Tag Archives: patch

Oracle CPU – WSWiR Episode 103

Oracle Patches, Heartbleed Update, and Cool Gaming Hacks

Information security has become a hot topic, with tens of new infosec articles and issues showing up each week. Perhaps you’re concerned with the latest security news, but don’t have to time to keep up with it among your other administrative tasks. If that sounds like you, check out my weekly infosec news video for a quick summary of the week’s most interesting stories.

Today’s episode is quite simple. I quickly cover Oracle’s April Critical Patch Update (CPU), share some interesting Heartbleed vulnerability updates, and end with a fun, gaming-related hack to cap off the week. Watch the video below, and browse the Reference section for links to more stories and details.

Have a great Easter weekend.

(Episode Runtime: 6:42)

Direct YouTube Link: https://www.youtube.com/watch?v=NtwbM82vVF0

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Latest Flash Update Mends Four Flaws

Summary:

  • This vulnerability affects: Adobe Flash Player running on all platforms and Adobe Air
  • How an attacker exploits it: By enticing users to visit a website containing malicious Flash content
  • Impact: In the worst case, an attacker can execute code on the user’s computer, potentially gaining control of it
  • What to do: Download and install the latest version of Adobe Flash Player for your platform

Exposure:

Adobe Flash Player displays interactive, animated web content called Flash. Although Flash is optional, 99% of PC users download and install it to view multimedia web content. It runs on many operating systems, including mobile operating systems like Android.

This week, Adobe released a security bulletin describing four security vulnerabilities (based on CVE numbers) that affect Flash Player running on any platform. It doesn’t describe the flaws in much technical detail, other than saying they consist mostly of buffer overflow vulnerabilities and other types of memory corruption flaws (and a cross-site scripting issue). That said, Adobe does warn that if an attacker can entice one of your users to visit a malicious website containing specially crafted Flash content, he could exploit many of these unspecified vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PCs.

Though it doesn’t look like attackers are exploiting these flaws in the wild yet, Adobe rates the flaws as a “Priority 1” issues for Windows and Macintosh users, and recommends you apply the updates within 72 hours. These vulnerabilities also affect other platforms as well, such as Internet Explorer (IE) 11 and Chrome. I recommend you update any Flash capable platform as soon as you can.

Solution Path

Adobe has released new versions of Flash Player to fix these issues. If you allow Adobe Flash in your network, you should download and install the new versions immediately. If you’ve enabled Flash Player’s recent “silent update” option, you will receive this update automatically.

You can download Flash for your computer at the link provided below. See the bulletin’s “Affected Software” section for more details on getting Flash updates for other platforms:

Keep in mind, if you use Google Chrome or IE 11, you’ll have to update it seperately.

For All WatchGuard Users:

Good News! WatchGuard’s Gateway Antivirus and Intrusion Prevention services can often prevent these sorts of attacks, or the malware they try to distribute. For instance, our IPS signature team has developed signatures that can detect and block many of the memory corruption vulnerabilities described in Adobe’s alert:

  • WEB  Adobe Flash Player High Surrogate Parsing Cross Site Scripting  (CVE-2014-0509)
  • WEB-CLIENT Adobe Flash Player Information Disclosure (CVE-2014-0508)
  • EXPLOIT Adobe Flash Player Memory Corruption (CVE-2014-0506)
  • EXPLOIT Adobe Flash Player Memory Corruption (CVE-2014-0507)

Your XTM appliance should get this new IPS update shortly.

Furthermore, our Reputation Enabled Defense (RED) and WebBlocker services can often prevent your users from accidentally visiting malicious (or legitimate but booby-trapped) web sites that contain these sorts of attacks. Nonetheless, we still recommend you install Adobe’s Flash update to completely protect yourself from all of these flaws.

Status:

Adobe has released updates to fix these Flash vulnerabilities.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept)

11.8.3 Update 1 now available to fix Heartbleed vulnerabilty in Fireware XTM OS

New Release: Fireware XTM 11.8.3 Update 1
Yesterday we posted an update about the Heartbleed vulnerability (CVE-2014-0160) in OpenSSL. We are pleased to announce that 11.8.3 Update 1 is now available at the software download site with a critical patch to address this issue in WatchGuard appliances.  We recommend you update immediately if you use Fireware XTM v11.8.x. This flaw does not affect appliances running Fireware XTM v11.7.4 or earlier.

