Tag Archives: Patches

Microsoft Black Tuesday: Patch Before the Holidays

December 11, 2012 by Corey Nachreiner 0 Comments

If you’re anything like me, your late December schedule is quickly filling with holiday parties, family activities, and seasonal days off. This means if you want to secure your Microsoft environment before the end of the year, you better get started earlier rather than later.

Today, Microsoft released seven security bulletins fixing at least 11 vulnerabilities in many of their products, including:

  •  Windows (all versions)
  • Internet Explorer (IE)
  • Word (part of Office)
  • and Exchange Server

They rate five of the bulletins as Critical, and the rest as Important. For more details, check out their December bulletin summary, or wait for our detailed alerts.

If I were to pick the order you patched, I’d start with the Exchange update since you need to protect your public servers, follow with the IE patch since attackers like drive-by downloads, fix the Word flaw to avoid targeted phishing attacks, and end with the Windows updates in order of severity… but that’s just me.

In any case, you should download, test, and deploy Microsoft’s updates as soon as possible. If you don’t have time to test everything, at least take the time to test the Exchange update, as you don’t want your production email server suffering any downtime.

I’ll post more detailed alerts throughout the day, but until then feel free to refer to Microsoft’s December bulletin matrix below.  — Corey Nachreiner, CISSP (@SecAdept)

Microsoft Patch Day: December 2012

Editorial Articles
, , , , , , , , , , , , ,

Microsoft Stuffs Our Stockings With Seven Security Updates

December 7, 2012 by Corey Nachreiner 1 Comment

Before you get too much into holiday cheer, you have some patching to do.

Like clockwork, Microsoft released their Advanced Notification post on Thursday, warning the world that they will release seven security bulletins for December. Next Tuesday’s bulletins will fix flaws in Windows, Office, and some of Microsoft’s Server Software. They rate five of the seven bulletins as Critical. According to their MSRC blog post, the bulletins will fix 11 vulnerabilities overall, with the two most critical updates affecting Windows.

MS Patch Day, Dec. 2012Before letting your IT staff drink too much spiked eggnog at the good ‘ole holiday party, you might want to prepare them for these upcoming Microsoft patches. That way they can download, test, and install them as soon as possible—especially the Critical ones.

I’ll release more details about next Tuesday’s updates on the 11th. Stay tuned! — Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles
, , , , , , ,

Microsoft Black Tuesday: Critical Updates Affect Windows 8 and More

November 13, 2012 by Corey Nachreiner 2 Comments

It’s Microsoft Patch Day and I have a question for you. How quick are you at applying software updates? Do you jump on them within the day; a week, or are you months behind?

If you are one of the many who fall behind, know that patching is one of the practices that can most improve your security posture. I recommend you take this opportunity to improve your patching practices with a small challenge. Try to test and deploy all of today’s patches before Turkey Day (Thanksgiving, Nov. 22). That way you can enjoy a guilt-free feast, knowing your network is relatively safe and secure. If you accept this challenge, here’s what you are in for…

Today, Microsoft released six security bulletins fixing 19 vulnerabilities in many of their popular products, including:

  •  Windows (all versions)
  • Internet Explorer (IE)
  • Excel (part of Office)
  • .NET Framework
  • IIS Server

They rate four of the bulletins as Critical, one as Important, and one as Moderate. For more details, check out this November bulletin summary, or wait for our detailed alerts.

With so many critically rated issues, it’s hard to recommend a patch order. I would personally apply the IE update first, since attackers often exploit web browser issues in drive-by download attacks. Follow that with the Critical Windows updates, but don’t forget the Important Excel vulnerability.  While this sort of document handling vulnerability requires a little user interaction to succeed, spear-phishers often leverage it in their email-based attacks. Whatever order you choose, I recommend you apply all of today’s update as quickly as you can.

We’ll share more details about Microsoft’s bulletins in upcoming alerts, posted throughout the day. We’ve posted Microsoft update matrix below, for your convenience.  — Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles
, , , , , , , , , , , ,

November Patch Day Light in Number, Heavy in Severity

November 8, 2012 by Corey Nachreiner 1 Comment

Those hip to the patch cycle know the first Thursday of the month means an early peek at Microsoft’s plans for Patch Tuesday.

