Australia's Leading Computer Emergency Response Team

AusCERT Week in Review for 14th of September 2012
Date: 14 September 2012
Original URL: http://www.auscert.org.au/render.html?cid=7066&it=16342


Greetings!

Despite this week being a Microsoft Patch Week, it was relatively quiet on the security bulletin front.

Perhaps this eerie quiet-before-the-potential-storm condition may give you the opportunity to consider your organisation's disaster recovery and business continuity plans. Web host Go Daddy would certainly have dusted off theirs earlier this week.

Do you have an incident plan to cover a denial of service attack? Who will you call, which systems will you need to monitor, and what business continuity arrangements can you implement on short notice for your users and customers?

Remember any outstanding security related patch is a potential vector for compromise. I encourage you to take a brief look at that list of applications and business functions you may have drawn up after reading my last blog, and at the very least tackle your most critical items.

My personal picks for this week's top bulletins are:

1) ESB-2012.0882 - [Win][UNIX/Linux] DHCP: Denial of service - Remote/unauthenticated

A flaw in the IPv6 implementation can result in a denial of service condition for DHCP servers.

2) ESB-2012.0871 - [Win][UNIX/Linux] BIND: Denial of service - Remote/unauthenticated

Another denial of service condition, this time affecting name servers.

3) ESB-2012.0877 - [Win] Citrix Receiver and Citrix XenApp Plugin: Execute arbitrary code/commands - Remote with user interaction

The ubiquitous Citrix client (Receiver and XenApp) could provide an attacker a foot in the door of your organisation. Do you have fleets of thin-client devices, perhaps with no anti-virus installed, running a vulnerable Citrix client version?

4) ESB-2012.0874 - [Win] iTunes: Multiple vulnerabilities

Over one hundred and fifty individual CVEs have been addressed in the latest patch for Apple's popular iTunes application.

5) ESB-2012.0859 - [UNIX/Linux][Debian] xen: Denial of service - Existing account

A number of hypervisor / virtualisation products including Xen are vulnerable to a denial of service condition.

Have a great weekend,
Mike.