WatchGuard Security Center | Tag Archive

WatchGuard Security Week in Review: Episode 54 – Nuke Hackers

March 8, 2013 by Corey Nachreiner 2 Comments

Pwn2Own, Evernote Breach, and Nuke Cyber Attackers

Want a quick way to catch up on weekly information and network security (InfoSec) highlights? Well you’ve found the right place. In this episode of our InfoSec summary video, I talk about Evernote’s 50 million user data leak, web browsers falling to the Pwn2Own contest, and a U.S. government document that talks about nuclear retaliation against cyber attackers. Click play below for all the details, and check the Reference section for stories and links associated with the video.

If you have any suggestions, comments, or questions, leave them in the comment section. Meanwhile, stay safe out there.

(Episode Runtime: 7:27)

Direct YouTube Link: http://www.youtube.com/watch?v=ROG2LDBZZ9E

Episode References:

Evernote breached, 50 million customer credentials leaked - CRN
More Java Security Issues:
- Another emergency Java update – WGSC
- Java Exploit Kit sold in the wild - v3.co.uk
- Java Exploit leverages stolen digital certificate – CRN
All the browsers fall at Pwn2Own - Computer World
Google releases Chrome 25 security update - Chrome release blog
Mozilla releases Firefox 19.0.2 - Mozilla
U.S. DoD considers nuclear retaliation to cyber attacks - Gizmode
Resilient Military Systems and the Advanced Cyber Threat [PDF] - OSD.mil
EXTRAS
- Bitcoin heist results in 12K loses - Wired
- Living without Java, Reader, and Flash - PCWorld
- Google releases details about FBI info requests - Forbes
- Freeze and Android phone to crack file encryption - Computer Weekly

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates

WatchGuard Security Week in Review: Episode 53 – RSA 2013

March 1, 2013 by Corey Nachreiner 2 Comments

RSA 2013: Big Data, Chinese APT, and User Awareness

This week’s InfoSec news video comes from the 2013 RSA Security Conference in San Francisco. As such, much of the episode covers the major themes from the show flow. However, cyber attackers don’t take a break just because the security industry is having a pow-wow. I also cover other big stories from the week, including an emergency Flash update, a cPanel breach, new nation-state malware, and even an HTML5 trick than can fill you hard drive. Check out the episode below.

As always, feel free to browse the Reference section for more details on any of these stories, and thanks for watching. Comment if you have any suggestions.

(Episode Runtime: 10:11)

Direct YouTube Link: http://www.youtube.com/watch?v=AJbDQnkUToE

Episode References:

RSA-related Articles:
- Big Data helps and hinders security - ComputerWorld
- We need more user security education - v3.co.uk
- How to stop China hacking – CRN
- China claims the US attacks their military sites – Phys.org
Emergency Flash Patch Fixes 0day - WGSC
Researchers find two more Java 0day - ZDNet
cPanel support server breached, credentials stolen - The Register
Miniduke APT blog post [and PDF report] - Securelist Blog
FillDisk HTML5 (LocalStorage) hack - Jeffrey Carr Blog
EXTRAS
- Australia teen raided for gaming network hacks - ComputerWorld
- Stuxnet may have existed in 2005 - NetworkWorld
- Anonymous leaks BoA data, supposedly via a third party - ComputerWorld

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates

Adobe Reader X Update Corrects Zero Day Vulnerability

February 25, 2013 by Corey Nachreiner 0 Comments

Severity: High

Summary:

These vulnerabilities affect: Reader X (and Acrobat) 11.0.0.1 and earlier running on all platforms
How an attacker exploits them: By tricking you into opening malicious PDF documents (or by visiting web sites hosting such documents)
Impact: In the worst case, an attacker can execute code on your computer with your privileges. If you are an administrator, they gain complete control
What to do: Install the appropriate Reader update immediately, or let Adobe’s updater do it for you.

