Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Today's Adobe Patches and Vulnerablities

Published: 2010-11-04
Last Updated: 2010-11-04 22:27:50 UTC
by Johannes Ullrich (Version: 1)
19 comment(s)

It is not easy to keep up with Adobe these days. Patches and new exploits are almost released on a daily schedule. So here is the current "State of Adobe" the way I see it:

Product Latest Version Latest Vulnerabilities
PDF Reader 9.4.0

version 9.4.0 (latest version) is vulnerable
Adobe Reader Unspecified Memory Corruption Vulnerability
Secunia #SA42095, no CVE Number assigned yet

Flash Player 10.1.102.64 version 10.1.85.3 is vulnerable. Patch released today (Nov. 4th)
"Authplay Vulnerability"
CVE-2010-3654
Shockwave Player 11.5.9.615 11.5.9.615 (latest version) is vulnerable
Shockwave Settings" Use-After-Free Vulnerability)
Secunia# SA42112, no CVE Number assigned yet
Acrobat 9.4.0 version 9.4.0 (latest version) is vulnerable
"Authplay Vulnerability"
CVE-2010-3654

 

Air 2.5 version 2.0.3 is vulnerable (old version)

 Please let me know if you have corrections, or better if you find a simple overview about "the state of Adobe bugs" on Adobe's own site. Any Adobe people out there: Feel free to copy the concept :). This table will be "frozen" to today's state and we may update similar, updated tables in the future as a new article.

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: adobe
19 comment(s)

Microsoft Smart Screen False Positivies

Published: 2010-11-04
Last Updated: 2010-11-04 19:30:31 UTC
by Johannes Ullrich (Version: 2)
2 comment(s)

We received a couple of reports about Microsoft's "Smart Screen" flagging harmless sites as malicious. Initially, we considered the possibility of an infected ad service. But it may be a bug in Smartfilter as well. Some reports on twitter [1] show that the problem has been resolved.

Please let us know if you have sample URLs that are still affected.

To disable smart screen: Select "Internet Options" from the "Tools" menu. Select the "Advanced" tab and find the "Enable SmartScreen Filter"  setting (about the 10th item from the bottom. Scroll all the way down). Needless to say: This will also remove the smart screen protection from real-evil sites, not just from appear-to-be-evil-to-smartscreen-today sites. The setting should only be changed if you can't wait for the problem to be fixed.

[1] http://twitter.com/#!/search/%23smartscreen

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

2 comment(s)

Microsoft Patches Pre-Announcement

Published: 2010-11-04
Last Updated: 2010-11-04 19:08:23 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

Microsoft published its pre-announcement for next Tuesday's patch release [1]. Looks light and easy this time. A total of 3 patches. One for Office, one for Powerpoint and one for the Forefront Unified Access Gateway.

Note that the Office patch will apply to the just released Office for Mac 2011.

[1] http://www.microsoft.com/technet/security/bulletin/ms10-nov.mspx

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: microsoft patches
3 comment(s)

DNSSEC Progress for .com and .net

Published: 2010-11-04
Last Updated: 2010-11-04 15:26:52 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

VeriSign announced that starting December 9th, .net and .com domains will be authenticated using DNSSEC. Right now, signatures are available for .net and .com, but they are not yet valid. The roll out will happen in stages, similar to the roll out for the root zone.

Verisign also offers a nice DNSSEC debugger [2]. In case you implement DNSSEC, use it to test your zone, as well as a DNSSEC Test site [3] to check if your resolver uses DNSSEC.

 

[1] http://www.verisign.com/domain-name-services/domain-information-center/dnssec-resource-center/index.html
[2] http://dnssec-debugger.verisignlabs.com/
[3] http://test.dnssec-or-not.org/
[4] http://www.h-online.com/security/news/item/Fast-start-of-DNSSEC-with-net-and-com-1128982.html

 and if you missed it... the solution is out for our DNSSEC related packet challenge: http://johannes.homepc.org/packet.txt

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: dns dnssec
0 comment(s)
Diary Archives