InfoSec News

RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities
 
The Sheriff's Office in Mesa County, Colorado mistakenly posted to a publicly available Web site a database containing names, Social Security numbers and contact information on confidential drug informants, suspects, and victims in criminal investigations.
 
Cryptainer LE encrypts your data and stores it in a large file that, once you've provided a password, mounts as a virtual drive. You may use the virtual drive as just as you would any other drive under Windows: drag and drop, copy, delete, move, and so on. Cryptainer LE also provides a program interface to configure the program and enable the drives.
 
Microsoft Internet Explorer Uninitialized Object CVE-2010-3340 Memory Corruption Vulnerability
 
Yahoo confirmed that it has laid off 600 people, following news reports often based on Twitter messages from employees who had been let go.
 
Microsoft Internet Explorer CSS Tags Uninitialized Memory Remote Code Execution Vulnerability
 
Many groups that want net neutrality rules don't like a proposal from the FCC's chairman.
 
Microsoft Internet Explorer Select HTML Element Use-After-Free Memory Corruption Vulnerability
 
Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
 
Microsoft SharePoint Malformed SOAP Request Remote Code Execution Vulnerability
 
[ MDVSA-2010:253 ] bind
 
USBsploit 0.5b - added: Railgun[only] - process migration - EXE, PDF, LNK replacements - split usbsploit.rb
 
Microsoft today patched 40 vulnerabilities in Windows, Internet Explorer (IE), Office, SharePoint and Exchange, including nine pegged "critical."
 
Digital portfolios trump resumes, more workers telecommute, social media continues its spread, and mobile marches over desktops. Check out these key technology work trends for the year ahead.
 
Rackspace has added managed services to its cloud offering, joining some of its smaller competitors.
 

GovInfoSecurity.com

Involving Non-Tech Agency Brass in Infosec
GovInfoSecurity.com
The National Institute of Standards and Technologies issued Tuesday the final public draft of new guidance that introduces a three-tiered risk-management ...

and more »
 
For the last couple weeks I've been focusing on Windows basics ("Windows Explorer Explained: Tips for Newbies" and "Windows Explorer Tips: Select Files Fast, Show Extensions, Rename Setup Files"). This week let's move on to a new topic: getting Mozilla Firefox to run more efficiently. Read on if you've ever been frustrated by slow performance in Firefox.
 
The main WikiLeaks Web site is back up in the U.S. less than 10 days after domain name service provider EveryDNS terminated its domain name, citing stability concerns.
 
VUPEN Security Research - RealPlayer RA5 Data Handling Heap Overflow Vulnerability (VUPEN-SR-2010-31)
 
VUPEN Security Research - RealPlayer RealMedia Data Handling Heap Overflow Vulnerabilities (VUPEN-SR-2010-28, VUPEN-SR-2010-29, VUPEN-SR-2010-30)
 
VUPEN Security Research - RealPlayer AAC Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-005)
 
Microsoft .NET Framework JIT Compiler Optimization Remote Code Execution Vulnerability
 
Microsoft Internet Connection Wizard DLL Loading Arbitrary Code Execution Vulnerability
 
Honggfuzz
 
Microsoft addressed a zero-day vulnerability used by the notorious Stuxnet worm and moved to block ongoing attacks targeting several Internet Explorer zero-day flaws.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Oracle and Swiss mobile software platform vendor Myriad Group are locked in a legal battle over Java licensing issues, one with an apparent connection to Google.
 
Before he was sentenced to serve six years in prison for stealing, one-time Auto Warehousing Co. CIO Dale Frantz wrote to the judge in the case to explain himself. This is his letter.
 
Dale Frantz, the onetime CIO of Auto Warehousing Co., was a rising star at the company who earned $250,000 -- and the respect of his peers. He was also a thief.
 
Toshiba announced its first 2.5-inch SAS SSDs for the enterprise. The new products sport fast sustained read rates of up to 510MB/sec.
 
WikiLeaks founder Julian Assange was granted bail on Tuesday in a London court, but the police will keep his passport and he'll have to wear an electronic tag, according to the BBC.
 
Microsoft Windows Kernel 'CreateDIBPalette()' Function Local Privilege Escalation Vulnerability
 
Microsoft Windows Address Book 'wab32res.dll' DLL Loading Arbitrary Code Execution Vulnerability
 
Microsoft Windows Media Encoder 9 DLL Loading Arbitrary Code Execution Vulnerability
 
Microsoft Windows Movie Maker 'hhctrl.ocx' DLL Loading Arbitrary Code Execution Vulnerability
 
VUPEN Security Research - RealPlayer Sound Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-004)
 
Overview of the December 2010 MicrosoftPatchesand their status.





