Share |

InfoSec News

Cisco's Umi home videoconferencing system, the most extravagant and futuristic part of the company's consumer product line, seems to be in search of an identity amid the consumer reorganization that the company announced on Tuesday.
 
Microsoft Internet Explorer Layout Handling Use After Free Remote Memory Corruption Vulnerability
 
The Asus U31JG, designed for urban professionals on the move, boasts a stylish brushed-aluminum finish that coats the lid and wraps around the black plastic keyboard. It's not just a fashion statement either: The aluminum trim reinforces the plastic chassis, creating a sturdy ultraportable laptop that packs enough power to play games and run your presentations while remaining light enough for you to carry on your daily commute.
 
Microsoft PowerPoint Invalid 'PersistDirectoryEntry' Record Remote Code Execution Vulnerability
 
Two high-profile U.S. senators have introduced legislation designed to give consumers more control over what information about them is collected online, but privacy advocates said the bill will do little to curb wide-spread data-collection practices now in place
 
Officials from cloud computing vendors and others urged Congress to resist any calls to increase regulation of the cloud and related technologies.
 
IBM and Akamai have teamed to try to speed up access to public cloud applications for enterprises and application providers.
 
Cisco's exit from its Flip business and other consumer technologies comes less than 16 months after CEO John Chambers proudly announced the company's move into consumer electronics and video products at CES 2010.
 
Cisco is ending its Flip videocam business. Which factor do you think most led to the decision to dump it?
 
IBM has updated its Power systems lineup with higher-density blades and faster processors for its mid-range Power 750 server, looking to keep its momentum in Unix sales as the market inches back to life.
 
Graphics processors have always been popular in workstations, but are increasingly handling a larger computational load and bringing supercomputer-like capabilities to complex scientific and math applications, according to an HP executive.
 
Microsoft Excel 'RealTimeData' Record Parsing Remote Code Execution Vulnerability
 
Officials from cloud vendor firms along with others urged Congress to resist any calls to increase regulation of cloud services and technologies.
 
Lawmakers question how to protect the U.S. government from failed IT projects.
 
NASA has announced the four facilities that will receive a somewhat used space shuttle to display once the fleet is officially retired.
 
Lenovo on Tuesday announced a hosted applications service that can detect the hardware capabilities of an end user's laptop and tailor the service accordingly.
 
Microsoft's announcement this week that it would begin offering its Dynamics ERP software via the Azure cloud platform drew significant interest from attendees of the Convergence conference in Atlanta, but some users and partners have questions Microsoft has yet to answer about its plans.
 
Microsoft today patched a record 64 vulnerabilities in Windows, Office, IE and other software, including 30 bugs in the Windows kernel device driver and one in IE that was exploited at the Pwn2Own hacking contest.
 
IBM Rational Licensing Multiple Local Privilege Escalation Vulnerabilities
 
Microsoft Excel Drawing Layer Dangling Pointer Remote Code Execution Vulnerability
 
Microsoft Windows 'BROWSER ELECTION' Buffer Overflow Vulnerability
 
Computer Associates WebScan ActiveX Control Multiple Remote Code Execution Vulnerabilities
 
Amazon.com announced a new Kindle with 'special offers' for $114. It's priced $25 less than the bestselling $139 Kindle but still above the magic $100 price tag that analysts say will make the e-reader affordable to most consumers.
 
A New York man who claims he's entitled to a sizable stake in Facebook has amended his initial complaint, adjusting his ownership claim and providing additional documents, including e-mails he allegedly exchanged with Mark Zuckerberg.
 
Nokia's Ovi Store app downloads have reached 5 million per day, and the number of apps in the store exceeds 40,000, which represents an eightfold increase in its first year, Nokia said.
 
HTB22928: Multiple SQL Injections in WebsiteBaker
 
Here are the April 2011 Black Tuesday patches. Enjoy!


Overview of the April 2011 MicrosoftPatchesand their status.





#
Affected
Contra Indications
Known Exploits
Microsoft rating
ISC rating(*)


clients
servers



MS11-018
Cumulative Security Update for Internet Explorer ( Replaces MS11-003 )


Internet Explorer 6-8

CVE-2011-0094

CVE-2011-0346

CVE-2011-1244

CVE-2011-1245

CVE-2011-1345
KB 2497640
ACTIVELY EXPLOITED.
Severity:Critical

Exploitability: 1,1,?,3,1
PATCH NOW!
Critical



MS11-019
Vulnerabilities in SMB Client Could Allow Remote Code Execution ( Replaces MS10-020 )


