Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2014-07-08 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ISC StormCast for Wednesday, July 9th 2014 http://isc.sans.edu/podcastdetail.html?id=4053

Microsoft Patch Tuesday - July

Published: 2014-07-08
Last Updated: 2014-07-08 18:06:22 UTC
by Alex Stanford (Version: 1)
1 comment(s)

Overview of the July 2014 Microsoft patches and their status.

# Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*)
clients servers
MS14-037 Cumulative Security Update for Internet Explorer
Microsoft Windows, Internet Explorer

CVE-2014-1763 CVE-2014-1765 CVE-2014-2785 CVE-2014-2786 CVE-2014-2787 CVE-2014-2788 CVE-2014-2789 CVE-2014-2790 CVE-2014-2791 CVE-2014-2792 CVE-2014-2794 CVE-2014-2795 CVE-2014-2797 CVE-2014-2798 CVE-2014-2800 CVE-2014-2801 CVE-2014-2802 CVE-2014-2803 CVE-2014-2804 CVE-2014-2806 CVE-2014-2807 CVE-2014-2809 CVE-2014-2813 CVE-2014-1763 CVE-2014-1765 CVE-2014-2783 CVE-2014-2785 CVE-2014-2786 CVE-2014-2787 CVE-2014-2788 CVE-2014-2789 CVE-2014-2790 CVE-2014-2791 CVE-2014-2792 CVE-2014-2794 CVE-2014-2795 CVE-2014-2797 CVE-2014-2798 CVE-2014-2800 CVE-2014-2801 CVE-2014-2802 CVE-2014-2803 CVE-2014-2804 CVE-2014-2806 CVE-2014-2807 CVE-2014-2809 CVE-2014-2813
KB 2975687 Yes! Severity:Critical
Exploitability: 1
Critical Important
MS14-038 Vulnerability in Windows Journal Could Allow Remote Code Execution
Microsoft Windows

CVE-2014-1824
KB 2975689 No Severity:Critical
Exploitability: 1
Critical Critical
MS14-039 Vulnerability in On-Screen Keyboard Could Allow Elevation of Privilege
Microsoft Windows

CVE-2014-2781
KB 2975685 No Severity:Important
Exploitability: 1
Important Important
MS14-040 Vulnerability in Ancillary Function Driver
Microsoft Windows

CVE-2014-1767
KB 2975684 No Severity:Important
Exploitability: 1
Important Important
MS14-041 Vulnerability in DirectShow Could Allow Elevation of Privilege
Microsoft Windows

CVE-2014-2780
KB 2975681 No Severity:Important
Exploitability: 1
Important Important
MS14-042 Vulnerability in Microsoft Service Bus Could Allow Denial of Service
Microsoft Server Software

CVE-2014-2814
KB 2972621 Yes! Severity:Moderate
Exploitability: 1
Less Urgent Less Urgent
We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: Practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.

-- 
Alex Stanford - GIAC GWEB,
Research Operations Manager,
SANS Internet Storm Center

Keywords: mspatchday
1 comment(s)

Hardcoded Netgear Prosafe Switch Password

Published: 2014-07-08
Last Updated: 2014-07-08 15:23:30 UTC
by Johannes Ullrich (Version: 1)
4 comment(s)

Update: Cert.org corrected it's advisory. The GS105PE is affected, not the GS108PE as indicated earlier. The NVD CVE entry still lists the old model number [2]. 

Yet another hard coded password. This time it's Netgear's Prosafe Switch (GS105PE) running firmware version 1.2.0.5 and earlier [1]. The pre-configured username is "ntgruser" and the password is "debugpassword". If you have any Netgear equipment, it may be worthwhile checking for this username and password even if your device isn't listed as vulnerable.

Sadly, at this point there doesn't appear to be a solution to the problem, other then returning the switch to the store and buying another one if you can.

CVE Number: CVE-2014-2969 [2]

 

[1] http://www.kb.cert.org/vuls/id/143740
[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2969

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

4 comment(s)
Diary Archives