Exposure:

Adobe Reader helps you view PDF documents, while Acrobat helps you create them. Since PDF documents are very popular, most users install Reader to handle them.

Last week, Adobe released a security bulletin fixing two zero day vulnerabilities in the popular Reader program. We first described these zero day vulnerabilities in a WatchGuard Security Week in Review episode earlier in the month. Though the two flaws may differ technically, they share the same general scope and impact. If an attacker can entice you into opening a specially crafted PDF file, he can exploit either of these issues to execute code on your computer, with your privileges. If you have root or system administrator privileges, the attacker gains complete control of your machine.

Since attackers are exploiting these flaws in the wild, Adobe has assigned them a Priority 1 rating; especially against Windows and Mac computers. We recommend you patch immediately, if you haven’t already

Solution Path:

Adobe has released Reader and Acrobat updates. We recommend you download and deploy the corresponding update immediately, or let Adobe’s automatic updater do it for you.

Adobe Reader X 11.0.2
- For Windows
- For Mac
Adobe Acrobat X 11.0.2
- For Windows
- For Mac
Adobe Reader 9.5.4 for Linux

For All WatchGuard Users:

Attackers can exploit these flaws using diverse exploitation methods. Though our IPS and AV services may help prevent some of these attacks, or the malware they try to load, installing Adobe’s updates is your most secure course of action.

Status:

Adobe has released patches correcting these issues.

References:

Adobe Security Update APSB13-07

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

Security Updates

adobe, Flash Player, patch, Photoshop, shockwave, updates

WatchGuard Security Week in Review: Episode 52 – China APT1

February 25, 2013 by Corey Nachreiner 1 Comment

China APT1 Attackers and Java 0day Breaches

Welcome to another week of InfoSec news. If you’re subscribed to the YouTube channel directly, you probably noticed I posted last week’s video late last Friday. Unfortunately, I was catching a plane at the time, so I decided to wait until today to post the video blog entry. If you missed any of last week’s big information and network security news, you’ve come to the right place.

This week’s “on the road” episode covers Apple and Facebook network compromises, the zero day Java exploit that caused them, and one security company’s research alleging the Chinese government is behind many recents advanced persistent threat (APT) attacks. I also recommend some critical updates for Windows, Linux, and OS X users, so make sure to watch below.

This week I’ll be attending the RSA security conference, and recording another episode on the go, which means I may also post next week’s episode earlier or later than normal depending on my travel and event schedule. Until then, thanks for watching and stay frosty out there.

(Episode Runtime: 6:39)

Direct YouTube Link: http://www.youtube.com/watch?v=MolGboEK7nE

Episode References:

Facebook network breach (due to Java issues) - CBR Online
Apple employees infected by Malware - The Guardian
iPhonedevSDK site responsible for Java malware attacks - InfoWorld
Java updates for Windows and Mac due to attacks - WGSC
Mandiant China APT1 report (PDF) - Mandiant
Not everyone agrees with Mandiant research - Jeffrey Carr Blog
Mandiant video of supposed APT attack - The Next Web
EXTRAS
- Many Corp. Twitter accounts hijacked - ComputerWorld
- NBC web site temporarily hijacked? - Reuters
- VMware may start scheduling alerts - The Register
- Microsoft affected by malicious Java attack too – Forbes
- Adobe patches previous 0day reader vulnerabilities - Adobe

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates

WatchGuard Security Week in Review: Reader 0day

February 15, 2013 by Corey Nachreiner 4 Comments

Reader 0Day, Zombie Broadcast, and Bit9 Breach

Due to a busy work week, I was unable to create a fully produced InfoSec news summary video this week. I did post a very brief video (which you can find below), mostly to warn our YouTube subscribers about the missing episode. It contains very minimal detail about this week’s top security stories.

However, I won’t leave you hanging for your weekly security news fix. Below, you’ll find a bullet-list, which quickly summarizes many of this week’s most interesting Infosec news. See you next week.