According to this Month’s Advanced Notification post, Microsoft will release six security bulletins next Tuesday, and rates four of those bulletins as Critical. According to their corresponding blog post, the six bulletins will fix 19 actual vulnerabilities. The affected products include Windows, Internet Explorer (IE), Office, and the .NET Framework.

It’s hard to say more about these updates without any other details. However, I can say it looks like a pretty important Patch Day. Though six bulletins sounds low compared to some previous Patch Days, at least 13 of the vulnerabilities are serious,  and likely could result in remote code execution. I recommend you get your IT staff prepared to jump on these updates as soon as they come out.

I’ll release a more details about next Tuesday’s updates on the 13th. Stay tuned! — Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles
, , , , , , ,

Microsoft Mends SQL Server XSS Vulnerability

October 9, 2012 by Corey Nachreiner 3 Comments

Severity: Medium

Summary:

  • These vulnerabilities affect: Most current versions of SQL Server
  • How an attacker exploits it: By enticing a you to click a specially crafted link
  • Impact: An attacker can steal your web cookie, hijack your web session, or essentially take any action you could in the SQL server Report Manager
  • What to do: Deploy the appropriate SQL Server updates as soon as possible

Exposure:

SQL Server is Microsoft’s popular database server. It includes the SQL Server Reporting Services (SSRS), which provides web-based access to the SQL Server Report Manager.

According to Microsoft’s security bulletin, the SQL Server Report Manager suffers from a Cross-site Scripting (XSS) vulnerability due to its inability to properly validate and sanitize request parameters. By enticing you to click a specially crafted link, an attacker could leverage this flaw to inject client-side script into your web browser. This could allow the attacker to steal your web cookie, hijack your web session, or essentially take any action you could on the SQL Server Report Manager site. In some cases, attackers can even leverage XSS attacks to hijack your web browser, and gain unauthorized access to your computer.

Solution Path:

Microsoft has released SQL Server updates  to correct this vulnerability. You should download, test, and deploy the appropriate update as soon as possible. You can find the updates in the “Affected and Non-Affected Software” section of Microsoft’s SQL Server bulletin.

As an aside, the Cross-site Scripting (XSS) protection mechanisms built into many modern web browsers, like Internet Explorer (IE) 8 and above, can often prevent these sorts of attacks. We recommend you enable these mechanisms, if you haven’t already.

For All WatchGuard Users:

If you have enabled our XTM security appliance’s IPS service, one of our generic XSS detection signatures already detects and prevents this XSS flaw. Nonetheless, we still recommend you download, test, and apply the SQL Server patches as quickly as possible.

Status:

Microsoft has released updates to fix this vulnerability.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

What did you think of this alert? Let us know at your.opinion.matters@watchguard.com.

Security Updates
, , , , ,

Four Updates Repair Office and Server Software Vulnerabilities

October 9, 2012 by Corey Nachreiner 2 Comments

Severity: High

Summary:

  • These vulnerabilities affect: Microsoft Office related products, including Word, Works, Sharepoint, InfoPack, Communicator, Lync, Groove, and more
  • How an attacker exploits them: Multiple vectors of attack, including enticing users to click specially crafted links, or to open specially crafted documents
  • Impact: In the worst case, an attacker can gain complete control of your Windows computer
  • What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Automatic Update do it for you.

Exposure:

Today, Microsoft released four security bulletins that fix around 20 vulnerabilities in a wide range of Microsoft Office and Server Software products. The affected products include:

  • Word and Word Viewer
  • Works 9
  • Sharepoint Server
  • InfoPath
  • Communicator and the new Lync
  • Groove
  • FAST Search Server
  • and the Office Web Apps

I summarize these four security bulletins below, in order from highest to lowest severity.

  • MS12-064: Two Word Memory Corruption Vulnerabilities

Word is the popular word processor that ships with Office. It suffers from two memory corruptions vulnerabilities having to do with how it handles maliciously crafted Word or RTF documents. By enticing one of your users to download and open a specially crafted document, an attacker could leverage either of these flaws to execute code on that user’s computer, with that user’s privileges. If you grant users local administrator privileges, the attacker could leverage these vulnerabilities to gain complete control of their machines. These flaws affect all current versions of Word; including Word Viewer, the Office Compatibility Pack, and the Office Web Apps.

