| |
 |
 |
 |
|
|
|
|
Date: 12 April 2013
Click here for printable version
Greetings,
The 8th of April marked the start of the one-year countdown until Windows XP SP3 becomes unsupported. This implies that from the 8th of April 2014, Microsoft will not be publicly releasing any new security updates for Windows XP SP3. Any person still running this operating system will be susceptible to any of the new flaws found by security researchers, malware developers and exploit developers. Windows XP will still be targeted by these people as long as this operating system is still used by a percentage of consumers. We would encourage people to upgrade to a newer version of Microsoft Windows, or to try out a supported version of Linux, BSD, Mac OS operating system to avoid being at a heightened risk of infection or compromise when Windows XP becomes unsupported.
Speaking of Microsoft, this Tuesday was the second Tuesday of the month equating to Microsoft’s patch Tuesday, which brought us nine security bulletins fixing 14 vulnerabilities. Three of which are critical vulnerabilities; two concerning Internet Explorer and the last one affecting Microsoft’s remote desktop protocol. Please note that there have been reports of issues after installing KB2823324, which is part of MS13-036. Microsoft have stated “Microsoft is investigating behaviour wherein systems may fail to recover from a reboot or applications fails to load after security update 2823324 is applied. Microsoft recommends that customers uninstall this update.”
The Cutwail botnet, a botnet that has been spreading the banking Trojan Zeus, has added to its malware repertoire a new Android Trojan called Stels. According to Brett Stone-Gross, Stels has many purposes, such as: stealing the contacts list, harvesting information pertaining to the device it is running on, making phone calls, sending SMS messages, monitoring SMS messages and adding/removing or executing applications or files. This malware is spread through emails (mostly pretending to be a national taxation office) which link to a compromised website hosting an instance of the Blackhole exploit kit. It will then check the user-id agent that is sent from the device to the webpage to determine which operating system is running on the machine requesting access to the web page. If it is an Android device, it will display a warning page saying that Adobe Flash needs to be updated with a link to the infected application. The user must accept to download the package and install it. The malware is now detected by 19 of the 46 anti-virus engines available through Virus-total. Removing it is as simple as just uninstalling it from the uninstall menu, however other backdoors may have been added to the device since it has the ability to install other applications.
My little tip of the week: Wordpress.com have added “two-step” authentication for account holders at their website. This can be done either by using the Google Authenticator application or by giving your phone number to receive the code by SMS. Just be sure that your mobile device is not currently infected by something like the Stels Trojan or the added security may be ineffective.
Here’s this week’s list of security bulletins that the CC Team felt important to highlight:
1/ ESB-2013.0508 - [Win][Linux][Apple iOS][Android][OSX] Adobe Flash Player & AIR: Multiple vulnerabilities
This is Adobe’s monthly flash update, which patches four vulnerabilities that may be used to execute arbitrary code.
2/ ESB-2013.0499 - [Win] Internet Explorer: Execute arbitrary code/commands - Remote with user interaction
Two use after free vulnerabilities have been patched in Internet Explorer which may result in the execution of arbitrary commands if the logged in user accesses a specially crafted web page.
3/ ESB-2013.0500 - [Win] Remote Desktop Client: Execute arbitrary code/commands - Remote with user interaction
A remote code execution vulnerability with user interaction exists in Window’s Remote Desktop client. This definitely should be patched, especially if you have a need to use this over the internet.
4/ ASB-2013.0051 - [VMware ESX][Linux][FreeBSD][Solaris] Nvidia GPU Driver: Root compromise - Remote/unauthenticated
If you are running X servers that accept connections from external hosts and that are operating in “NoScanout” mode, this one has to be patched immediately. If not you may be vulnerable to a root compromise attack.
5/ ESB-2013.0528 - [Win][UNIX/Linux] IBM Sterling B2B Integrator: Administrator compromise - Remote/unauthenticated
A vulnerability exists that can be used to run any UNIX/Windows command has been fixed. If you are running one of the products affected, this should be patched as soon as possible.
This ends our week in review.
Stay safe, stay patched and have a good weekend!
Ananda.
|
|
|
|
 |
|
 |
|
|