Zero day Adobe Reader vulnerability - A security company, FireEye, discovered attackers exploiting a previously unknown vulnerability in Adobe Reader to install malware. Adobe hasn’t had time to fix it yet, but recommends you use “Protected View” mode to mitigate the issue. We’ll post more details when they patch.
President Obama signs cyber security executive order - As many expected, President Obama signed a cyber security executive order this week that allows government organizations to share security intelligence with some private organizations and asks critical infrastructure providers to up their security.
Bit9 breached and digital certificates stolen - A security company, Bit9, confirmed they were breached this week, and that attackers had stolen their digital certificates and used them to sign malware. Their excuse for the breach? They didn’t use their own product enough.
Hacked emergency broadcast system warns of zombie attack - Folks in some Montana counties were surprise when their television emergency broadcast system warned of a zombie attack. Unsurprisingly, it turns out the system was hacked.
More Ruby on Rail vulnerabilities - Researchers have found more vulnerabilities, like SQL injections, in Ruby on Rails. If you are a web developer who uses this package, go patch.
Microsoft’s February Patch Day- As always, Microsoft released a bunch of security updates this week. They fixed flaws in Windows, Exchange, Internet Explorer, and a few lesser known products. I released details about the updates here, so hopefully you’ve already patched.
Adobe Flash and Shockwave updates – Adobe also released important Shockwave and Flash Player updates during Microsoft’s Patch Day. I talked about those earlier, too. Make sure to patch!
The dangers of losing your master password - A well-known security researcher, Jeremiah Grossman, shares a great anecdote on how very strong security practices can come back and bite you due to user error.

Direct YouTube Link: http://www.youtube.com/watch?v=wQP_5bXgHbg (Runtime: 2:08)

Extra Stories:

Company offers high-end social network spying solutions - Computer Weekly
VMWare update fixed elevations of privilege vulnerability - The Register
Congress re-introducing the CISPA legislation – CNET
Jawbone MyLife service breached, account data stolen - CNET
Flash 0day exploited to spread “legitimate” government malware - PC World
iOS lockscreen vulnerabilities discovered - ZDNet

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates

android, Android 4.1, Anonymous, Dropbox, Facebook, Grum, hacking, ICS, Jellybean, malware, Oracle, Patches, SCADA, updates, vlog, WatchGuard Security Week in Review, yahoo

Adobe Patch Day: Shockwave and (More) Flash Updates

February 13, 2013 by Corey Nachreiner 1 Comment

Severity: High

Summary:

These vulnerabilities affect: Adobe Shockwave and Flash Player
How an attacker exploits them: Multiple vectors of attack, including enticing your users to open malicious files or visit specially crafted web sites
Impact: Various results; in the worst case, an attacker can gain complete control of your computer
What to do: Install the appropriate Adobe patches immediately, or let Adobe’s updater do it for you.

Exposure:

Yesterday, Adobe released two security bulletins describing vulnerabilities in both Shockwave and Flash Player. A remote attacker could exploit the worst of these flaws to gain complete control of your computer. The summary below details some of the vulnerabilities in these popular software packages.

APSB13-06: Two Shockwave Player Vulnerabilities

Adobe Shockwave Player displays interactive, animated web content and movies called Shockwave. According to Adobe, the Shockwave Player is installed on some 450 million PCs.

Adobe’s bulletin describes two security vulnerabilities that affect Shockwave Player 11.6.8.638 and earlier for Windows and Macintosh (as well as all earlier versions). Both flaws consist of memory corruption vulnerabilities (one being a stack buffer overflow), which share the same general scope and impact. If an attacker can entice one of your users into visiting a website containing some sort of malicious Shockwave content, he could exploit many of these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PC.

Adobe Priority Rating: 2 for Windows (Patch within 30 days)

APSB11-21 : Flash Player Update Corrects 13 Security Flaws

Adobe Flash Player displays interactive, animated web content called Flash. A report from Secunia states that 99% of Windows computers have Adobe Flash Player installed, so you users very likely have it.

