It’s that time of year again. You head out to the store to buy a truckload of number two pencils and color-coded binders along with a flood of other dazed parents who can’t believe school is back in session. So you pretty much know what is in your child’s backpack but do you know who Read more…
It lies next to you as you sleep, comes with you to work, rides home with you in your car and even travels with you on vacation. Your smartphone goes with you everywhere. Although convenient, the unprecedented connectivity we are experiencing culturally with mobile devices can create an equally daunting issue when it comes to Read more…
Contributor: Lionel Payet
Political news has always been one of the top topics used in targeted attacks. Last week we came across unique malicious emails targeting high-profile companies in Europe and Asia (in sectors such as finance, mining, telecom, …
We would like to assume that passwords saved in our web browser are stored in a secured virtual lock box, helping us to surf the web with increased speed and easily log into our favorite sites without sacrificing safety. Unfortunately, this might not be the case on Google Chrome, as it was recently brought to Read more…
The term “zero-day threat” may sound like the title of a hit film, but it’s definitely not that kind of thriller. A zero-day threat or attack is an unknown vulnerability in your computer or mobile device’s software or hardware. The term is derived from the age of the exploit, which takes place before or on Read more…
There’s been a lot of confusion over the last few days, since bitcoin.org announced that an Android component responsible for generating secure random numbers contained a critical weakness that rendered many Android bitcoin wallets vulnerable.
Th…
Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing eight bulletins covering a total of 23 vulnerabilities. 14 of this month’s issues are rated ’Critical’.
As always, customers are advised to follow these security best practices:
Microsoft’s summary of the July releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Aug
The following is a breakdown of the issues being addressed this month:
MS13-066 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (2873872)
AD FS Information Disclosure Vulnerability (CVE-2013-3185) MS Rating: Important
An information disclosure vulnerability exists in Active Directory Federation Services (AD FS) that could allow the unintentional disclosure of account information.
MS13-062 Vulnerability in Remote Procedure Call Could Allow Elevation of Privilege (2849470)
Remote Procedure Call Vulnerability (CVE-2013-3175) MS Rating: Important
An elevation of privilege vulnerability exists in the way that Windows handles asynchronous RPC requests. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.
MS13-064 Vulnerability in Windows NAT Driver Could Allow Denial of Service (2849568)
Windows NAT Denial of Service Vulnerability (CVE-2013-3182) MS Rating: Important
A denial of service vulnerability exists in the Windows NAT Driver that could cause the target system to stop responding until restarted.
MS13-060 Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2850869)
Uniscribe Font Parsing Engine Memory Corruption Vulnerability (CVE-2013-3181) MS Rating: Critical
A remote code execution vulnerability exists in the Unicode Scripts Processor included in affected versions of Microsoft Windows. An attacker who successfully exploited this vulnerability could run arbitrary code as the current user.
MS13-065 Vulnerability in ICMPv6 could allow Denial of Service (2868623)
ICMPv6 Vulnerability (CVE-2013-3183) MS Rating: Important
A denial of service vulnerability exists in the Windows TCP/IP stack that could cause the target system to stop responding until restarted. The vulnerability is caused when the TCP/IP stack does not properly allocate memory for incoming ICMPv6 packets.
MS13-059 Cumulative Security Update for Internet Explorer (2862772)
Internet Explorer Process Integrity Level Assignment Vulnerability (CVE-2013-3186) MS Rating: Moderate
An elevation of privilege vulnerability exists in the way that Internet Explorer handles process integrity level assignment in specific cases. An attacker who successfully exploited this vulnerability could allow arbitrary code to execute with elevated privileges.
EUC-JP Character Encoding Vulnerability (CVE-2013-3192) MS Rating: Moderate
An information disclosure vulnerability exists in Internet Explorer that could allow script to perform cross-site scripting attacks. An attacker could exploit the vulnerability by inserting specially crafted strings into a website, resulting in information disclosure when a user viewed the website.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3184) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3187) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3188) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3189) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3190) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3191) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3193) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3194) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3199) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
MS13-063 Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2859537)
ASLR Security Feature Bypass Vulnerability (CVE-2013-2556) MS Rating: Important
A security feature vulnerability exists in Windows due to the improper implementation of the Address Space Layout Randomization (ASLR). The vulnerability could allow an attacker to bypass the ASLR security feature, most likely during, or in the course of exploiting, a remote code execution vulnerability. The attacker could then load a DLL in the process.
Windows Kernel Memory Corruption Vulnerability(CVE-2013-3196) MS Rating: Important
An elevation of privilege vulnerability exists in the Windows kernel due to a memory corruption condition in the NT Virtual DOS Machine (NTVDM). An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.
Windows Kernel Memory Corruption Vulnerability(CVE-2013-3197) MS Rating: Important
An elevation of privilege vulnerability exists in the Windows kernel due to a memory corruption condition in the NT Virtual DOS Machine (NTVDM). An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.
Windows Kernel Memory Corruption Vulnerability(CVE-2013-3198) MS Rating: Important
An elevation of privilege vulnerability exists in the Windows kernel due to a memory corruption condition in the NT Virtual DOS Machine (NTVDM). An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.
MS13-061 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063)
Oracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-2393) MS Rating: Critical
Remote Code Execution vulnerabilities exist in Exchange Server 2007 and Exchange Server 2010 through the WebReady Document Viewing feature. The vulnerabilities could allow a remote code execution as the LocalService account if a user views a specially crafted file through Outlook Web Access in a browser.
Oracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-3776) MS Rating: Critical
Remote Code Execution vulnerabilities exist in Exchange Server 2007 and Exchange Server 2010 through the WebReady Document Viewing feature. The vulnerabilities could allow a remote code execution as the LocalService account if a user views a specially crafted file through Outlook Web Access in a browser.
Oracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-3781) MS Rating: Critical
Remote Code Execution vulnerabilities exist in Exchange Server 2007 and Exchange Server 2010 through the WebReady Document Viewing feature. The vulnerabilities could allow a remote code execution as the LocalService account if a user views a specially crafted file through Outlook Web Access in a browser.
More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.
It’s not often you can get a response from the folks at Twitter. Of course, you are welcome to ask, complain, or raise concerns. The online social network grew so quickly and so powerfully over the past six years, its likely many concerns from users got lost in the Twittersphere . . . forever. Freedom Read more…
Recently, we observed an attack campaign using link files attached to emails in Japan. We have blogged about threats utilizing link files before and this type of attack is still alive and well.
The target of the link is disguised to make it look like i…
Severity Rating: Revision Note: V1.0 (August 13, 2013): Advisory published.Summary: Microsoft is announcing the availability of updates as part of ongoing efforts to improve Network-level Authentication in the Remote Desktop Protocol. Microsoft will co…