ESB-2018.0049 - ALERT [Win] Microsoft Products: Access privileged data - Existing account 2018-01-04

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0049
          ADV180002 | Vulnerability in CPU Microcode Could Allow
                          Information Disclosure
                              4 January 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Microsoft Internet Explorer 11
                   Microsoft Edge
                   Microsoft Windows 10
                   Microsoft Windows 7
                   Microsoft Windows 8.1
                   Microsoft Windows Server 2008 R2
                   Microsoft Windows Server 2012
                   Microsoft Windows Server 2012 R2
                   Microsoft Windows Server 2016
Publisher:         Microsoft
Operating System:  Windows
Impact/Access:     Access Privileged Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

Reference:         ASB-2018.0002.2
                   ESB-2018.0048
                   ESB-2018.0047
                   ESB-2018.0046
                   ESB-2018.0044
                   ESB-2018.0042

Original Bulletin: 
   https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180002

- --------------------------BEGIN INCLUDED TEXT--------------------

ADV180002 | Vulnerability in CPU Microcode Could Allow Information Disclosure

Security Vulnerability

Security Advisory

Published: 01/03/2018

Executive Summary

Microsoft is aware of a new publicly disclosed class of vulnerabilities
referred to as "speculative execution side-channel attacks" that affect many
modern processors and operating systems including Intel, AMD, and ARM. Note:
this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we
advise customers to seek out guidance from those vendors.

Microsoft has released several updates to help mitigate these vulnerabilities.
We have also taken action to secure our cloud services. See below for more
details.

Microsoft has not received any information to indicate that these
vulnerabilities have been used to attack customers at this time. Microsoft
continues working closely with industry partners including chip makers,
hardware OEMs and app vendors to protect customers. To get all available
protections, hardware/firmware and software updates are required. This includes
microcode from device OEMs and in some cases updates to AV software as well.

This advisory addresses the following vulnerabilities:

  o CVE-2017-5715 - Bounds check bypass
  o CVE-2017-5753 - Branch target injection
  o CVE-2017-5754 - Rogue data cache load

Recommended Actions

For consumers, the best protection is to keep your computers up to date. You
can do this by taking advantage of automatic update. Learn how to turn on
automatic updates here. In addition to installing the January 2018 Windows
security updates, you may also need to install firmware updates from your
device manufacturer for increased protection. Check with your device
manufacturer for relevant updates.

If automatic updates are enabled, the January 2018 Windows security update will
be offered to the devices running supported anti-virus (AV) applications.
Updates can be installed in any order.

 1. If you have automatic updating enabled and configured to provide updates
    for Windows, the updates are delivered to you when they are released, if
    your device and software are compatible. We recommend you verify these
    updates are installed. If automatic update is not enabled, manually check
    for and install the January 2018 Windows operating system security update.
 2. Install applicable firmware update provided by your OEM device
    manufacturer.

Potential performance impacts

In testing Microsoft has seen some performance impact with these mitigations.
For most consumer devices, the impact may not be noticeable, however, the
specific impact varies by hardware generation and implementation by the chip
manufacturer. Microsoft values the security of its software and services and
has made the decision to implement certain mitigation strategies in an effort
to better secure our products. We continue to work with hardware vendors to
improve performance while maintaining a high level of security.

Advisory Details

Vulnerabilities Description

Speculative execution side-channel vulnerabilities can be used to read the
content of memory across a trusted boundary and can therefore lead to
information disclosure. There are multiple vectors by which an attacker could
trigger the vulnerabilities depending on the configured environment.

Microsoft has been working with hardware and software makers to jointly develop
mitigations to protect customers across Microsoft's products and services.
These mitigations prevent attackers from triggering a weakness in the CPU which
could allow the contents of memory to be disclosed.

Microsoft Windows client customers

In client scenarios, a malicious user mode application could be used to
disclose the contents of kernel memory.

Customers using Windows client operating systems including Windows 7 Service
Pack 1, Windows 8.1, and Windows 10 need to apply both firmware and software
updates. See Microsoft Knowledge Base Article 4073119 for additional
information.

Customers using Microsoft Surface and Surface Book products need to apply both
firmware and software updates. Most customers have automatic updating enabled
and will not need to take any action because this security update will be
downloaded and installed automatically.

Microsoft will continue to work closely with industry partners to improve
mitigations against this class of vulnerabilities.