Adobe’s update fixes 17 security vulnerabilities in Flash Player (for Windows, Mac, Linux, and Android), which they only describe in minimal detail. The flaws include buffer overflow vulnerabilities, “use after free” flaws, and other memory corruption issues. Though the vulnerabilities differ technically, most share the same scope and impact. In the worst case, if an attacker can lure one of your users to a web site with malicious Flash content, they could exploit some of these flaws to gain control of that user’s computer. We assume the attacker would only gain the privileges of the logged-in user. However, since most Windows users have local administrator privileges, the attacker would likely gain full control of Windows machines.

Flash has suffered many zero day vulnerabilities recently. This is actually the second Flash update for the month; the last being an emergency update. Since attackers are exploiting these vulnerabilities actively, we highly recommend you patch immediately.

Adobe Priority Rating: 1 for Windows (Patch within 72 hours)

Solution Path:

Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you:

APSB13-06: Upgrade to Shockwave 12.0.0.112
APSB13-05: Upgrade to the latest Flash Player (11.6.602.168 for Windows)

Keep in mind, if you use Google Chrome you’ll have to update it separately.

For All WatchGuard Users:

Attackers can exploit these flaws using diverse exploitation methods. However, WatchGuard’s XTM appliances can help in many ways. First, our IPS and AV services are often capable of detecting the malicious Flash or Shockwave files attackers are actually using in the wild. If you’d like, you can also configure our proxies to block Shockwave or Flash content. This, however, blocks both legitimate and malicious content. If you do want to block this Flash or Shockwave via the Web or email, see our manual for more details on how to configure our proxy policies’ content-filtering.

Status:

Adobe has released patches correcting these issues.

References:

Adobe Security Update APSB13-06
Adobe Security Update APSB13-05

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept)

Security Updates

adobe, Flash Player, patch, shockwave, updates

Windows Updates Fix a Wide Range of Security Vulnerabilities

February 12, 2013 by Corey Nachreiner 1 Comment

Severity: High

Summary:

These vulnerabilities affect: All current versions of Windows and some of the components that ship with it (such as DirectShow and the .NET Framework)
How an attacker exploits them: Multiple vectors of attack, including sending specially crafted packets, luring users to view malicious media or email, and so on
Impact: In the worst case, an attacker can gain complete control of your Windows computer.
What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Automatic Update do it for you.

Exposure:

Today, Microsoft released eight security bulletins that describe around 39 vulnerabilities affecting Windows or components related to it, such as the .NET Framework and DirectShow. Each of these vulnerabilities affects different versions of Windows to varying degrees.

A remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. We recommend you download, test, and deploy these updates – especially the critical ones – as quickly as possible.

The summary below lists the vulnerabilities, in order from highest to lowest severity.

MS13-011: DirectShow Media Decompression Vulnerability

DirectShow (code-named Quartz) is a multimedia component that helps Windows handle various media streams and files. It suffers from an unspecified vulnerability having to do with how it handles specially crafted media. By getting your users to interact with malicious media, an attacker could leverage this flaw to execute code on that user’s computer, with the user’s privileges. Attackers might lure users to their booby-trapped media by linking it as a direct download, embedding it in a document, or by hosting it as a malicious media stream.

Microsoft rating: Critical

MS13-020: Windows XP OLE Automation Vulnerability

Object Linking and Embedding (OLE) Automation is a Microsoft protocol which allows one application to share data with, or control, another application. It suffers from an unspecified remote code execution flaw having to do with how it parses maliciously crafted RTF files. If an attacker can convince you to open or preview a specially crafted RTF file in Windows, he could exploit this flaw to execute code on your machine, with your privileges. If you have administrative rights, the attacker would gain complete control of your computer. This flaw only affects Windows XP.

