Vulnerability

The H-Online Security: Microsoft has confirmed a report from Budapest-based Laboratory of Cryptography and System Security (CrySyS), which claimed that the Duqu bot spreads by exploiting a zero day vulnerability in the Windows kernel. How it spreads had previously been unknown. CrySyS discovered the Windows vulnerability whilst analysing the installer. The bot, which anti-virus software firm Symantec believes is related to Stuxnet, infects target systems using a specially crafted Word file which injects the malware into the system using a kernel exploit. Microsoft is already working on a patch. ...

The H-Security: Adobe has released new versions of Reader and Acrobat to close several critical security holes. Versions 10.x, 9.x and 8.x of both products for Windows, Linux and Mac are affected. Adobe recommends that Reader X and Acrobat X users update to version 10.1.1 as this version offers added protection under Windows through its sandbox. However, the vendor has also made Adobe Reader 9.4.6 and 8.3.1, as well as Adobe Acrobat 9.4.6 and 8.3.1, available to download. Adobe Reader 9.4.6 for UNIX is due to be released on 7 November. ...

The H-Security: Microsoft has released two updates for Windows and three for Office to close various security holes. All five updates have only been rated “important” by the company. A hole in WINS enables local attackers to escalate their privileges on a system. Another patch prevents a new variant of binary planting, or DLL hijacking, attacks that can cause Windows to load DLLs from shared network volumes without the user’s permission. This allows attackers to execute code on a computer via specially crafted DLLs. Microsoft has been struggling to contain the insecure DLL loading problem with numerous patches released since mid 2010. ...

H-Online: A vulnerability in its forum software has been exploited by a hacker to compromise mobile phone maker Nokia‘s developer forum. The attacker used SQL injection to access the forum database at developer.nokia.com and, according to Nokia, obtained email addresses of registered users. Where configured to be publicly available, the table also includes details such as the user’s date of birth, web site URL and Skype, ICQ or other IM username; this is reported to be the case for around 7 per cent of users. The database did not contain passwords or credit card information. The issue does not, according to Nokia, affect any other Nokia accounts. ...

This article is originally posted at Norman Security Blog, Credit to my friend ‘Pondus’ for sharing. Introduction During recent months, we have seen several examples of attempts and suggestions to restrict access to different types of net resources, and in some cases the Internet itself. Is this a method that accomplishes its end, or is it more of a “shooting the messenger” type of action? We shall give some examples and discuss different issues in this article. ...

H-Online: The German Federal Office for Information Security (BSI) is warning of online shops which infect users with malicious software by exploiting security vulnerabilities in the user’s browser, operating system or applications. The affected shops have themselves been hacked by attackers exploiting security vulnerabilities in outdated versions of open source online shop software osCommerce. As reported by The H two weeks ago, osCommerce shops are currently being hacked en masse. The vulnerabilities used for the hack were fixed in November last year with the release of osCommerce 2.3, but many companies running online shops have yet to update to a secure version. ...

H-Online: Officially, Adobe’s current update for Flash Player has closed only 13 holes, but unofficially it is said to have closed several hundred. Security specialist Tavis Ormandy, who works for Google, claims that he discovered 400 holes and notified Adobe of them. The specialist has now complained that, while the holes have been closed, they haven’t been mentioned in the official advisory, and he hasn’t been given credit for their discovery. ...

SOFTPEDIA: According to statistics gathered by cloud security provider Zscaler, 56.4% of enterprise users have out of date Adobe Reader plug-in versions inside their browsers. The company gathered statistics about browser plug-ins and presented the results in its “State of the Web” report [pdf] for the second quarter of 2011. “Nearly every browser is running some combination of plug-ins, add-ons or extensions. As with most software, older versions of plug-ins typically have more security vulnerabilities. This adds up to a tempting target for hackers,” the company warns. ...

H-Online: Security specialist Sophos reports that it has discovered new spam email messages that claim to be an advisory related to an update to the open source Firefox web browser. The fake advisory asks users to update their Firefox installations, “for security reasons”, and includes a download link to the supposed update. According to Graham Cluley of Sophos, the download leads to an executable file that bundles an installer for the Windows version of Firefox 5.0.1 and a password-stealing trojan (Troj/PWS-BSF). As noted by Cluley, users should always exercise caution when clicking on links in emails. ...

The Hacker News: Microsoft has announced that it will release 13 bulletins to address 22 vulnerabilities in Windows, Office, Internet Explorer, .NET and Visual Studio on its next Patch Tuesday. Another “critical” bulletin affects Windows server operating systems, and addresses a code-execution risk on unpatched systems. Also of note is an update restricted to newer versions of Windows (Windows 7 and Windows 2008) that tackles a potential, though difficult to exploit, code-execution risk. ...