Microsoft Windows Server customers

In server scenarios, a malicious user-mode application could be used to
disclose the contents of kernel memory. In other multi-tenant hosting
environments, a virtual machine could read the memory of the host operating
system or the memory of other guest operating systems running on the same
physical machine.

Customers using Windows server operating systems including Windows Server 2008
R2 Service Pack 1, Windows Server 2012 R2, and Windows Server 2016 need to
apply firmware and software updates as well as configure protections. See
Microsoft Knowledge Base Article 4072698 for additional information, including
workarounds.

Microsoft will continue to work closely with industry partners to improve
mitigations against this class of vulnerabilities.

Microsoft cloud customers

Microsoft has already deployed mitigations across the majority of our cloud
services and is accelerating efforts to complete the remainder.  More
information is available here.

FAQ

1. What systems are at risk from this vulnerability?

  o Client Operating Systems Windows Windows client systems are at risk
  o Server Operating Systems Windows servers are at risk

2. What are the associated CVEs for these vulnerabilities?

  o See CVE-2017-5715
  o See CVE-2017-5753
  o See CVE-2017-5754

3. Have there been any active attacks detected?

No. When this security advisory was issued, Microsoft had not received any
information to indicate that these vulnerabilities had been used to attack
customers.

4. Have these vulnerabilities been publicly disclosed?

Yes. The vulnerabilities were disclosed on January 3, 2018 at https://
bugs.chromium.org/p/project-zero/issues/detail?id=1272

5. I was not offered the Windows security updates released on January 3, 2018.
What should I do?

To help avoid adversely affecting customer devices, the Windows security
updates released on January 9th, 2018 have only been offered to devices running
compatible antivirus software. Please see Microsoft Knowledge Base Article
4072699 for more information about how to get the updates.

Additional suggested actions

  o Protect your PC We continue to encourage customers to follow our Protect
    Your Computer guidance of enabling a firewall, getting software updates,
    and installing antivirus software. For more information, see Microsoft
    Safety & Security Center.

  o Keep Microsoft software updated Users running Microsoft software should
    apply the latest Microsoft security updates to help make sure that their
    computers are as protected as possible. If you are not sure whether your
    software is up to date, visit Microsoft Update, scan your computer for
    available updates, and install any high-priority updates that are offered
    to you. If you have automatic updating enabled and configured to provide
    updates for Microsoft products, the updates are delivered to you when they
    are released, but you should verify that they are installed.

Acknowledgments

  o Jann Horn of Google Project Zero
  o Paul Kocher
  o Moritz Lipp from Graz University of Technology
  o Daniel Genkin from University of Pennsylvania and University of Maryland
  o Daniel Gruss from Graz University of Technology
  o Werner Haas of Cyberus Technology GmbH
  o Mike Hamburg of Rambus Security Division
  o Stefan Mangard from Graz University of Technology
  o Thomas Prescher of Cyberus Technology GmbH
  o Michael Schwarz from Graz University of Technology
  o Yuval Yarom of The University of Adelaide and Data61
  o Additional information on the Meltdown and Spectre attacks can be found at
    their respective web sites.
  o Anders Fogh of GDATA Advanced Analytics

                                         Exploitability Assessment

The following table provides an exploitability assessment for this vulnerability at the time of original
publication.

Publicly  Exploited Latest Software Release Older Software Release Denial of Service
Disclosed
No        No        2 - Exploitation Less   Not Applicable         2 - Exploitation  Not         Not
                    Likely                                         Less Likely       Applicable  Applicable

  o Affected Products
  o CVSS Score

                               Affected Products

The following software versions or editions are affected. Versions or editions
that are not listed are either past their support life cycle or are not
affected. To determine the support life cycle for your software version or
edition, see the Microsoft Support Lifecycle.

   Product    Platform  Article   Download     Impact    Severity  Supersedence
              Windows
              10                 Security
Internet      Version   4056891  Update      Information Important 4053580
Explorer 11   1703 for  4056891  Security    Disclosure
              32-bit             Update 
              Systems
               
               
               
              Windows
              10                 Security
Internet      Version   4056891  Update      Information Important 4053580
Explorer 11   1703 for  4056891  Security    Disclosure
              x64-based          Update 
              Systems
               
               
               
              Windows
              10                 Security
Internet      Version   4056892  Update      Information Important 4054517
Explorer 11   1709 for  4056892  Security    Disclosure
              32-bit             Update 
              Systems
               
               
               
              Windows
              10                 Security
Internet      Version   4056892  Update      Information Important 4054517
Explorer 11   1709 for  4056892  Security    Disclosure
              64-based           Update 
              Systems
               