WatchGuard is not aware of any breaches involving this vulnerability, but because of its critical nature and the length of time it has been available to exploit, we recommend that you take measures to change passwords and renew certificates used in your XTM device after you upgrade. We have published a knowledge base article with details on how to do this. 

The WatchGuard IPS service now includes four signatures  in the version 4.404 set that protect against exploits of the heartbleed vulnerability.

Does This Release Pertain to Me?
This release applies to all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W appliances, but only those running 11.8.x versions of the firmware. Please read the Release Notes before you upgrade, to understand what’s involved.

What about other WatchGuard products?
WatchGuard SSL VPN, Dimension and the WSM Management software are not affected. Yesterday we reported that there is an impact on the SecureMail functionality in XCS. On further analysis, we’ve determined that this is even less than thought. The vulnerable OpenSSL library is used within XCS only for communications between the XCS appliance and our SecureMail encryption provider, Voltage. XCS acts as a client for those connections, not a listening server. Therefore, the flaw could only be exploited by Voltage themselves, and no one else; as such, we believe there is no actual risk. Nevertheless, we are building a hotfix that we hope to release by the end of the week.

How Do I Get the Fireware XTM Release?
XTM appliances owners who have a current LiveSecurity Service subscription can obtain this update without additional charge by downloading the applicable packages from the Articles & Software section of WatchGuard’s Support Center. To make it easier to find the relevant software, be sure to uncheck the “Article”, and “Known Issue” search options, and press the Go button.

If you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)

Adobe Plugs 0day Flash Hole Found by Kaspersky

Summary:

  • This vulnerability affects: Adobe Flash Player  12.0.0.43 and earlier, running on all platforms
  • How an attacker exploits it: Typically, by enticing users to visit a website containing malicious Flash content
  • Impact: An attacker can execute code on the user’s computer, potentially gaining control of it
  • What to do: Download and install the latest version of Adobe Flash Player (version 12.0.0.44 for most computers)

Exposure:

Adobe Flash Player displays interactive, animated web content called Flash. Although Flash is optional, 99% of PC users download and install it to view multimedia web content. It runs on many operating systems, including mobile ones like Android. It also comes prepackaged with some web browsers like Chome and the latest version of Internet Explorer (IE).

In an out-of-cycle security bulletin released today, Adobe posted an update that fixes a critical, zero day vulnerability in Adobe Flash Player 12.0.0.43 and earlier, running on all platforms. We urge Flash users to install this update as soon as possible, since advanced attackers are exploiting it in the wild.

Adobe’s bulletin describes an integer overflow vulnerability (CVE-2014-0497) in Flash player, which attackers have been exploiting in the wild. In typical fashion, Adobe’s bulletin doesn’t describe the flaw in much technical detail, but they do describe its impact. If an attacker can entice one of your users to visit a malicious website, or into handling specially crafted Flash content (which could be embedded in a document), he could exploit this flaw to execute code on that user’s computer, with that user’s privileges. If your users have administrator privileges, the attacker could gain full control of their computers.

This particular flaw was brought to Adobe’s attention by one of Kaspersky’s (one of WatchGuard’s antivirus partners) researchers. Yesterday, members of Kaspersky’s research team announced that they plan on disclosing details about a new advanced persistent threat (APT) campaign later next week, which they call “The Mask.” According to some reports, this Flash zero day exploit might be associated with that cyber espionage campaign.

In any case, Adobe has assigned this a “Priority 1” severity rating for Windows and Macintosh computers, which means you should fix it within 72 hours. If you use Flash, I recommend you apply the update as soon as possible.

Solution Path

Adobe has released new versions of Flash Player (12.0.0.44 for Windows and Mac) to fix these issues. If you allow Adobe Flash in your network, you should download and install the new versions immediately. If you’ve enabled Flash Player’s recent “silent update” option, you will receive this update automatically.

  • Download Flash Player for your computer:
NOTE: Some web browsers, like Chrome and the latest versions of IE, ship with their own versions of Flash built-in. If you use these web browser, you will also have to update them as well.

For All WatchGuard Users:

If you choose, you can configure the HTTP proxy on your XTM appliance to block Flash content. Keep in mind, doing so blocks all Flash content, whether legitimate or malicious.