Windows

CVE-2011-0654

CVE-2011-0660
KB 2511455
POCAvailable.
Severity:Critical

Exploitability: 2,1
Critical
Critical



MS11-020
Vulnerability in SMB Server Could Allow Remote Code Execution ( Replaces MS10-012 MS10-054 )


Windows

CVE-2011-0661
KB 2508429
No Known Exploits.
Severity:Critical

Exploitability: 1
Critical
Critical



MS11-021
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution ( Replaces MS10-080 MS10-087 )


Office XP SP3-2010, Office 2004-2011 for Mac, Open XML File Format Converter, Excel Viewer SP2, Office Compatibility Pack for 2007 file formats

CVE-2011-0097

CVE-2011-0098

CVE-2011-0101

CVE-2011-0103

CVE-2011-0104

CVE-2011-0105

CVE-2011-0978

CVE-2011-0979

CVE-2011-0980
KB 2489279
No Known Exploits.
Severity:Important

Exploitability: 1,1,1,2,2,2,1,1,1
Important
Important



MS11-022
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution ( Replaces MS09-017 MS10-036 MS10-087 MS10-088 )


PowerPoint

CVE-2011-0655

CVE-2011-0656

CVE-2011-0976
KB 2489283
No Known Exploits.
Severity:Important

Exploitability: 2,2,1
Important
Important



MS11-023
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution ( Replaces MS10-087 )


Office XP - 2007, Office 2004 - 2008 for Mac, Open XML File Format Converter

CVE-2011-0107

CVE-2011-0977
KB 2489293
POC Available.
Severity:Important

Exploitability: 1,2
Important
Important



MS11-024
Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution


Fax Services, Fax Server Role

CVE-2010-3974
KB 2527308
POC Available.
Severity:Important

Exploitability: 3
Critical
Important



MS11-025
Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution


Visual Studio .NET 2003 - 2010, Visual C++ 2005 - 2010 Redistributable Package

CVE-2010-3190
KB 2500212
No Known Exploits.
Severity:Important

Exploitability: 1
Important
Important



MS11-026
Vulnerability in MHTML Could Allow Information Disclosure


MHTML

CVE-2011-0096
KB 2503658
ACTIVELY EXPLOITED.
Severity:Important

Exploitability: 3
PATCH NOW!
Important



MS11-027
Cumulative Security Update of ActiveX Kill Bits ( Replaces MS10-034 )


Windows XP- 7, Server 2003-2008

CVE-2010-0811

CVE-2010-3973

CVE-2011-1243
KB 2508272
POC Available.
Severity:Critical

Exploitability: ?,?,?
Critical
Critical



MS11-028
Vulnerability in .NET Framework Could Allow Remote Code Execution ( Replaces MS09-061 MS10-060 MS10-077 )


.NET framework (all supported version)

CVE-2010-3958
KB 2484015
No Known Exploits.
Severity:Critical

Exploitability: 1
Critical
Critical



MS11-029
Vulnerability in GDI+ Could Allow Remote Code Execution ( Replaces MS09-062 MS10-087 )


Windows XP-Vista, Windows Server 2003-2008, Office XP

CVE-2011-0041
KB 2489979
No Known Exploits.
Severity:Critical

Exploitability: 1
Critical
Critical



MS11-030
Vulnerability in DNS Resolution Could Allow Remote Code Execution ( Replaces MS08-020 MS08-037 MS08-066 )


Windows XP - 7, Windows Server 2008

CVE-2011-0657
KB 2509553
No Known Exploits.
Severity:Critical

Exploitability: 2
Critical
Critical



MS11-031
Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution ( Replaces MS09-045 MS10-022 MS11-009 )


OpenType Compact Font Format (CFF) driver

CVE-2011-0663
KB 2514666
No Known Exploits.
Severity:Critical

Exploitability: 2
Critical
Important



MS11-032
Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution ( Replaces MS11-007 )


OpenType Compact Font Format (CFF) driver

CVE-2011-0034
KB 2507618
No Known Exploits.
Severity:Critical

Exploitability: 3
Critical
Important



MS11-033
Vulnerability in WordPad Text Converters Could Allow Remote Code Execution ( Replaces MS10-067 )


Microsoft Wordpad

CVE-2011-0028
KB 2485663
No Known Exploits.
Severity:Important

Exploitability: 1
Important
Important



MS11-034
Elevation of Privilege Vulnerabilities in Windows Kernel-Mode Drivers (Replaces MS10-012 )


Kernel Mode Drivers

CVE-2011-0662

CVE-2011-0665

CVE-2011-0666

CVE-2011-0667

CVE-2011-0670

CVE-2011-0671

CVE-2011-0672

CVE-2011-0673

CVE-2011-0674

CVE-2011-0675

CVE-2011-0676

CVE-2011-0677

CVE-2011-1225

CVE-2011-1226

CVE-2011-1227

CVE-2011-1228

CVE-2011-1229

CVE-2011-1230

CVE-2011-1231

CVE-2011-1232

CVE-2011-1233

CVE-2011-1234

CVE-2011-1235

CVE-2011-1236

CVE-2011-1237

CVE-2011-1238

CVE-2011-1239

CVE-2011-1240

CVE-2011-1241

CVE-2011-1242
KB 2506223
No Known Exploits.
Severity:Important

Exploitability: 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 ,1 , 1 , 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 1, 1, 3, 1, 1, 1, 1
Important
Important







We will update issues on this page for about a week or so as they evolve.