               
               
              Windows            Security
Internet      10 for    4056893  Update      Information Important 4053581
Explorer 11   32-bit    4056893  Security    Disclosure
              Systems            Update 
               
               
               
              Windows            Security
Internet      10 for    4056893  Update      Information Important 4053581
Explorer 11   x64-based 4056893  Security    Disclosure
              Systems            Update 
               
               
               
              Windows
              10                 Security
Internet      Version   4056893  Update      Information Important 4053581
Explorer 11   1511 for  4056893  Security    Disclosure
              32-bit             Update 
              Systems
               
               
               
              Windows
              10                 Security
Internet      Version   4056893  Update      Information Important 4053581
Explorer 11   1511 for  4056893  Security    Disclosure
              x64-based          Update 
              Systems
               
               
               
              Windows
              10                 Security
Internet      Version   4056890  Update      Information Important 4053579
Explorer 11   1607 for  4056890  Security    Disclosure
              32-bit             Update 
              Systems
               
               
               
              Windows
              10                 Security
Internet      Version   4056890  Update      Information Important 4053579
Explorer 11   1607 for  4056890  Security    Disclosure
              x64-based          Update 
              Systems
               
               
               
              Windows            Security
Internet      Server    4056890  Update      Information Important 4053579
Explorer 11   2016      4056890  Security    Disclosure
                                 Update 
               
               
               
              Windows 7
              for                IE
Internet      32-bit    4056568  Cumulative  Information Important 4052978
Explorer 11   Systems   4056568  IE          Disclosure
              Service            Cumulative 
              Pack 1
               
               
               
              Windows 7
              for                IE
Internet      x64-based 4056568  Cumulative  Information Important 4052978
Explorer 11   Systems   4056568  IE          Disclosure
              Service            Cumulative 
              Pack 1
               
               
               
              Windows            IE
Internet      8.1 for   4056568  Cumulative  Information Important 4052978
Explorer 11   32-bit    4056568  IE          Disclosure
              systems            Cumulative 
               
               
               
              Windows            IE
Internet      8.1 for   4056568  Cumulative  Information Important 4052978
Explorer 11   x64-based 4056568  IE          Disclosure
              systems            Cumulative 
               
               
               
              Windows
              Server
              2008 R2            IE
Internet      for       4056568  Cumulative  Information Important 4052978
Explorer 11   x64-based 4056568  IE          Disclosure
              Systems            Cumulative 
              Service
              Pack 1
               
               
               
              Windows            IE
Internet      Server    4056568  Cumulative  Information Important 4052978
Explorer 11   2012 R2   4056568  IE          Disclosure
                                 Cumulative 
               
               
               
              Windows
              10                 Security
Microsoft     Version   4056891  Update      Information Important 4053580
Edge          1703 for  4056891  Security    Disclosure
              32-bit             Update 
              Systems
               
               
               
              Windows
              10                 Security
Microsoft     Version   4056891  Update      Information Important 4053580
Edge          1703 for  4056891  Security    Disclosure
              x64-based          Update 
              Systems
               
               
               
              Windows
              10                 Security
Microsoft     Version   4056892  Update      Information Important 4054517
Edge          1709 for  4056892  Security    Disclosure
              32-bit             Update 
              Systems
               
               
               
              Windows
              10                 Security
Microsoft     Version   4056892  Update      Information Important 4054517
Edge          1709 for  4056892  Security    Disclosure
              64-based           Update 
              Systems
               
               
               
              Windows            Security
Microsoft     10 for    4056893  Update      Information Important 4053581
Edge          32-bit    4056893  Security    Disclosure
              Systems            Update 
               
               
               
              Windows            Security
Microsoft     10 for    4056893  Update      Information Important 4053581
Edge          x64-based 4056893  Security    Disclosure
              Systems            Update 
               
               
               
              Windows
              10                 Security
Microsoft     Version   4056888  Update      Information Important 4053578
Edge          1511 for  4056888  Security    Disclosure
              32-bit             Update 
              Systems
               
               
               
              Windows
              10                 Security
Microsoft     Version   4056888  Update      Information Important 4053578
Edge          1511 for  4056888  Security    Disclosure
              x64-based          Update 
              Systems
               
               
               
              Windows
              10                 Security
Microsoft     Version   4056890  Update      Information Important 4053579
Edge          1607 for  4056890  Security    Disclosure
              32-bit             Update 
              Systems
               