Microsoft rating: Critical

MS13-014: NFS Server DoS Vulnerability

Network File System (NFS) is an industry-wide protocol for sharing files and directories over a network. Windows Server software ships with NFS support to share files in mixed, Unix and Windows environments.

Windows’ NFS service suffers from something called a null dereference vulnerability, which attackers can leverage to cause a Denial of Service (DoS) condition on Windows servers. By attempting to rename a file or folder on a read-only share, an attacker could exploit this flaw to cause the server to stop responding or crash. However, a few factors mitigate the severity of this issue. Specifically, the flaw only affects servers with the NFS role enabled; the attacker needs access to an NFS share and legitimate credentials; and finally, most administrators don’t allow NFS access through their firewall.

Microsoft rating: Important

MS13-015: .NET Framework EoP Vulnerability

The .NET Framework is a software framework used by developers to create custom Windows and web applications. Though it only ships by default with Windows Vista, you’ll find it on many Windows computers.

The .NET Framework suffers from a technically complex elevation of privilege (EoP) vulnerability, where it unnecessarily elevates the permissions of a callback function when a .NET application creates a particular object. If an attacker can entice a user who’s installed the .NET Framework to a specially crafted web site, he can exploit this flaw to execute code on that user’s computer with full system privileges. This flaw also can affect non-web .NET applications, which an attacker runs directly on a system. The good news is most versions of IE will either block or warn you about the particular web content (XBAP) attackers use to leverage this flaw, which significantly mitigates its risk.

Microsoft rating: Important

MS13-016: Multiple Kernel-Mode Driver Vulnerabilities

The kernel is the core component of any computer operating system. Windows also ships with a kernel-mode device driver (win32k.sys), which handles the OS’s device interactions at a kernel level. The Windows kernel-mode driver suffers 30 race condition vulnerabilities. The vulnerabilities differ technically but share the same scope and impact. By running a specially crafted program, a local attacker can leverage any of these flaws to gain complete control of your Windows computers. However, in order to run his malicious program, the attacker would first need to gain local access to your computer or trick you into running the program yourself, which significantly lessens the severity of these issues.

Microsoft rating: Important

MS13-017 : Kernel Elevation of Privilege Vulnerability

As mentioned above, the kernel is the core component of any computer operating system. The Windows kernel suffers from three vulnerabilities (two race conditions), which attackers can leverage to elevate their privilege. By running a specially crafted program, a local attacker could exploit this flaw to gain complete control of your PC. However, the attacker would first need to gain local access to your Windows computer using valid credentials.

Microsoft rating: Important

MS13-018: Windows TCP/IP Stack DoS Vulnerability

As you would expect, the Windows TCP/IP stack is a set of networking protocols that allows your computer to get on the Internet and participate in modern networking. Unfortunately, the Windows TCP/IP stack suffers from a DoS vulnerability involving the way it parses specially crafted packets. In short, an attacker can lock or crash a Windows computer simply by sending it a sequence of specially crafted packets. Though Microsoft only rates this update as Important, attackers could repeatedly exploit it against your public Windows server, essentially knocking them offline. This could have serious implications for essential production servers. We recommend you test and apply this update immediately.

Microsoft rating: Important

MS13-019: CSRSS Elevation of Privilege Vulnerability

The Client/Server Run-time SubSystem (CSRSS) is an essential Windows component responsible for console windows and creating and deleting threads. It suffers from a local privilege elevation issue. By running a specially crafted application, an attacker can leverage this flaw to execute code with full system privileges, regardless of his actual user privilege. However, in order to run his special program, the attacker would first need to gain local access to your Windows computers using valid credentials. This factor significantly reduces the risk of this flaw.

Microsoft rating: Important

Solution Path:

Microsoft has released Windows, DirectShow (quartz.dll), and .NET Framework patches that correct all of these vulnerabilities. You should download, test, and deploy the appropriate updates throughout your network immediately. If you choose, you can also let Windows Update automatically download and install them for you.