Our proxies offer many ways for you to block files and content, including by file extensionMIME type, or by using very specific hexidecimal patterns found in the body of a message – a technique sometimes referred to as Magic Byte detection. Below I list the various ways you can identify various Flash files:

File Extension:

  • .flv –  Adobe Flash file (file typically used on websites)
  • .fla – Flash movie file
  • .f4v – Flash video file
  • .f4p - Protected Flash video file
  • .f4a – Flash audio file
  • .f4b – Flash audiobook file

MIME types:

  • video/x-flv
  • video/mp4 (used for more than just Flash)
  • audio/mp4 (used for more than just Flash)

FILExt.com reported Magic Byte Pattern:

  • Hex FLV: 46 4C 56 01
  • ASCII FLV: FLV
  • Hex FLA:  D0 CF 11 E0 A1 B1 1A E1 00

(Keep in mind, not all the Hex and ASCII patterns shared here are appropriate for content blocking. If the pattern is too short, or not unique enough, blocking with them could result in many false positives) 

If you decide you want to block Flash files, the links below contain instructions that will help you configure your Firebox proxy’s content blocking features using the file and MIME information listed above.

Status:

Adobe has released updates to fix these Flash vulnerabilities.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept)

Oracle Patch Day: January’s CPU and Java Updates Correct 144 Vulnerabilities

Today, Oracle released their quarterly Critical Patch Update (CPU) for January 2014. CPUs are Oracle’s quarterly collections of security updates, which fix vulnerabilities in a wide-range of their products. Oracle publishes their quarterly updates on the Tuesday closest to the 17th of the month, and this quarter that happens to fall on Microsoft and Adobe’s Patch Tuesday.

Overall, Oracle’s CPU and Java updates fix around 144 security vulnerabilities in many different Oracle products and suites. The table below outlines the affected product categories, and the severity of the fixed flaws. The flaws with the highest CVSS rating are the most risky, meaning you should handle them first:

Product or Suite Flaws Fixed (CVE) Max CVSS
Java SE 36 10
Fusion Middleware 22 10
MySQL 18 10
Financial Services Software 1 10
Sun Systems Products Suite 11 7.2
Hyperion 2 7.1
Virtualization 9 6.8
E-Business Suite 4 5.5
Supply Chain Product Suite 16 5.5
Database Server 5 5
Seibel CRM 2 5
PeopleSoft Products 17 5
iLearning 1 4.3

Oracle’s advisory doesn’t describe every flaw in technical detail. However, they do describe the general impact of each issue, and share  CVSS severity ratings. While the severity of the 144vulnerabilities differs greatly, some of them pose a pretty critical risk; especially the Java SE ones.

Almost everyone has Java installed. If you do, I recommend you install the Java update immediately, or perhaps consider uninstalling Java or restricting it in some way using its security controls. With many flaws that have a CVSS rating of 10, the Java exploits allow remote attackers to install malware on your computer via web-based drive-by download attacks; and right now attackers really like targeting Java flaws.

Of course,  if you use any of the other affected Oracle software, you should update it as well. I recommend scheduling the updates based on the max CVSS rating for the products. For instance, if you use MySQL, update it quickly, but you can allow yourself to more time to fix the iLearning issues. You’ll find more details about these updates in the Patch Availably section of Oracle’s alert. — Corey Nachreiner, CISSP (@SecAdept)

Adobe Patch Day: Flash and Reader Updates Fix Five Flaws

Severity: High

Summary:

  • These vulnerabilities affect: Flash Player, Reader XI, and Acrobat XI (and Adobe Air)
  • How an attacker exploits them: Multiple vectors of attack, including enticing your users to open malicious files or visit specially crafted web sites
  • Impact: Various results; in the worst case, an attacker can gain complete control of your computer
  • What to do: Install the appropriate Adobe patches immediately, or let Adobe’s updater do it for you.

Exposure:

Today, Adobe released or updated two security bulletins that describe vulnerabilities in two of their popular software packages; Flash Player and Reader/Acrobat X.

Adobe Patch Day, Jan 2014

A remote attacker could exploit the worst of these flaws to gain complete control of your computer. We summarize the Adobe security bulletins below:

  • APSB14-01: Trio of Reader and Acrobat Memory Corruption Vulnerabilities

Adobe Reader helps you view PDF documents, while Acrobat helps you create them. Since PDF documents are very popular, most users install Reader to handle them.