#
Affected
Contra Indications
Known Exploits
Microsoft rating
ISC rating(*)


clients
servers





MS10-090
Cumulative Security Update for Internet Explorer (Replaces MS10-071 )


Internet Explorer

CVE-2010-3340

CVE-2010-3342

CVE-2010-3343

CVE-2010-3345

CVE-2010-3346

CVE-2010-3348

CVE-2010-3962


KB 2416400
Currently being exploited.
Severity:Critical

Exploitability: 1,?,1,1,1,?,1
Important
Important


MS10-091
Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (Replaces MS10-078 MS10-037)



Microsoft Windows OpenType Font (OTF) Driver

CVE-2010-3956

CVE-2010-3957

CVE-2010-3959



KB 2416400
No known exploits.
Severity:Critical

Exploitability: 1,1,2
Critical
Critical


MS10-092
Vulnerability in Task Scheduler Could Allow Elevation of Privilege


Microsoft Task Scheduler

CVE-2010-3338


KB 2305420
Currently being exploited.
Severity:Important

Exploitability: 1
Important
Important


MS10-093
Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (Replaces MS10-050 )


Windows Movie Maker

CVE-2010-3967


KB 2424434
Vulnerability disclosed publicy.
Severity:Important

Exploitability: 1
Important
N/A


MS10-094
Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (Replaces MS08-053 MS10-033 )


Windows Media Encoder

CVE-2010-3965


KB 2447961
Vulnerability disclosed publicy.
Severity:Important

Exploitability: 1
Important
Important


MS10-095
Vulnerability in Microsoft Windows Could Allow Remote Code Execution


Microsoft Windows

CVE-2010-3966


KB 2385678
No known exploits.
Severity:Important

Exploitability: 1
Important
Important


MS10-096
Vulnerability in Windows Address Book Could Allow Remote Code Execution


Microsoft Windows Address Book

CVE-2010-3147


KB 2423089
Vulnerability disclosed publicy.
Severity:Important

Exploitability: 1
Important
Important


MS10-097
Insecure Library Loading in Internet Connection Sign up Wizard Could Allow Remote Code Execution


Microsoft Windows

CVE-2010-3144


KB 2443105
Vulnerability disclosed publicy.
Severity:Important

Exploitability: 1
Important
Important


MS10-098
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (Replaces MS10-073 )



Microsoft Windows Kernel-mode Drivers

CVE-2010-3939

CVE-2010-3940

CVE-2010-3941

CVE-2010-3942

CVE-2010-3943

CVE-2010-3944



KB 2436673
Vulnerability disclosed publicy.
Severity:Important

Exploitability: 1,1,2,2,1,1
Critical
Critical


MS10-099
Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege


Microsoft Windows Remote Access NDProxy Component

CVE-2010-3963


KB 2440591
No known exploits.
Severity:Important

Exploitability: 1
Important
Important


MS10-100
Vulnerability in Consent User Interface


User Account Control

CVE-2010-3961


KB 2442962
No known exploit.
Severity:Important

Exploitability: 1
Important
Important


MS10-101
Vulnerability in Windows Netlogon Service


Netlogon/RPC Service

CVE-2010-2742


KB 2207559
No known exploit.
Severity:Important

Exploitability: 3
Important
Important


MS10-102
Vulnerability in Hyper-V Could Allow Denial of Service


Microsoft Windows

CVE-2010-3960


KB 2345316
No known exploits.
Severity:Important

Exploitability: 2
Important
Important


MS10-103
Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (Replaces MS10-023 MS10-036 )


Microsoft Publisher

CVE-2010-2569

CVE-2010-2570

CVE-2010-2571

CVE-2010-3954

CVE-2010-3955


KB 2292970
Remote code execution.
Severity:Important

Exploitability: 1,1,2,2,3
Important
Important


MS10-104
Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution


Microsoft SharePoint

CVE-2010-3964


KB 2433089
Remote code execution.
Severity:Important

Exploitability: 1
Important
Critical


MS10-105
Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (Replaces MS08-044 )


Microsoft Office Graphics

CVE-2010-3945

CVE-2010-3946

CVE-2010-3947

CVE-2010-3949

CVE-2010-3950

CVE-2010-3951

CVE-2010-3952


KB 968095
Remote code execution.
Severity:Important

Exploitability: 1,2,2,2,2,2,2
Critical
Important


MS10-106
Vulnerability in Microsoft Exchange Server Could Allow Denial of Service(Replaces MS10-024 )


Microsoft Exchange Server

CVE-2010-3937


KB 2407132
No known exploits.
Severity:Moderate

Exploitability: 3
N/A
Critical




We will update issues on this page for about a week or so as they evolve.