               
               
              Windows
              10                 Security
Microsoft     Version   4056890  Update      Information Important 4053579
Edge          1607 for  4056890  Security    Disclosure
              x64-based          Update 
              Systems
               
               
               
              Windows            Security
Microsoft     Server    4056890  Update      Information Important 4053579
Edge          2016      4056890  Security    Disclosure
                                 Update 
               
               
               
Windows 10                       Security
for 32-bit              4056893  Update      Information Important 4053581
Systems                 4056893  Security    Disclosure
                                 Update 
               
               
               
Windows 10                       Security
for x64-based           4056893  Update      Information Important 4053581
Systems                 4056893  Security    Disclosure
                                 Update 
               
               
               
Windows 10                       Security
Version 1511            4056888  Update      Information Important 4053578
for 32-bit              4056888  Security    Disclosure
Systems                          Update 
               
               
               
Windows 10                       Security
Version 1511            4056888  Update      Information Important 4053578
for x64-based           4056888  Security    Disclosure
Systems                          Update 
               
               
               
Windows 10                       Security
Version 1607            4056890  Update      Information Important 4053579
for 32-bit              4056890  Security    Disclosure
Systems                          Update 
               
               
               
Windows 10                       Security
Version 1607            4056890  Update      Information Important 4053579
for x64-based           4056890  Security    Disclosure
Systems                          Update 
               
               
               
Windows 10                       Security
Version 1703            4056891  Update      Information Important 4053580
for 32-bit              4056891  Security    Disclosure
Systems                          Update 
               
               
               
Windows 10                       Security
Version 1703            4056891  Update      Information Important 4053580
for x64-based           4056891  Security    Disclosure
Systems                          Update 
               
               
               
Windows 10                       Security
Version 1709            4056892  Update      Information Important 4054517
for 32-bit              4056892  Security    Disclosure
Systems                          Update 
               
               
               
Windows 7 for                    Security
32-bit                  4056897  Only        Information
Systems                 4056897  Security    Disclosure  Important
Service Pack                     Only 
1
               
               
               
Windows 7 for                    Security
x64-based               4056897  Only        Information
Systems                 4056897  Security    Disclosure  Important
Service Pack                     Only 
1
               
               
               
Windows 8.1                      Security
for 32-bit              4056898  Only        Information Important
systems                 4056898  Security    Disclosure
                                 Only 
               
               
               
Windows 8.1                      Security
for x64-based           4056898  Only        Information Important
systems                 4056898  Security    Disclosure
                                 Only 
               
               
               
Windows
Server 2008                      Security
R2 for                  4056897  Only        Information
Itanium-Based           4056897  Security    Disclosure  Important
Systems                          Only 
Service Pack
1
               
               
               
Windows
Server 2008                      Security
R2 for                  4056897  Only        Information
x64-based               4056897  Security    Disclosure  Important
Systems                          Only 
Service Pack
1
               
               
               
Windows
Server 2008
R2 for                           Security
x64-based               4056897  Only        Information
Systems                 4056897  Security    Disclosure  Important
Service Pack                     Only 
1 (Server
Core
installation)
               
               
               
                                 Security
Windows                 4056899  Only        Information Important
Server 2012             4056899  Security    Disclosure
                                 Only 
               
               
               
Windows                          Security
Server 2012             4056899  Only        Information Important
(Server Core            4056899  Security    Disclosure
installation)                    Only 
               
               
               
Windows                          Security
Server 2012             4056898  Only        Information Important
R2                      4056898  Security    Disclosure
                                 Only 
               
               
               
Windows                          Security
Server 2012             4056898  Only        Information
R2 (Server              4056898  Security    Disclosure  Important
Core                             Only 
installation)
               
               
               
                                 Security
Windows                 4056890  Update      Information Important 4053579
Server 2016             4056890  Security    Disclosure
                                 Update 
               
               
               
Windows                          Security
Server 2016             4056890  Update      Information Important 4053579
(Server Core            4056890  Security    Disclosure
installation)                    Update 
               
               
               
Windows                          Security
Server,                 4056892  Update      Information
version 1709            4056892  Security    Disclosure  Important 4054517
(Server Core                     Update 
Installation)
               
               
               

                                  CVSS Score

The following software versions or editions that are affected have been scored
against this vulnerability. Please read the CVSS standards guide to fully
understand how CVSS vulnerabilities are scored, and how to interpret CVSS
scores.

