AusCERT Week in Review for 24th August 2012

Date: 24 August 2012 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=16258 Greetings and welcome to my first ever Week in Review! Just as many organisations began the cycle of patch, test, and production deployment for Adobe's "patch Tuesday" Flash Player critical update, a second patch addressing six new critical vulnerabilities was announced this week on 22 Aug. Five of these vulnerabilities earn a base CVSS score of 10.0, and last week's Flash patch was not far off at 9.3. I'm certain the increasing rate of vulnerability discovery, in-the-wild exploitation and vendor patch availability is an unwelcome diversion for security and system administration teams, which is why I believe the industry needs to look towards alternative strategies to supplement the traditional patching cycle - and hence reduce the risk of malware infection. It may seem like a difficult task to list applications and websites against their business functions within an organisation, however this can assist with a priority-based approach to patching. For example, you could decide to block Flash content at the gateway for all but your business critical web sites, until Adobe's patch can be rolled out. You won't earn any popularity awards when your users fail to reach their favourite YouTube video, but at least you'll be less likely to find yourself chasing bot-net nodes out of your environment. Your disaster recovery and business continuity colleagues very likely have that list of applications ready to go. So then, no prizes for guessing the first of my top five bulletins for this week: 1. ESB-2012.0800 - [Win][Linux][Mac][OSX] Adobe Flash Player: Multiple vulnerabilities How's your patch, test, deploy cycle looking? 2. ESB-2012.0790 - ALERT [Win] SAP Crystal Reports: Administrator compromise - Remote/unauthenticated Attackers exploiting this vulnerability gain SYSTEM user privileges on the target machine. 3. ESB-2012.0805 - ALERT [Win] HP Operations Agent for NonStop Server: Administrator compromise - Remote with user interaction Just one of five unpatched vulnerabilities in various HP server tools and SAN products disclosed this week under the Zero Day Initiative's 180-day deadline. 4. ESB-2012.0802 - [Win][UNIX/Linux][Debian] libapache2-mod-rpaf: Denial of service - Remote/unauthenticated Apache web servers running the reverse proxy add forward module are vulnerable to a denial of service attack. 5. ESB-2012.0796 - [Linux][RedHat] Kernel: Denial of service - Existing account A kernel update for Linux - well, it's been a while since I rebooted any of my kit. Don't forget to visit and Like AusCERT's new Facebook page: https://www.facebook.com/AusCERT Enjoy your weekend! Mike.