We appreciate updates

US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:

PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
Critical: Anything that needs little to become interesting for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
Important: Things where more testing and other measures can help.
Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.


The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.
Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.
All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them


---------------

Jim Clausing, GIAC GSE #26

jclausing --at-- isc [dot] sans (dot) edu



SANS SEC401 coming to central OH in May, see http://www.sans.org/mentor/details.php?nid=24678 (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

SailPoint CTO to Speak at CSO Perspectives, InfoSec World and the European ...
Bradenton Herald
SailPoint's CTO, Darran Rolls, will be discussing how organizations are effectively addressing these challenges at three upcoming key industry conferences: CSO Perspectives, InfoSec World and the European Identity Conference. ...

and more »
 
Cisco is eliminating its Flip portable video camera as part of a restructuring move that will include exiting other consumer-oriented lines of business and reducing headcount by 550 workers.
 
While IBM's supercomputer may have demonstrated the latest in artificial intelligence, it's not self-aware or capable of intelligent conversation. But that doesn't mean A.I. won't change our lives, according to experts who spoke at an MIT symposium.
 
AT&T announced big price cuts for pre-paid data plans on Tuesday and said its first GoPhone smartphone for pre-paid customers, the LG Thrive, will go on sale April 17
 
Gigabyte Technology has begun taking orders for its S1080 Windows 7 tablet in its home market of Taiwan, and expects to start sales in other parts of the world next month.
 
Tuesday marks two major anniversaries in the history of space travel -- cosmonaut Yuri Gagarin became the first human in space 50 years ago and the first U.S. space shuttle craft was launched 30 years ago.
 
Google on Monday denied an allegation by rival Microsoft that it lied about an important government certification for Google Apps for Government.
 
[IMF 2011] Call for Participation
 
Stack overflow in Microsoft HTML Help 6.1 (CHM files)
 
HTB22925: Path disclosure in Plogger
 
HTB22930: Multiple XSS in WebCalendar
 
India’s BPO market is booming, but there are challenges for outsourcers
 
Law enforcement organizations are making tens of thousands of requests for private electronic information from companies such as Sprint, Facebook and AOL, but few detailed statistics are available.
 
Medium severity flaw in Konqueror
 
[USN-1108-1] DHCP vulnerability
 

Infosec 2011: Compliance the biggest security juggernaut, says security expert
ComputerWeekly.com
The biggest security compliance juggernaut for businesses is concentrating on achieving compliance rather than changing they way they work, says Des Ward, president of the Cloud Security Alliance UK and Ireland chapter. "We need to get back to what the ...

and more »
 
Nokia launched an updated version of its Symbian^3 mobile operating system, along with two phones running the software, the X7 and the E6.
 
Intel hinted that it is developing another next-generation chip for tablets, called "Cloverview," as part of its ongoing strategy to make its Atom processors more power-efficient.
 
Microsoft will patch a large number of Windows kernel-mode device driver vulnerabilities later today, the researcher who reported them said.
 
For the third year, computer science enrollments have increased, ending the precipitous decline in enrollments that followed the bursting of the dot-com bubble in 2000-2001.
 
ViewSonic's ViewPad 10 lets you work with both Android and Windows in a neat, well-constructed device. But it's not cheap, and its version of Android is out of date.
 
VideoSpirit Pro and Lite '.visprj' File Multiple Buffer Overflow Vulnerabilities
 
InfoSec News: France investigates cyber espionage at defence helicopter firm: http://www.theinquirer.net/inquirer/news/2042435/france-investigates-cyber-espionage-defence-helicopter-firm
By Asavin Wattanajantra The Inquirer April 11 2011
FRENCH AUTHORITIES are investigating a suspected case of cyber hacking and espionage at a helicopter engine company. [...]
 
InfoSec News: U.S. needs cyber-emergency response, lawmaker says: http://www.computerworld.com/s/article/9215715/U.S._needs_cyber_emergency_response_lawmaker_says
By Grant Gross IDG News Service April 11, 2011
The U.S. needs a cybersecurity emergency response capability to help businesses under major attacks, a U.S. senator said Monday. [...]
 
InfoSec News: Yet Another Security Firm Breached: Employee Email, User Accounts Leaked: http://www.darkreading.com/database-security/167901020/security/attacks-breaches/229401358/yet-another-security-firm-breached-employee-email-user-accounts-leaked.html
By Kelly Jackson Higgins Darkreading April 11, 2011
Another week, another security firm breach: Hackers have posted [...]
 
InfoSec News: GCHQ says BlackBerry is safest: http://www.itpro.co.uk/632704/gchq-says-blackberry-is-safest
By Tom Brewster IT Pro 11 April 2011
BlackBerrys are the only recommended smartphones for handling highly sensitive Government data, according to a GCHQ division.
The UK's National Technical Authority for Information Assurance at GCHQ [...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, April 3, 2011: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, April 3, 2011
27 Incidents Added.
======================================================================== [...]
 
InfoSec News: Information security in Manpower Ministry gets ISO: http://main.omanobserver.om/node/47100
Oman Daily Observer 12 April 2011
MUSCAT - A celebration was held at the Ministry of Manpower honouring the Information System Department for getting the ISO 27001 certificate for managing the information security. [...]
 
InfoSec News: UW team wins Cyber Defense Competition: http://seattletimes.nwsource.com/html/localnews/2014746226_uwcyberwin12m.html
By Brittney Wong Staff Reporter Seattle Times April 11, 2011
After two years of not placing, a University of Washington team took home the first-place trophy from this year's National Collegiate Cyber [...]
 

Posted by InfoSec News on Apr 11

http://www.theinquirer.net/inquirer/news/2042435/france-investigates-cyber-espionage-defence-helicopter-firm

By Asavin Wattanajantra
The Inquirer
April 11 2011

FRENCH AUTHORITIES are investigating a suspected case of cyber hacking
and espionage at a helicopter engine company.

Turbomeca, a subsidiary of the defence firm Safran, had its computer
networks hacked and data about propeller systems stolen, according to a
report in Le Monde....
 

Posted by InfoSec News on Apr 11

http://www.computerworld.com/s/article/9215715/U.S._needs_cyber_emergency_response_lawmaker_says

By Grant Gross
IDG News Service
April 11, 2011

The U.S. needs a cybersecurity emergency response capability to help
businesses under major attacks, a U.S. senator said Monday.

"Who do you call if your CIO is overwhelmed, if you're a local bank or
utility?" Senator Sheldon Whitehouse said during a forum on
cybersecurity at the...
 

Posted by InfoSec News on Apr 11

http://www.darkreading.com/database-security/167901020/security/attacks-breaches/229401358/yet-another-security-firm-breached-employee-email-user-accounts-leaked.html

By Kelly Jackson Higgins
Darkreading
April 11, 2011

Another week, another security firm breach: Hackers have posted
employee, partner, and customer credentials stolen from Barracuda
Networks in what began with a SQL injection attack on the security
firm's website....
 

Posted by InfoSec News on Apr 11

http://seattletimes.nwsource.com/html/localnews/2014746226_uwcyberwin12m.html

By Brittney Wong
Staff Reporter
Seattle Times
April 11, 2011

After two years of not placing, a University of Washington team took
home the first-place trophy from this year's National Collegiate Cyber
Defense Competition.

"We all jumped and yelled," said team captain Alexei Czeskis of the
team's reaction to the win. "We were a little bit...
 
KDE Konqueror Error Page Cross Site Scripting Vulnerability
 

Posted by InfoSec News on Apr 11

http://www.itpro.co.uk/632704/gchq-says-blackberry-is-safest

By Tom Brewster
IT Pro
11 April 2011

BlackBerrys are the only recommended smartphones for handling highly
sensitive Government data, according to a GCHQ division.

The UK's National Technical Authority for Information Assurance at GCHQ
(CESG) has published smartphone security guidance for public sector
workers.

The advice published today covers various phones, including the...
 

Posted by InfoSec News on Apr 11

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, April 3, 2011

27 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported
data loss incidents world-wide. The Open Security Foundation asks for
contributions of new incidents and new data for...
 

Posted by InfoSec News on Apr 11

http://main.omanobserver.om/node/47100

Oman Daily Observer
12 April 2011

MUSCAT - A celebration was held at the Ministry of Manpower honouring
the Information System Department for getting the ISO 27001 certificate
for managing the information security.

The certification was granted by Norway’s Det Norske Veritas (DNV) under
the patronage of Hamad bin Khamis al Amri, Under-Secretary of Manpower
Ministry.

The certificate makes the...
 


Internet Storm Center Infocon Status