The links below point directly to the “Affected and Non-Affected Software” section of each bulletin, where you can find links to the various updates:

For All WatchGuard Users:

WatchGuard’s Gateway Antivirus and Intrusion Prevention services can often prevent these sorts of attacks, or the malware they try to distribute.

More specifically, our IPS signature team has developed new signatures that can detect and block the DirectShow Media Decompression and OLE Automation vulnerabilities. Your XTM appliance should get this new IPS update shortly.

Nonetheless, attackers can exploit some of these flaws in other ways, including by convincing users to run executable files locally. Since your gateway appliance can’t protect you against local attacks, we still recommend you install Microsoft’s updates to completely protect yourself from these flaws.

Status:

Microsoft has released patches correcting these issues.

References:

Microsoft Security Bulletin MS13-011
Microsoft Security Bulletin MS13-014
Microsoft Security Bulletin MS13-015
Microsoft Security Bulletin MS13-016
Microsoft Security Bulletin MS13-017
Microsoft Security Bulletin MS13-018
Microsoft Security Bulletin MS13-019
Microsoft Security Bulletin MS13-020

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

What did you think of this alert? Let us know at your.opinion.matters@watchguard.com.

Security Updates

.NET Framework, buffer overflow, elevation of Privilege, IPS, Kernel-mode drivers, microsoft patch day, MSXML, OData, SSL/TLS, updates, windows, Windows 8. Windows RT

MS Black Tuesday: 12 Bulletins, 57 Flaws, and Lots of Work

February 12, 2013 by Corey Nachreiner 3 Comments

Though not the biggest on record, today’s Patch Day is no slouch.

As expected, Microsoft released a dozen security bulletins, fixing 57 vulnerabilities that affect a range of their software, including:

Windows (and its components)
.NET Framework
Internet Explorer (IE)
Exchange Server
Fast Search Server 2010

According to the summary alert, Microsoft rates five of the bulletins as Critical, which typically means remote attackers can exploit them to gain control of affected computers (usually with little to no user interaction). In general, I recommend you apply these Critical updates first.

In particular, I’d start with the two IE updates since attackers often target users with drive-by download attacks. Also, jump on the Exchange server update immediately, as it fixes an issue attackers could easily exploit with a specially crafted email and attachment—not to mention, your email server is a pretty critical asset.

Though not as serious as other issues, one of Microsoft’s alerts describes a Windows TCP/IP Denial of Service vulnerability, which it sounds like attackers could exploit with a single malicious packet. I haven’t seen this sort of “Ping of Death”-like DoS vulnerability in a while.

As always, I recommend you test the updates before deploying them to a production environment. If you don’t have time or resources to test all of them, at least try to test the server-related updates.

As an aside, WatchGuard’s IPS signature team gets early warning about Patch Day, and will release a new signature update that detects some of the described issues shortly. The have developed signatures for the following Patch Day-related issues:

CVE-2013-0015
CVE-2013-0018
CVE-2013-0019
CVE-2013-0020
CVE-2013-0021
CVE-2013-0022
CVE-2013-0023
CVE-2013-0024
CVE-2013-0025
CVE-2013-0026
CVE-2013-0027
CVE-2013-0028
CVE-2013-0029
CVE-2013-0030
CVE-2013-0077
CVE-2013-1313

We’ll post consolidated alerts throughout the day, sharing more details about these bulletins and updates. Stay tuned. — Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles

.net, .NET Framework, Black Tuesday, DoS, Exchange Server, Fast Search Server 2010, ie, internet explorer, microsoft, patch day, Patches, updates, windows, Windows 8, Windows RT

WatchGuard Security Week in Review: Episode 51 – Flash 0day

February 8, 2013 by Corey Nachreiner 3 Comments

Flash Exploit, ICS Hacks, and Federal Reserve Bank Breach

We’ve had another busy week of security news, with more stories than I can cover in a short video. So I’ll stick to the highlights. Today’s episode talks about a couple Adobe Flash zero day vulnerabilities, the latest Anonymous hijinks, some cross-platform mobile malware, and more. If you missed this week’s InfoSec news, and want to learn about the biggest stories (including how to defend against the latest attacks), click the play button below. Also, check out the Reference section for links to some other interesting security stories I skipped.