Excel Icon Download
           Product               Platform       Scores     Vector
                                             Base Temporal String Environmental
                               Windows 10
Internet Explorer 11 Internet  Version 1703       0        0       
Explorer 11                    for 32-bit
                               Systems
                               Windows 10
Internet Explorer 11 Internet  Version 1703       0        0       
Explorer 11                    for x64-based
                               Systems
                               Windows 10
Internet Explorer 11 Internet  Version 1709       0        0       
Explorer 11                    for 32-bit
                               Systems
                               Windows 10
Internet Explorer 11 Internet  Version 1709       0        0       
Explorer 11                    for 64-based
                               Systems
Internet Explorer 11 Internet  Windows 10
Explorer 11                    for 32-bit         0        0       
                               Systems
Internet Explorer 11 Internet  Windows 10
Explorer 11                    for x64-based      0        0       
                               Systems
                               Windows 10
Internet Explorer 11 Internet  Version 1511       0        0       
Explorer 11                    for 32-bit
                               Systems
                               Windows 10
Internet Explorer 11 Internet  Version 1511       0        0       
Explorer 11                    for x64-based
                               Systems
                               Windows 10
Internet Explorer 11 Internet  Version 1607       0        0       
Explorer 11                    for 32-bit
                               Systems
                               Windows 10
Internet Explorer 11 Internet  Version 1607       0        0       
Explorer 11                    for x64-based
                               Systems
Internet Explorer 11 Internet  Windows            0        0       
Explorer 11                    Server 2016
                               Windows 7 for
Internet Explorer 11 Internet  32-bit
Explorer 11                    Systems            0        0       
                               Service Pack
                               1
                               Windows 7 for
Internet Explorer 11 Internet  x64-based
Explorer 11                    Systems            0        0       
                               Service Pack
                               1
Internet Explorer 11 Internet  Windows 8.1
Explorer 11                    for 32-bit         0        0       
                               systems
Internet Explorer 11 Internet  Windows 8.1
Explorer 11                    for x64-based      0        0       
                               systems
                               Windows
                               Server 2008
Internet Explorer 11 Internet  R2 for
Explorer 11                    x64-based          0        0       
                               Systems
                               Service Pack
                               1
Internet Explorer 11 Internet  Windows
Explorer 11                    Server 2012        0        0       
                               R2
                               Windows 10
Microsoft Edge Microsoft Edge  Version 1703       0        0       
                               for 32-bit
                               Systems
                               Windows 10
Microsoft Edge Microsoft Edge  Version 1703       0        0       
                               for x64-based
                               Systems
                               Windows 10
Microsoft Edge Microsoft Edge  Version 1709       0        0       
                               for 32-bit
                               Systems
                               Windows 10
Microsoft Edge Microsoft Edge  Version 1709       0        0       
                               for 64-based
                               Systems
                               Windows 10
Microsoft Edge Microsoft Edge  for 32-bit         0        0       
                               Systems
                               Windows 10
Microsoft Edge Microsoft Edge  for x64-based      0        0       
                               Systems
                               Windows 10
Microsoft Edge Microsoft Edge  Version 1511       0        0       
                               for 32-bit
                               Systems
                               Windows 10
Microsoft Edge Microsoft Edge  Version 1511       0        0       
                               for x64-based
                               Systems
                               Windows 10
Microsoft Edge Microsoft Edge  Version 1607       0        0       
                               for 32-bit
                               Systems
                               Windows 10
Microsoft Edge Microsoft Edge  Version 1607       0        0       
                               for x64-based
                               Systems
Microsoft Edge Microsoft Edge  Windows            0        0       
                               Server 2016
Windows 10 for 32-bit Systems                     0        0       
Windows 10 for 32-bit Systems
Windows 10 for x64-based
Systems Windows 10 for                            0        0       
x64-based Systems
Windows 10 Version 1511 for
32-bit Systems Windows 10                         0        0       
Version 1511 for 32-bit
Systems
Windows 10 Version 1511 for
x64-based Systems Windows 10                      0        0       
Version 1511 for x64-based
Systems
Windows 10 Version 1607 for
32-bit Systems Windows 10                         0        0       
Version 1607 for 32-bit
Systems
Windows 10 Version 1607 for
x64-based Systems Windows 10                      0        0       
Version 1607 for x64-based
Systems
Windows 10 Version 1703 for
32-bit Systems Windows 10                         0        0       
Version 1703 for 32-bit
Systems
Windows 10 Version 1703 for
x64-based Systems Windows 10                      0        0       
Version 1703 for x64-based
Systems
Windows 10 Version 1709 for
32-bit Systems Windows 10                         0        0       
Version 1709 for 32-bit
Systems
Windows 7 for 32-bit Systems
Service Pack 1 Windows 7 for                      0        0       
32-bit Systems Service Pack 1
Windows 7 for x64-based
Systems Service Pack 1 Windows                    0        0       
7 for x64-based Systems
Service Pack 1
Windows 8.1 for 32-bit systems                    0        0       
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based
systems Windows 8.1 for                           0        0       
x64-based systems
Windows Server 2008 R2 for
Itanium-Based Systems Service
Pack 1 Windows Server 2008 R2                     0        0       
for Itanium-Based Systems
Service Pack 1
Windows Server 2008 R2 for
x64-based Systems Service Pack
1 Windows Server 2008 R2 for                      0        0       
x64-based Systems Service Pack
1
Windows Server 2008 R2 for
x64-based Systems Service Pack
1 (Server Core installation)                      0        0       
Windows Server 2008 R2 for
x64-based Systems Service Pack
1 (Server Core installation)
Windows Server 2012 Windows                       0        0       
Server 2012
Windows Server 2012 (Server
Core installation) Windows                        0        0       
Server 2012 (Server Core
installation)
Windows Server 2012 R2 Windows                    0        0       
Server 2012 R2
Windows Server 2012 R2 (Server
Core installation) Windows                        0        0       
Server 2012 R2 (Server Core
installation)
Windows Server 2016 Windows                       0        0       
Server 2016
Windows Server 2016 (Server
Core installation) Windows                        0        0       
Server 2016 (Server Core
installation)
Windows Server, version 1709
(Server Core Installation)                        0        0       
Windows Server, version 1709
(Server Core Installation)