Adobe’s bulletin describes three vulnerabilities that affect Adobe Reader and Acrobat XI 11.0.05 and earlier, running on Windows and Macintosh.  Adobe doesn’t describe the flaws in much technical detail, but does note that they involve integer overflow and memory corruption issues. They all share the same scope and impact. If an attacker can entice you into opening a specially crafted PDF file, he can exploit any of these issues to execute code on your computer, with your privileges. If you have root or system administrator privileges, the attacker gains complete control of your machine.

Adobe Priority Rating: 1 (Patch within 72 hours)

  • APSB14-02: Flash Player Code Execution Vulnerability

Adobe Flash Player displays interactive, animated web content called Flash. Although Flash is optional, 99% of PC users download and install it to view multimedia web content. It runs on many operating systems, including mobile operating systems like Android.

Adobe’s bulletin describes two serious flaws in Flash Player 11.9.900.170 and earlier for all platforms. They don’t describe the  vulnerabilities in much technical detail, just mentioning that one allows you to “bypass security protections” and the other allows you to defeat Address Space Layout Randomization (ASLR), which is a memory obfuscation technique that some software uses to make it harder for attackers to exploit memory corruption flaws. They do, however, describe the flaws’ impacts. In the worst case, if an attacker can lure you to a web site, or get you to open documents containing specially crafted Flash content, he could exploit a combination of these flaws to execute code on your computer, with your privileges. If you have administrative or root privileges, the attacker could gain full control of your computer.

Adobe Priority Rating: 1 (Patch within 72 hours)

Solution Path:

Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you.

For All WatchGuard Users:

Attackers can exploit these flaws using diverse exploitation methods. Installing Adobe’s updates is your most secure course of action.

Status:

Adobe has released patches correcting these issues.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

Adobe Patch Day: Zero Day Flash Patch & Shockwave Update

Severity: High

Summary:

  • These vulnerabilities affect: Adobe Flash and Shockwave Player
  • How an attacker exploits them: By enticing you to run malicious Flash or Shockwave content from web pages or embedded within documents
  • Impact: In the worst case, an attacker can gain complete control of your computer
  • What to do: Install the appropriate Adobe patches immediately, or let Adobe’s updater do it for you.

Exposure:

Today, Adobe released two security bulletins describing vulnerabilities in Flash and Shockwave Player. A remote attacker could exploit the worst of these flaws to gain complete control of your computer. The summary below details some of the vulnerabilities in these popular software packages.

Adobe Patch Day - Dec, 2013

  • APSB13-29: Two Shockwave Player Memory Corruption Vulnerabilities

Adobe Shockwave Player displays interactive, animated web content and movies called Shockwave. According to Adobe, the Shockwave Player is installed on some 450 million PCs.

Adobe’s bulletin describes two unspecified memory corruption vulnerabilities that affects Shockwave Player running on Windows and Macintosh computers.They don’t share any technical details about the flaw, but do share its scope and impact. If an attacker can entice one of your users into visiting a website containing some sort of malicious Shockwave content, he could exploit the flaw to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this vulnerability to gain full control of their computer.

Adobe Priority Rating: 1 (Patch within 72 hours)

  • APSB13-28: Zero Day Flash Player Code Execution Flaw

Adobe’s bulletin describes two vulnerabilities in Flash Player running on all platforms, including one code execution flaw attackers are currently exploiting in the wild. If an attacker can lure you to a web site, or get you to open a document containing specially crafted Flash content, he could exploit the worst of these flaws to execute code on your computer, with your privileges. If you have administrative or root privileges, the attacker could gain full control of your computer.

Adobe warns that attackers are exploiting this flaw in the wild. The attack arrives as a malicious Word document containing embedded Flash content. They have assigned these flaws their highest severity rating for Windows and Mac computers, but a lesser severity for Linux and Android devices. If you are a Windows Flash user, we recommend you apply this update immediately.

Adobe Priority Rating: 1 for Windows and Mac (Patch within 72 hours)

Solution Path:

Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you:

Keep in mind, if you use Google Chrome you’ll have to update it separately to get the latest Flash fixes.

