Information Security Office

Security Updates from Vendors

Malware Campaigns Impersonating U.S. Government Agencies

added Tuesday, August 28, 2012 at 4:31 pm

US-CERT is aware of multiple malware campaigns impersonating multiple U.S. government agencies, including the United States Cyber Command (USCYBERCOM) and the Federal Bureau of Investigation (FBI). Once installed on a system, the malware displays a screen claiming that a Federal Government agency has identified the user's computer as being associated with one or more crimes. The user is told to pay a fine to regain the use of the computer, usually through prepaid money card services.

Affected users should not follow the payment instructions. US-CERT encourages users to follow the recommendations in Security Tip ST05-006, Recovering from Viruses, Worms, and Trojan Horses. Users may also choose to file a complaint with the FBI's Internet Crime Complaint Center (IC3).

Oracle Java 7 Security Manager Bypass Vulnerability

 

Systems Affected

Any system using Oracle Java 7 (1.7, 1.7.0) including:

  • Java Platform Standard Edition 7 (Java SE 7)
  • Java SE Development Kit (JDK 7)
  • Java SE Runtime Environment (JRE 7)

Web browsers using the Java 7 Plug-in are at high risk.

Overview

A vulnerability in the way Java 7 restricts the permissions of Java applets could allow an attacker to execute arbitrary commands on a vulnerable system.

Description

A vulnerability in the Java Security Manager allows a Java applet to grant itself permission to execute arbitrary operating system commands. An attacker could use social engineering techniques to entice a user to visit a link to a web site hosting a malicious applet.

Any web browser using the Java 7 Plug-in is affected.

Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available.

Impact

By convincing a user to load a malicious Java applet, an attacker could execute arbitrary operating system commands on a vulnerable system with the privileges of the Java Plug-in process.

Solution

Disable the Java Plug-in

Disabling the Java web browser plug-in will prevent Java applets from from running. Here are instructions for several common web browsers:

  • Apple Safari: How to disable the Java web plug-in in Safari
  • Mozilla Firefox: How to turn off Java applets
  • Google Chrome: See the "Disable specific plug-ins" section of the Chrome Plug-ins documentation.
  • Microsoft Internet Explorer: Change the value of the UseJava2IExplorer registry key to 0. Depending on the versions of Windows and the Java plug-in, the key can be found in these locations:
    • HKLM\Software\JavaSoft\Java Plug-in\{version}\UseJava2IExplorer
    • HKLM\Software\Wow6432Node\JavaSoft\Java Plug-in\{version}\UseJava2IExplorer
    • The Java Control Panel (javacpl.exe) does not reliably configure the Java plug-in for Internet Explorer. Instead of editing the registry, it is possible to run javacpl.exe as Administrator, navigate to the Advanced tab, Default Java for browsers, and use the space bar to de-select the Microsoft Internet Explorer option.

Use NoScript

NoScript is a browser extension for Mozilla Firefox browsers that provides options to block Java applets.

 

Microsoft Releases August Security Bulletin

added Wednesday, August 15, 2012 at 9:39 am

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SQL Server, Server Software, Developer Tools, and Exchange Server as part of the Microsoft Security Bulletin summary for August 2012. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

Additional information regarding the bulletin can be found in US-CERT Technical Alert TA12-227A.

Mozilla Releases Multiple Updates

added Wednesday, July 18, 2012 at 12:21 pm

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities:

  • Firefox 14
  • Firefox ESR 10.0.6
  • Thunderbird 14
  • Thunderbird ESR 10.0.6
  • SeaMonkey 2.11

These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, disclose sensitive information, operate with elevated privileges, bypass security restrictions, or perform a cross-site scripting attack.

US-CERT encourages users and administrators to review the Mozilla Foundation Advisory for Firefox 14, Firefox ESR 10.0.6, Thunderbird 14, Thunderbird ESR 10.0.6, and SeaMonkey 2.11 and apply any necessary updates to help mitigate the risk.

Yahoo Voice User names and passwords hacked

Recommendation to this hack is to change passwords on any Yahoo account.  

