| |
 |
 |
 |
|
|
|
|
Date: 14 February 2008
Click here for printable version
Greetings,
This week contained Microsoft Patch Tuesday, and so you may have noticed
an unusually high number of bulletins on Wednesday. By my count there were
22 in total (11 from Microsoft and 11 from other vendors). Of the Microsoft
bulletins six (6) were rated as critical, however with MS08-006 you could
execute code remotely in IIS. If that code was (or could be) an exploit for
MS08-005 (elevation of privilege in IIS) then the combination would become
a remote Administrator compromise that required no input from a user (such
as visiting a web site or opening an Office document).
Apart from Microsoft, Apple released Mac OS X 10.5.2 (and Security Update
2008-001). These addressed vulnerabilities in 10 different services most
of which allowed remote code execution. Apple QuickTime (which was patched
last Thursday to version 7.4.1 correcting a buffer overflow) is still
vulnerable to a buffer overflow. So until Apple releases a fix, you may
wish to check out AL-2008.0023.
Not to be outdone by Microsoft and Apple, the Linux kernel had a Root
Compromise vulnerability (ESB-2008.0146). Unfortunately (or fortunately) it
was only locally exploitable. It probably should have been an Alert, but
with the excitement of both the Apple and Microsoft bulletins (AL-2008.0015
and AL-2008.0016 respectively) I had pushed it before realising. If it was
an Alert it would have made three alerts in a row on Tuesday morning, and
that would have left me open for all sorts of jokes about being alert that
morning. As it was I was questioned about whether I knew how to send non
Alert bulletins.
ClamAV (often used on email gateways to scan incoming email) corrected
a remotely exploitable integer overflow vulnerability that allowed code
execution. Version 0.92.1 corrects this problem, however if you haven't
updated just yet, the virus-db update on Jan 11th disabled the vulnerable
module.
Lastly, there were two different IP phones reported vulnerable to remote
code execution or administrator account compromise - Cisco IP Phone and
Philips VOIP841. Given the increasing number of people moving to VOIP (both
at home and at the work place) we will probably see an increase in the
number of IP phones being targeted. While on the note of non-PC devices
being attacked, eWeek has an interesting article on the security of
Multifunction Printers.
Starts to make me wonder about those Internet Fridges...
Have a great weekend everyone!
Regards,
Richard
|
|
|
|
 |
|
 |
|
|