Enjoy your weekend, and stay frosty out there.

(Episode Runtime: 8:03)

Direct YouTube Link: http://www.youtube.com/watch?v=B6YdI3NGwlg

Episode References:

February Microsoft Patch Day brings a dozen bulletins – WGSC
Zero day Adobe Flash vulnerabilities in the wild - WGSC
Anonymous breaches Federal Reserve site and leaks Banker PII - ZDNet
Radio Free Security episode including Aaron Swartz/Anonymous story – WGSC
Lucky 13 SSL and TLS crypto weakness - Ars Technica
DroidCleaner cross-platform android malware - Gizmodo
Building ICS software vulnerabilities can affect elevators, boilers, and more - Wired
EXTRAS
- US Department of Energy breached - Help Net Security
- Beebus: New advanced malware (APT?) - Computer Weekly
- Citadel authors re-focusing on cyber espionage - McAfee
- EU releases Cyber Security Strategy - Tech World
- US President can order pre-emptive cyber attacks - Computer World
- Microsoft legal team takes down another botnet - Naked Security
- Iran releases hacked US drone footage - Rinf.com
- List of vulnerable routers from last week’s UPnP vulnerabilities - DefenseCode Blog
- BREAKING: Bit9 breached, and Certs stolen for malware – The Register

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates

Microsoft Piles on Patches Next Tuesday

February 7, 2013 by Corey Nachreiner 1 Comment

February looks to be a busy month for Microsoft administrators. According to the latest advanced patch notification, the Redmond-based software company plans to release a dozen security bulletins next Tuesday. The bulletins will fix security flaws in Windows, Internet Explorer (IE), Office, the .NET Framework, and Exchange server. Microsoft rates five of the bulletins as Critical, and the rest as Important.

In the middle of last month, Microsoft released an out-of-cycle IE update to fix a flaw attackers were leveraging in the wild. It appears that update didn’t fix everything in IE since at least two of the upcoming bulletins affect the popular web browser.

As always, we’ll share more about these updates, and the vulnerabilities they correct, next week. You can also expect our IPS signature team to have signatures prepared for any known exploits that Microsoft shares with us. In the meantime, prepare your IT team for a pretty full plate of patches. — Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles

.NET Framework, Black Tuesday, ie, internet explorer, IPS, microsoft, Microsoft Servers, office, patch day, Patches, updates, windows

Pwn2Own, Evernote Breach, and Nuke Cyber Attackers

Episode References:

Share this:

Like this:

RSA 2013: Big Data, Chinese APT, and User Awareness

Episode References:

Share this:

Like this:

Severity: High

Summary:

Exposure:

Solution Path:

For All WatchGuard Users:

Status:

References:

Share this:

Like this:

China APT1 Attackers and Java 0day Breaches

Episode References:

Share this:

Like this:

Reader 0Day, Zombie Broadcast, and Bit9 Breach

Extra Stories:

Share this:

Like this:

Severity: High

Summary:

Exposure:

Solution Path:

For All WatchGuard Users:

Status:

References:

Share this:

Like this:

Severity: High

Summary:

Exposure:

Solution Path:

For All WatchGuard Users:

Status:

References:

Share this:

Like this:

Share this:

Like this:

Flash Exploit, ICS Hacks, and Federal Reserve Bank Breach

Episode References:

Share this:

Like this:

Share this:

Like this:

Email Subscription

Links

Tags

Top Posts

Archives

Follow “WatchGuard Security Center”