Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-01-10 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Quicktime patches for Mac and Windows

Published: 2006-01-11
Last Updated: 2006-01-11 05:39:21 UTC
by Kyle Haugsness (Version: 2)
0 comment(s)
Is Apple hiding behind Microsoft's advisories?  Seems like Apple has been conveniently releasing security advisories on the same day as Microsoft's.  Conspiracy theory?  You be the judge.

Anyway, Apple released a security update to Quicktime.  http://docs.info.apple.com/article.html?artnum=303101  There are multiple vulnerabilities patched.  To summarize the advisory: A maliciously-crafted GIF/TIFF/TGA/QTIF image or multimedia file may result in arbitrary code execution.  Well that pretty much covers the whole web browsing thing. 

Given the week we've had, I suppose that everyone should go back to using netcat for surfing the web.

Update (from Scott):

For those using Quicktime on Windows, a quick note about the versions of Quicktime available to download at http://www.apple.com/quicktime/ .  As of  5:30 UTC that the default installer you download includes iTunes.  The version of Quicktime included is 7.0.3 which is vulnerable per the advisory above. However, if you download the standalone installer located at http://www.apple.com/quicktime/download/standalone.html , then you get the updated version of Quicktime 7.0.4.

Additionally, if you try to update the software using the "Update existing software..." item under the Help menu, then you receive a message about not being able to make an Internet connection to the software server. I receive the same message if I use the update message under the Quicktime settings window. Not sure if this is an odd configuration problem on my end, or if their update server is having problems.





Keywords:
0 comment(s)

Regularly scheduled MS updates

Published: 2006-01-10
Last Updated: 2006-01-10 20:46:39 UTC
by Kyle Haugsness (Version: 1)
0 comment(s)
Microsoft has released two more security bulletins today.  They made no changes to the WMF bulletin from last week.  I'll be updating this throughout the day.

The first issue, MS06-002, is another client vulnerability that is triggered by browsing to a malicious web server.  You should probably treat this with the same severity as you treated the WMF issue from last week.  The eEye advisory gives some more details about the issue here: http://www.eeye.com/html/research/advisories/AD20060110.html.  It seems that malicious files may have .eot extensions and you may want to consider blocking those file types on web surfing, but the eEye advisory specifically states that the file extension could be anything.  Given the recent speed of Metasploit modules for new exploits, I would guess that a new module to create exploit files will soon be available.  Another point to note is that the data is compressed, so writing IDS/IPS signatures may be difficult.

The second issue, MS06-003, affects Outlook and Microsoft Exchange and it also looks fairly serious.  If you can't patch your Exchange servers immediately, read the "workarounds" section of the bulletin for information about blocking files that could be triggering this vulnerability.  It mentions the possibility of blocking email with an attachment name "Winmail.dat", however this will create other issues.  Read the entire "workarounds" section of the bulletin for the complete story.

Keywords:
0 comment(s)
Diary Archives