Microsoft Releases July Security Bulletin

added Thursday, July 5, 2012 at 01:53 pm | updated Tuesday, July 10, 2012 at 3:23 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, Developer Tools, and Server Software as part of the Microsoft Security Bulletin summary for July 2012. These vulnerabilities may allow an attack to execute arbitrary code, operate with elevated privileges, or disclose sensitive information.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

Google Releases Google Chrome 20.0.1132.43

added Wednesday, June 27, 2012 at 11:37 am

Google has released Google Chrome 20.0.1132.43 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 20.0.1132.43.

Microsoft Releases Security Advisory for Microsoft XML Core Services

added Wednesday, June 13, 2012 at 11:45 am | updated Monday, June 25, 2012 at 9:46 am

Microsoft has released Security Advisory 2719615 to address a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. This vulnerability may allow an attacker to execute arbitrary code if a user accesses specially crafted web pages using Internet Explorer. According to the advisory, this vulnerability is currently being exploited in the wild.

US-CERT encourages users and administrators to review Microsoft Security Advisory 2719615. The advisory indicates that the workaround does not correct the vulnerability, but it may help mitigate the risk against known attack vectors.

Update: Additional information regarding CVE-2012-1889 can be found in the US-CERT Technical Alert TA12-174A.

Apple Releases Java Update for OS X Lion and Mac OS X

added Thursday, June 14, 2012 at 12:53 pm

Apple has released a Java update to address multiple vulnerabilities for the following products:

  • Mac OS X v10.6.8
  • Mac OS X Server v10.6.8
  • OS X Lion v10.7.4
  • OS X Lion Server v10.7.4

These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple article HT5319 and apply any necessary updates to help mitigate the risks.

Microsoft Releases Security Advisory for Microsoft XML Core Services

added Wednesday, June 13, 2012 at 11:45 am

Microsoft has released Security Advisory 2719615 to address a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. This vulnerability may allow an attacker to execute arbitrary code if a user accesses specially crafted web pages using Internet Explorer. According to the advisory, this vulnerability is currently being exploited in the wild.

US-CERT encourages users and administrators to review Microsoft Security Advisory 2719615. The advisory indicates that the workaround does not correct the vulnerability, but it may help mitigate the risk against known attack vectors.

US-CERT will provide additional information as it becomes available.

Adobe Releases Security Bulletin for Adobe Flash Player

added Monday, June 11, 2012 at 9:11 am

Adobe has released a Security Bulletin for Adobe Flash Player to address vulnerabilities affecting the following software versions:

  • Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh, and Linux
  • Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x

These vulnerabilities may allow an attacker to take control of the affected system or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Adobe Security Bulletin APSB12-14 and apply any necessary updates to help mitigate the risk.

Microsoft Emergency Bulletin: Unauthorized Certificate used in "Flame"

Microsoft just released an emergency bulletin, and an associated patch, notifying users of Windows that a "unauthorized digital certificates derived from a Microsoft Certificate Authority" was used to sign components of the "Flame" malware. 

The update revokes a total of 3 intermediate certificate authorities: 

 

  • Microsoft Enforced Licensing Intermediate PCA (2 certificates)
  • Microsoft Enforced Licensing Registration Authority CA (SHA1)

It is not clear from the bulletin, who had access to these intermediate certificates, and if they were abused by an authorized user, or if they were compromised and used by an unauthorized user. Either way: Apply the patch.

The bulletin also doesn't state if this intermediate certificate authority or certificates derived from it could be used to fake the patch. Microsoft Certificates are used to sign patches, and a compromise could lead to a sever break in the trust chain. The use of a "real" Microsoft certificate is surely going to increase the speculations as to the origin of Flame.

[1] http://technet.microsoft.com/en-us/security/advisory/2718704
[2] http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx

 

Apple Releases QuickTime 7.7.2

added Wednesday, May 16, 2012 at 10:23 am

Apple has released QuickTime 7.7.2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple Support Article HT5261 and apply any necessary updates to help mitigate the risk.

Google Releases Google Chrome 19

added Tuesday, May 15, 2012 at 2:13 pm

Google has released Google Chrome 19 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 19.

Apple Releases Multiple Security Updates

added Thursday, May 10, 2012 at 2:30 pm

Apple has released security updates for Apple OS X and Safari to address multiple vulnerabilities for the following products:

  • Safari 5.1.7 for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion Server v10.7.4, OS X Lion v10.7.4, Windows 7, Vista, XP SP2 or later
  • OS X Lion v10.7.4 and Security Update 2012-002 for OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3, Mac OS X v10.6.8, Mac OS X Server v10.6.8

Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, operate with elevated privileges, cause a denial-of-service condition, or perform a cross-site scripting attack.