For All WatchGuard Users:

Attackers can exploit these flaws using diverse exploitation methods. However, WatchGuard’s XTM appliances can help in many ways. First, our IPS and AV services are often capable of detecting the malicious Flash or Shockwave files attackers are actually using in the wild. If you’d like, you can also configure our proxies to block Shockwave and Flash. This, however, blocks both legitimate and malicious content. If you do want to block this content via the Web or email, see our manual for more details on how to configure our proxy policies’ content-filtering.

Status:

Adobe  has released patches correcting these issues.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept)

Adobe Patch Day: Zero Day ColdFusion Patch & Flash Update

Severity: High

Summary:

  • These vulnerabilities affect: Adobe Flash Player and ColdFusion
  • How an attacker exploits them: Multiple vectors of attack, including enticing your users to open malicious files or into visiting specially crafted web sites
  • Impact: Various results; in the worst case, an attacker can gain complete control of your computer
  • What to do: Install the appropriate Adobe patches immediately, or let Adobe’s updater do it for you.

Exposure:

Today, Adobe released two security bulletins describing vulnerabilities in Flash Player and ColdFusion. A remote attacker could exploit the worst of these flaws to gain complete control of your computer. The summary below details some of the vulnerabilities in these popular software packages.

Adobe Patch Day: November 2013

  • APSB13-26: Four Flash Player Memory Corruption Flaws

Adobe Flash Player displays interactive, animated web content called Flash. Many users install Flash, so it’s likely present on many of your Windows and Mac computers.

Adobe’s bulletin describes two unspecified memory corruption vulnerabilities in Flash Player running on all platforms. Though the flaws presumably differ technically, they share the same scope and impact. If an attacker can lure you to a web site, or get you to open a document containing specially crafted Flash content, he could exploit these flaws to execute code on your computer, with your privileges. If you have administrative or root privileges, the attacker could gain full control of your computer.

Adobe assigned these flaws their highest severity rating for Windows and Mac computers, but a lesser severity for Linux machines.

Adobe Priority Rating: 1 for Windows and Mac (Patch within 72 hours)

Adobe ColdFusion is an application server that allows you to develop and deploy web applications. It suffers from two security vulnerabilities, which Adobe does not describe in much technical detail; a reflected cross site scripting (XSS) vulnerability (CVE-2013-5326), and an unauthorized remote read access flaw  (CVE-2013-5328).  Other than that, the bulletin shares very little about the scope or impact of these flaws, so we’re unsure how easy or hard it is for attackers to leverage them. Presumably, if an attacker could trick someone in clicking a specially crafted link, he could leverage the XSS flaw to do anything on your web site that the user could. We also assume an attacker could exploit the remote read flaw to potentially gain access to files on your server, such as its web application source code. In any case, they rate the vulnerabilities as Priority 1 issues for version 10, which is their high severity rating.

As an aside, Adobe’s own network was recently breached via a zero day flaw in ColdFusion. Adobe claims these ColdFusion issues are not associated with their network breach. However, the discoverer of one of the issues, Alex Holden, was actually one of the researchers who uncovered Adobe’s data breach, and he claims one of the flaws has been used by attackers this year to break into other companies. In other words, you should apply these updates immediately if you use ColdFusion

Adobe Priority Rating: 1 for version 10 (Patch within 72 hours)

Solution Path:

Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you:

Keep in mind, if you use Google Chrome you’ll have to update it separately.

For All WatchGuard Users:

Attackers can exploit these flaws using diverse exploitation methods. However, WatchGuard’s XTM appliances can help in many ways. First, our IPS and AV services are often capable of detecting the malicious Flash or Shockwave files attackers are actually using in the wild. If you’d like, you can also configure our proxies to block Shockwave or Flash content. This, however, blocks both legitimate and malicious content. If you do want to block this Flash or Shockwave via the Web or email, see our manual for more details on how to configure our proxy policies’ content-filtering.

Status:

Adobe  has released patches correcting these issues.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept)

Oracle Fixes 133 Vulnerabilities with Massive CPU & Java Updates

Yesterday, Oracle released their quarterly Critical Patch Update (CPU) for October 2013. If you haven’t heard of them, CPUs are Oracle’s quarterly collections of security updates, which fix vulnerabilities in a wide-range of their products. Oracle publishes their quarterly updates on the Tuesday closest to the 17th of the month (in this case, October 15th). Previously, Oracle decoupled their Java updates from their quarterly CPU cycle. However, that changes as of this release. From now on, Oracle plans to release Java updates quarterly, so this quarter’s Oracle CPU includes a Java security update as well.

Overall, the CPU and Java updates fix around 133 security vulnerabilities in many different Oracle products and suites. The table below outlines the affected products, and the severity of the fixed flaws. The flaws with the highest CVSS rating are the most risky, meaning you should handle them first:

Product or Suite Flaws Fixed (CVE) Max CVSS
Java SE 51 10
Database Server 4 6.4
MySQL 12 8.5
Fusion Middleware 17 7.5
Enterprise Manager Grid Control 4 4.3
Siebel CRM 9 6.8
E-Business Suite 1 5.0
Supply Chain Product Suite 2 5.0
Industry Applications 6 5.5
PeopleSoft Products 8 5.0
iLearning 2 6.8
Financial Services Software 1 6.0
Primavera Products Suite 2 5.0
Sun Systems Products Suite 12 6.1
Virtualization 2 5.0

Oracle’s advisory doesn’t describe every flaw in technical detail. However, they do describe the general impact of each issue, and share  CVSS severity ratings. While the severity of the 133 vulnerabilities differs greatly, some of them pose a pretty critical risk; especially the Java SE ones.

Almost everyone has Java installed. If you do, I recommend you install the Java update immediately, or perhaps consider uninstalling Java or restricting it in some way using its security controls. With a CVSS rating of 10, the Java exploits allow remote attackers to install malware on your computer via web-based drive-by download attacks; and right now attackers really like targeting Java flaws.

Of course,  if you use any of the other affected Oracle software, you should update it as well. I recommend scheduling the updates based on the max CVSS rating for the products. For instance, if you use MySQL, update it quickly, but you can allow yourself to more time to fix the Grid Control issues. You’ll find more details about these updates in the Patch Availably section of Oracle’s alert. — Corey Nachreiner, CISSP (@SecAdept)

MS Patch Day Fixes 0day and Warning for Adobe Users

Download, test, patch, and repeat. That should be the mantra for Microsoft administrators every month.

By now, you’re likely quite used to Microsoft’s regular monthly patch cycle, so you’re already expecting next week’s updates. However, this month’s updates are especially important, since one fixes a fairly prevalent zero day flaw that attackers are exploiting in the wild. According to their advanced notification, Microsoft plans on releasing eight security bulletins next Tuesday to fix vulnerabilities in Windows, Internet Explorer (IE), Office, and the .NET and SilverLight frameworks. They rate half the bulletins as Critical, and the other half as Important.

This would all sound like business as usually for Microsoft Patch Day, except that one of the Critical updates fixes the very serious zero day IE flaw, which I warned you about a few weeks ago. Since that initial warning, more and more attackers have started exploiting this vulnerability. Worse yet, researchers have released a Metasploit exploit for the flaw, which means anyone can try it out. I expect every smart network attacker to start incorporating this flaw into their exploit kits, if they haven’t already. You should get this IE update as soon as it’s available next week.

Also, don’t forget that Adobe now shares Microsoft’s Patch Tuesday, and they too will release updates next week. According to a pre-notification post, they plan on releasing an Adobe Reader and Acrobat update on the 8th.

While I’m talking about Adobe, if you’re an Adobe customer, it’s time to change your user credentials on their site. Today, Adobe released an important announcement informing their customers that their network has been breached. Attackers made off with 2.9 million customer records, including email addresses and encrypted credit card numbers. They plan on emailing affected customers, so be sure to change your password if you get this email. As an aside, the attackers also seem to have acquired some Adobe source code. For more information on this attack, I recommend you read Brian Krebs’ blog post.

So to summarize:

  • Microsoft administrators should get ready for next Tuesday’s important Patch Day. Install the IE update first,
  • If you use Adobe product, get ready for the Reader updates too,
  • And if you have credentials on Adobe’s site, change them immediately.

I’ll share more details about all these updates next Tuesday. So stay tuned. — Corey Nachreiner, CISSP (@SecAdept)

MS Patch Day: Sept. 2013

Follow

Get every new post delivered to your Inbox.

Join 7,380 other followers

%d bloggers like this: