file formats. This update should be applied immediately.

  • MS13-020 (KB2802968) Vulnerability in OLE Automation Could Allow Remote Code Execution
    This bulletin addresses a single privately reported vulnerability in OLE Automation affecting only Windows XP SP3. However this can be embedded in Office documents, wordpad documents and web pages. So users should still be cautious and apply this update immediately.

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.