US-CERT encourages users and administrators to review Apple articles HT5281 and HT5282 and apply any necessary updates to help mitigate the risks.

Adobe Releases Security Bulletins for Multiple Products

added Wednesday, May 9, 2012 at 12:43 pm

Adobe has released security bulletins to alert users of critical vulnerabilities in multiple products. The following products are affected:

  • Adobe Illustrator CS 5.5 and earlier versions for Windows and Macintosh
  • Adobe Photoshop CS 5.5 and earlier versions for Windows and Macintosh
  • Adobe Flash Professional CS 5.5 (11.5.1.349) and earlier versions for Windows and Macintosh
  • Shockwave Player 11.6.4.634 and earlier versions for Windows and Macintosh

Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or take control of an affected system.

US-CERT encourages users and administrators to review the Adobe security bulletin and apply any necessary updates to help mitigate the risk.

Microsoft Releases May Security Bulletin

added Tuesday, May 8, 2012 at 03:38 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, .NET Framework, and Silverlight as part of the Microsoft Security Bulletin Summary for May 2012. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

 

iOS 5.1.1 Software Update for iPod, iPhone, iPad

Apple released iOS 5.1.1 for iPod, iPhone, iPad (exclude Mac OS X) only available through iTunes. The updates address Safari and WebKit for iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2. At the time of this writing, the advisory was still not posted (APPLE-SA-2012-05-07-1) but the update is available through iTunes.

http://support.apple.com/kb/HT1222

Security update available for Adobe Flash Player

Release date: May 4, 2012

Adobe released security updates for Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x. These updates address an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system. 
There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only.

Adobe recommends users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.235. Flash Player installed with Google Chrome was updated automatically, so no user action is required. Users of Adobe Flash Player 11.1.115.7 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.8. Users of Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.9.

For more information got to Adobe's Website

Google Releases Chrome 18.0.1025.168

Tuesday, May 1, 2012 at 09:58 am

Google has released Chrome 18.0.1025.168 for Linux, Macintosh, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 18.0.1025.168.

DNSChanger Malware

Tuesday, April 24, 2012 at 2:20 pm

US-CERT encourages users and administrators to ensure their systems are not infected with the DNSChanger malware by utilizing tools and resources available at the DNS Changer Working Group (DCWG) website. Computers testing positive for infection of DNSChanger malware will need to be cleaned of the malware in order to maintain continued internet connectivity beyond July 9, 2012.

On November 8, 2011, the FBI, NASA-OIG, and Estonian police arrested several cyber criminals in "Operation Ghost Click." The criminals operated under the company name "Rove Digital," and distributed DNS changing viruses, variously known as TDSS, Alureon, TidServ, and TDL4 viruses.

Additional information about Operation Ghost Click and the DNSChanger malware is available at the FBI website.

 

 

Apple Releases Flashback Malware Security Updates

Monday, April 16, 2012 at 2:35 pm

Apple has released security updates to address Flashback malware in the following products:

  • OS X Lion v10.7.3
  • OS X Lion Server v10.7.3
  • Mac OS X v10.6.8
  • Mac OS X Server v10.6.8

Apple has released a malware removal tool for the most common variant of the Flashback malware. If malware is discovered, the tool will notify the user and remove it automatically. If the malware is not discovered no indication will be given.

US-CERT encourages users and administrators to review article HT5247 and HT5254 and apply any necessary updates to help mitigate the risk.

Adobe Releases Security Bulletin for Adobe Reader and Acrobat

Tuesday, April 10, 2012 at 2:43 pm

Adobe has released a security bulletin to address multiple vulnerabilities in Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier versions for Linux, and Adobe Acrobat X (10.1.2) and earlier versions for Windows and Macintosh. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Adobe security bulletin APSB12-08 and apply any necessary updates to mitigate the risks.

Microsoft Releases April Security Bulletin

Thursday, April 5, 2012 at 04:14 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, Server Software, Developer Tools, and Forefront United Access Gateway as part of the Microsoft Security Bulletin Summary for April 2012. These vulnerabilities may allow an attacker to execute arbitrary code or disclose sensitive information.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.