Microsoft rating: Critical

  • MS12-065: Works 9 Heap Buffer Overflow Vulnerability

Works is a light-weight word processor, which is less expensive that Word but lacking in features. It suffers from a buffer overflow vulnerability having to do with how it handles malformed Word documents. By luring one of your users into downloading and opening a malicious Word document, an attacker can exploit this buffer overflow to execute code on that user’s computer, with that user’s privileges. Again, if your users have local administrator privileges, the attacker gains complete control of their PCs. The flaw only affects Works 9.

Microsoft rating: Important

  • MS12-066 :  Microsoft Server Software XSS Vulnerability

Many of Microsoft’s Server Software products (including Sharepoint Server, Communicator and Lync, InfoPath, and Groove) suffer from a Cross-site Scripting (XSS) vulnerability having to do with the servers’ inability to properly sanitize HTML inputs. The bulletin doesn’t describe exactly what element of these web-based servers suffers from the XSS vulnerability; only that they do. In any case, if an attacker can trick you into clicking a specially crafted link, he could leverage this flaw to to steal your web cookie, hijack your web session, or essentially take any action you could on the vulnerable server. In some cases, attackers can even leverage XSS attacks to hijack your web browser, and gain unauthorized access to your computer.

Microsoft rating: Important

  • MS12-067 : FAST Search Server Oracle Outside In Vulnerabilities

Microsoft’s FAST Search Server improves the searchability of your SharePoint infrastructure. In previous alerts and videos, we warned you that Microsoft Exchange leveraged Oracle’s Outside In technology to parse various types of file attachments, and that Outside In suffered from a number remote code execution vulnerabilities. FAST Search Server implements Outside In, and also suffers from these vulnerabilities. If an attacker can upload a specially crafted file to a share that FAST Search Server indexes, he could leverage these vulnerabilities to execute arbitrary code on the FAST Search Server. However, two factors significantly mitigate the severity of these issues. First, most administrators only use this server to index internal file shares, which means the attacker needs local access and privilege to upload her malicious file. Furthermore, the attacker could only execute code with the limited privileges of a “user account with a restricted token.”

Microsoft rating: Important

Solution Path:

Microsoft has released Office and Server Software patches that correct all of these vulnerabilities. You should download, test, and deploy the appropriate Windows patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these updates for you. That said, we highly recommend you test server updates before deploying them, so you may not want to turn on automatic updates for your servers.

The links below point directly to the “Affected and Non-Affected Software” section of each bulletin, where you can find all of Microsoft’s update links:

For All WatchGuard Users:

Our XTM security appliances can mitigate the risk of many of these flaws. One of our generic XSS detection signatures already detects and prevents the XSS flaw described in MS12-066. Furthermore, with information from Microsoft’s Active Protections Program (MAPP), we have already developed a signature for the RTF exploit described in MS12-064, which we will include in a new signature set your appliance should get shortly.

Furthermore, WatchGuard’s Gataway Antivirus (GAV) service detects most of the common malware attackers try to deliver when exploiting these flaws. In short, if you have our UTM bundle and enable IPS and GAV, we can protect you from many attacks that try to leverage these flaws.

Nonetheless, Attackers can exploit these flaws in other ways as well, including uploading malicious files locally. We still recommend you install Microsoft’s updates as quickly as possible to completely protect yourself from these flaws.

Status:

Microsoft has released patches correcting these issues.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

What did you think of this alert? Let us know at your.opinion.matters@watchguard.com.

Security Updates
, , , , , , , , , , , , ,

Microsoft Black Tuesday: Office, Windows, and SQL Server Updates

October 9, 2012 by Corey Nachreiner 0 Comments

Like clockwork, Microsoft’s Patch Tuesday has gone live. This month Microsoft seems to be focusing on Office and their Server Software, with the Windows updates posing only a  moderate risk.

As promised, Microsoft released seven bulletins fixing vulnerabilities in several of their products. The affected software includes:

  •  Word and the Word Viewer
  • Works 9
  • SQL Server
  • Windows (all current versions except Windows 8)
  • Sharepoint Server
  • Communicator & Lync
  • InfoPath
  • Groove
  • Fast Search Server
  • Office Web Apps

They only rate the Word update as Critical, and the rest as important. If you’d like more information about these alerts before we release our detailed alerts, check out Microsoft’s summary post for October.