Mitigations

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

Microsoft has not identified any workarounds for this vulnerability.

FAQ

Acknowledgments

Microsoft recognizes the efforts of those in the security community who help us
protect customers through coordinated vulnerability disclosure.

See acknowledgments for more information.

Disclaimer

The information provided in the Microsoft Knowledge Base is provided "as is"
without warranty of any kind. Microsoft disclaims all warranties, either
express or implied, including the warranties of merchantability and fitness for
a particular purpose. In no event shall Microsoft Corporation or its suppliers
be liable for any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages, even if Microsoft
Corporation or its suppliers have been advised of the possibility of such
damages. Some states do not allow the exclusion or limitation of liability for
consequential or incidental damages so the foregoing limitation may not apply.

Revisions

Version    Date         Description
1.0     01/03/2018 Information published.

This vulnerability has no revisions.

(C) 2017 Microsoft

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWk27bIx+lLeg9Ub1AQiEUxAApHA5tcwZqtWNyAcG38lQbx0KzR8uRmjf
sVXQ6PICP4WJ67TOMh4vSmvy/UDciUIhm3gkIs2rlTuXgs5ATpabi6n9uV7sOlL4
Gduh+EX9uAbcsqN6sVhvtyoLAHUBxQZwsPvGnrfTdR2PlWaGdOoOXI1F+pB/tyyX
tzZt5KEllV5tw1k9dgKVE/uZaGolTTsK2lhqmA63i9ejzT6PMQN8t31tbomtS+2o
Zqm5TDU+jJdeyNbmHai/a/kF4KM957RvWoZYy95rwajOXsJ519x4m/artLL4/deb
17IDDrDSlid0buYqugifuDgtSPpmiEHnjMgxBokCUMszgCLakZuX/FxudmNUMYUs
97FWp7o50McgRzB/HmWTw8yFeQyP4aRRcJhevMIyrsB+dfx/qJS/1bEqCUKq/aVC
iFex8zNA6pd+Pkwjw/LAdfU3xpY7XmM7qnwaXW7b6TfWBMIyso82i6cH4GprrPrJ
oXMaJhEXIzVDviVMxwW10zyqsWOhVx4EIC83sME6vY8b2KLNKEbn035aE1EF9PVn
59pZ3c+GUfytqh8VtW9iipLLBxKhsa7Y2lUEZvET/VlzIGUMhIufRi27P6UeT0VD
uhS7KKJp+oX13YBKvG0g5zK5t8EJ6tieCvZs0u0QVSjWIG1XUPdzuhLA9tB9spUJ
VGeISycGgrE=
=O8G0
-----END PGP SIGNATURE-----

« Back to bulletins