We appreciate updates

US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:

PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
Critical: Anything that needs little to become interesting for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
Important: Things where more testing and other measures can help.
Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.


The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.
Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.
All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them


As always, please use the contact form for comments about patches.
-- Manuel Humberto Santander Pelez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Oliver Bussmann, now a year into his tenure as CIO for SAP, has re-invented and raised the profile of the ERP vendor's CIO role. One key: Sharing with customers his ongoing experiences with a huge SAP environment.
 
Hitachi Multiple Products GIF File Parsing Buffer Overflow Vulnerability
 
Hitachi Multiple Business Logic Products Unspecified Cross-Site Scripting Vulnerability
 
At the public library where I work, a community member from Haiti recently asked me for help recovering his password from his Hotmail account. Apparently his account had been compromised by someone, and he is no longer able to log in to use it. He tells me he has been using this Hotmail account for about eight years. His primary use of the account is to do relief work in Haiti via his church. All of his contact information and his communications with hundreds of people in Haiti is contained in this Hotmail account. He is desperate to get back into the account to continue helping the people of Haiti.
 
Broadcom is working on a dual-core processor that will allow smartphone makers to build Android-based handsets with integrated Wi-Fi hotspots, the company said.
 
Hitachi Multiple Products GIF File Parsing Denial of Service Vulnerability
 
Linux Kernel 'SNDRV_HDSP_IOCTL_GET_CONFIG_INFO' IOCTL Local Information Disclosure Vulnerability
 
[ MDVSA-2010:252 ] perl-CGI-Simple
 
WikiLeaks founder Julian Assange was granted bail on Tuesday in a London court, but the police will keep his passport and he'll have to wear an electronic tag, according to the BBC.
 
[SECURITY] [DSA-2133-1] New collectd packages fix denial of service
 
Re: Linux kernel exploit
 
Re: [Full-disclosure] Linux kernel exploit
 
Hewlett-Packard has introduced a new level of service for customers running critical business applications on virtualized, x86-based hardware, the company announced Tuesday.
 
Users and analysts say Oracle's $1.3 billion victory in its lawsuit charging SAP with intellectual property theft could cause problems for enterprise users and for the third-party support industry.
 
Microsoft may show the first glimpse of the next generation Windows at CES, the New York Times reports
 
Google's Nexus S smartphone ships unlocked with Android's new 2.3 'Gingerbread' OS
 
Google Chrome prior to 8.0.552.224 Multiple Security Vulnerabilities
 
The most popular password among nearly 400,000 exposed by the Gawker hack was '12345,' according to a security firm's analysis.
 
Nokia is planning to roll out four or five upgrades to its Symbian OS in the next 12 to 15 months, adding a new look for the user interface and a more flexible home screen as it tries to make its struggling operating system relevant again, according to a presentation given at the 2010 International Mobile Internet Conference in Beijing on Tuesday.
 
The most popular password among nearly 400,000 exposed by the Gawker hack was "12345," according to a security firm's analysis.
 
The former CIO at a large U.S. automobile processing company has been sentenced to nearly six years in prison for embezzling more than $500,000 from the company by faking expense reports and reselling company equipment.
 
IBM is ready to ship an Android-compatible new version of its push-based e-mail software Lotus Notes Traveler, an IBM employee wrote in a blog posting Tuesday.
 
New tools try to improve memory management without slowing down the system, as traditional methods can
 
You don't need to be shopping online to get caught in one scammer's traps. Even checking out e-mail or spending time on Facebook and Twitter has its risks for the unaware. Here are seven holiday humbugs to avoid.
 
Peri Software officials say the company's move to hire only U.S. workers for domestic offices is unrelated to its recent settlement of U.S. charges it violated H-1B visa rules.
 
SAP Crystal Reports Print ActiveX Control Buffer Overflow Vulnerability
 
Microsoft Internet Explorer CSS Parsing Remote Memory Corruption Vulnerability
 
collectd 'cu_rrd_create_file()' Remote Denial Of Service Vulnerability
 
InfoSec News: Filet-O-Phish: details stolen in McDonald's hack: http://www.zdnetasia.com/filet-o-phish-details-stolen-in-mcdonald-s-hack-62205135.htm
By Darren Pauli ZDNet Australia December 13, 2010
McDonald's has lost thousands of customer details to a hacker, including names, phone numbers and street and e-mail addresses. [...]
 
InfoSec News: Hack Of Gawker Media Sites Puts 1.3 Million Passwords At Risk: http://www.darkreading.com/database-security/167901020/security/application-security/228800288/hack-of-gawker-media-sites-puts-1-3-million-passwords-at-risk.html
By Tim Wilson Darkreading Dec 13, 2010
Individuals claiming to be part of the hacker group Gnosis are [...]
 
InfoSec News: USENIX LEET '11 Call for Papers Now Available: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>
The Program Committee for the 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '11) invites you to submit your work. Paper submissions are due Tuesday, January 25, 2011, 11:59 p.m. PST. http://www.usenix. [...]
 
InfoSec News: Sheriff's Department database leak puts snitches at risk: http://www.theregister.co.uk/2010/12/14/confidential_sheriff_database/
By Dan Goodin in San Francisco The Register 14th December 2010
A Colorado sheriff's department mistakenly exposed a sensitive database that contained names, addresses and other details on about 200,000 [...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, December 5, 2010: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, December 5, 2010
22 Incidents Added.
======================================================================== [...]
 
InfoSec News: 10 days after Pakistan hacking attack, CBI website not accessible: http://economictimes.indiatimes.com/News-Politics/Nation/10-days-after-Pakistan-hacking-attack-CBI-website-not-accessible/articleshow/7093768.cms
The Economic Times 13 Dec, 2010
NEW DELHI: Computer experts have so far failed to untangle the web cast [...]
 

Posted by InfoSec News on Dec 13

http://economictimes.indiatimes.com/News-Politics/Nation/10-days-after-Pakistan-hacking-attack-CBI-website-not-accessible/articleshow/7093768.cms

The Economic Times
13 Dec, 2010

NEW DELHI: Computer experts have so far failed to untangle the web cast
by a group of hackers from Pakistan on India's premier investigating
agency CBI's internet space resulting in a 'dead' website which is not
working even after 10 days of the cyber attack.

The...
 

Posted by InfoSec News on Dec 13

http://www.zdnetasia.com/filet-o-phish-details-stolen-in-mcdonald-s-hack-62205135.htm

By Darren Pauli
ZDNet Australia
December 13, 2010

McDonald's has lost thousands of customer details to a hacker, including
names, phone numbers and street and e-mail addresses. The fast food
chain is also warning of pending phishing scams.

The customer details were lost after a hacker broke into the fast-food
restaurant's U.S. marketing partner and stole...
 

Posted by InfoSec News on Dec 13

http://www.darkreading.com/database-security/167901020/security/application-security/228800288/hack-of-gawker-media-sites-puts-1-3-million-passwords-at-risk.html

By Tim Wilson
Darkreading
Dec 13, 2010

Individuals claiming to be part of the hacker group Gnosis are
contacting the press to explain their attacks on the popular Gawker
Media sites during the past 24 hours.

According to a report in the publication Mediaite, a member of Gnosis...
 

Posted by InfoSec News on Dec 13

Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>

The Program Committee for the 4th USENIX Workshop on Large-Scale
Exploits and Emergent Threats (LEET '11) invites you to submit your
work. Paper submissions are due Tuesday, January 25, 2011, 11:59 p.m.
PST. http://www.usenix.org/leet11/cfpa

Now in its fourth year, LEET continues to provide a unique forum for the
discussion of threats to the confidentiality of our data, the...
 

Posted by InfoSec News on Dec 13

http://www.theregister.co.uk/2010/12/14/confidential_sheriff_database/

By Dan Goodin in San Francisco
The Register
14th December 2010

A Colorado sheriff's department mistakenly exposed a sensitive database
that contained names, addresses and other details on about 200,000
people, including confidential drug informants.

Thousands of pages of confidential information collected by the Mesa
County Sheriff's Department were vulnerable from...
 

Posted by InfoSec News on Dec 13

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, December 5, 2010

22 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported
data loss incidents world-wide. The Open Security Foundation asks for
contributions of new incidents and new data for...
 


Internet Storm Center Infocon Status