Usually, I tend to recommend you patch Windows (and related products like Internet Explorer) first, since all your users have them, and security flaws in popular products pose a high risk. However, in this case the Windows updates seem the least worrisome of the bunch. Today, I recommend you apply the Office, and related Server Software updates first, the SQL Server update second, and save the Windows updates for last. Of course, I still recommend you test the updates before deploying them; especially the server ones.

We’ll share more details about Microsoft’s bulletins in three upcoming alerts, posted throughout the day. Stay tuned.  — Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles
, , , , , , , , , , ,

Seven Bulletins Planned for October Patch Tuesday

October 5, 2012 by Corey Nachreiner 3 Comments

After a very light Patch Tuesday in September, Microsoft returns to more typical patch levels this month. According to their October advanced notification, Microsoft plans to release seven security bulletins next week, fixing around 20 vulnerabilities in some of their most popular products. The affect products include Windows, Office, SQL Server, Microsoft Server Software, and a few other products. Microsoft only rated one of the bulletins as Critical, and the rest as Important.

Despite the return to more typical patch numbers, next Tuesday’s Patch Day doesn’t appear too substantial. With only one Office update rated Critical, this upcoming Patch Day seems less severe than many we’ve had in the past. That said, remote attackers will probably be able to leverage that critical Office issue to execute code on your computer. So it’s still important that you download, test and deploy next week’s updates as quickly as you can.

Also, don’t forget Microsoft’s planned certificate handling update. As I mentioned in previous posts, Microsoft plans to push an update that forces Windows computers to only accepts 1024 bit (and higher) RSA certificates. Be sure you’ve checked the certificates in your PKI infrastructure before next Tuesday.

I’ll release a more details about Microsoft’s updates next week. Stay tuned! — Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles
, , , , , , ,

Light Patch Tuesday Brings Two XSS Fixes

September 11, 2012 by Corey Nachreiner 0 Comments

As I mentioned in last week’s early warning, today’s Patch Day is extremely light with only two updates. According to their September bulletin summary, Microsoft has only released updates for Visual Studio Foundation Server and System Center Configuration Manager. Both updates fix cross-site scripting (XSS) vulnerabilities that Microsoft rates as Important.

If you have either of these products, you should apply today’s patches at your earliest convenience, despite their low severity. If you don’t use either of these products, you’re off the hook this month (whoohoo).  However, don’t forget to check your certificate infrastructure to make sure you are using 1024  bit certificates by October.

Also,  if you use any Cisco products, Microsoft also released a Cisco-related Security Advisory today. The advisory includes a roll-up patch that sets the Killbit for a few different Cisco ActiveX controls. This prevents the 3rd party controls from working in IE, due to vulnerabilities in them. Microsoft administrators should probably apply this update as well.

Finally, Adobe holds their Patch Day today. They only released one security bulletin for ColdFusion. The update fixes a denial of service (DoS) vulnerability in ColdFusion 10 and earlier, running on any platform. If you use ColdFusion, make sure to apply that patch, too.

I’ll release a more detailed alert about the Microsoft issues here shortly — Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles
, , , , , , ,

WatchGuard Security Week in Review: Episode 32 – UDID Leaks and Java Updates

September 7, 2012 by Corey Nachreiner 2 Comments

UDID Leak, Java Attack Updates, and Hacktivist breaches

A few years ago, we’d be lucky to see one major information security story in the news each week. Now, we consistently see more security news than the average IT guy can keep up with. If you’re looking for a quick summary of the most important information and network security news, you’ve come to the right place.

This week’s episode covers two updates to last week’s zero day Java exploit, three stories about hacktivist breaches (including on that involves iPhones and the FBI), and an early notification about next week’s Microsoft Patch Day. I even introduce a new virtualization OS that might excite some security professionals. If you’re interested in the latest security news and tips, press play below.

Since I try to summarize these stories quickly, I often forgo some details. If you want the whole scoop, make sure to check the links below. I’d also appreciate you sharing your comments and questions below, if you have any. If you do have questions, I’ll be sure to read and answer them in an upcoming episode.

(Episode Runtime: 11:29)

Direct YouTube Link: http://www.youtube.com/watch?v=KQcHk5kjo7s

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates
, , , , , , , , , , , , , , , , , , ,
Newer Entries
Older Entries

Follow

Get every new post delivered to your Inbox.

Join 7,114 other followers

%d bloggers like this: