Secure San Diego

MetaSploit 3.3 hit the streets today.

Release notes here http://www.metasploit.com/redmine/projects/framework/wiki/Release_Notes_33

And download location here http://www.metasploit.com/framework/download

Earlier this week RIM, the makers of BlackBerry, released a new vulnerability that scores rather high on the CVSS scale. In case you are not familar with CVSS this score is rather high.

It is recommeded that you either patch or apply the workaround as outlined in the RIM advisory.

This week contained the proverbial MSFT patch Tuesday, this set of patches contained 8 advisories patching items from Internet Explorer, MS Office Components, Windows Explorer, etc.. So in all this was a pretty heavy Black Tuesday for MSFT.

The Fail

As MSFT was releasing their patches another group of people were releasing their own little bug. On Tuesday morning as the patches from MSFT were being released several online publications starting reporting a new IE 0day exploit in the wild. All the publicity started here at PC World and from there it just rolls down hill.

The flaw was made public in Chinese language discussion forums two days ago by a security group called the Knownsec team. In tests, it worked on IE 7 running on Windows XP, Service Pack 2.

Since the initial report out of PC World the news starts to spiral out of other media outlets. However nothing  good gets published until HD Moore does some really good analysis on the exploit over at the Breaking Point Security blog.

Defenses

1. Start off by switching browsers to FireFox. You can get it here.
2. Enable DEP on your system,

Until MSFT releases a patch for this I would recommend switching to another browser.

Reminder to anyone that reads here. I will be teaching the above course here in San Diego starting December 9th. You can get event details here http://www.sans.org/mentor/details.php?nid=15064 and to register go here https://www.sans.org/registration/register.php?conferenceid=15064

Summary of the course.

This course addresses the latest cutting-edge insidious attack vectors and the oldie-but-goodie attacks that are still so prevalent, and everything in between. Instead of merely teaching a few hack-attack tricks, this course includes a time-tested, step-by-step process for responding to computer incidents, a detailed description of how attackers undermine systems so you can prepare, detect, and respond to them, and a hands-on workshop for discovering holes before the bad guys do. Additionally, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.

I hope to see you there.

Caught your eye on that one. It seems there is a new vulnerability/exploit out there that MSFT so “bad” that they have resleased an out of band patch. How bad is it, well let’s just say you should patch all your windows system ASAP. I am not going to analyze this patch again, as many others have done so already.

Just 2 words for you – PATCH IT

As of 11:00 PM PST there is a known working Exploit in the wild in the form of a worm.

Read all about this in teh links below.

Microsoft Patch Notification

Microsoft TechNet Blog entry

Microsoft TechNet Blog Entry more about

The normal SANS Stuff

Exploit information links below

Good blog entry on the worm/exploit – ThreatExpert

Another Good Entry – Team Furry

Comment as you see fit.