|
|
AusCERT Week in Review for 8th June 2012 |
|
Date: 08 June 2012 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=15909 Greetings, The calm feeling of the past few weeks has given way to back to back action this week. As analysis of the Flame malware reveals more of its 'features' to the world, those impacted have taken appropriate action, including Microsoft this week. Infosec researchers have long dreaded the theoretical scenario where Microsoft's Windows Update is being used to deliver malware. This week we've discovered it's no longer a theory with Flame including forged MS Terminal Server certificates. I tip my hat to whomever is responsible for Flame, as they've just opened Pandora's box and let loose a collection of new malware technologies that garden variety malware writer will soon copy. Thanks a lot... (not) So if you've not already attended to them, here are my top 5 patches/actions for the week: 1) ESB-2012.0516 - ALERT [Win] Microsoft Windows: Access confidential data - Remote/unauthenticated If you run Windows on anything, then you should have already applied Microsoft's out of band patch mentioned in MS Security Advisory (2718704). A high priority. 2) ESB-2012.0518 - ALERT [Win][UNIX/Linux] BIND: Denial of service - Remote/unauthenticated Given that the Berkeley Internet Name Domain (BIND) servers provide much of the translation between humans using URLs all over the place, and computers and devices chatting away via IP addresses, then a remote denial of service against BIND could spoil things for many. Updated packages already exist for Debian and RedHat. A high priority. 3) ASB-2012.0082 - [Win][UNIX/Linux] Firefox , Thunderbird, and SeaMonkey: Multiple vulnerabilities Mozilla Firefox & Thunderbird must be feeling lucky at version 13 with a collection of important bugs squashed. If you use Firefox or Thunderbird then patching it is a must. Updated packages have been released for RedHat and Debian. Enterprise Windows users should consider using their favourite delivery method to update Mozilla products on their clients machines. 4) ESB-2012.0514 - [Debian] nut: Denial of service - Remote/unauthenticated Network UPS Tools is a suite of software used across various *nix flavours, Linux distributions as well as being available for OS X and Windows. It can talk to Solar Controllers, but more likely to be communicating with an Uninterruptible Power Supply. This update fixes CVE-2012-2944 which is quite desirable as a remote denial of service resulting in electric-power outage on devices connected to your UPS is best avoided. A high priority. 5) ASB-2012.0083 - [Win][UNIX/Linux][Mobile] LinkedIn: Access privileged data - Existing account The breach of 6.5 million unsalted LinkedIn passwords was well publicised and
its likely that most of them have been cracked by now. Resist the temptation to
type your LinkedIn password on a site that offers to tell you if it's been
stolen or not. Instead, take this as a good opportunity to change your LinkedIn
password to something new and unrelated to previous ones. While you're at it,
if you have a Last.fm or eHarmony account they've also been breached and will
need new passwords. Happy patching, |