Secure San Diego » Vulnerabilities http://www.securesandiego.com A little about InfoSec from San Diego Tue, 11 May 2010 15:12:57 +0000 en hourly 1 http://wordpress.org/?v=3.0 RIM + PDF = Exploit me http://www.securesandiego.com/2009/05/rim-pdf-exploit-me/ http://www.securesandiego.com/2009/05/rim-pdf-exploit-me/#comments Fri, 29 May 2009 16:39:00 +0000 admin http://www.securesandiego.com/?p=80 Earlier this week RIM, the makers of BlackBerry, released a new vulnerability that scores rather high on the CVSS scale. In case you are not familar with CVSS this score is rather high.

It is recommeded that you either patch or apply the workaround as outlined in the RIM advisory.

]]> http://www.securesandiego.com/2009/05/rim-pdf-exploit-me/feed/ 0 Patch Tuesday – Fail http://www.securesandiego.com/2008/12/patch-tuesday-fail/ http://www.securesandiego.com/2008/12/patch-tuesday-fail/#comments Thu, 11 Dec 2008 08:30:50 +0000 admin http://www.securesandiego.com/?p=72 This week contained the proverbial MSFT patch Tuesday, this set of patches contained 8 advisories patching items from Internet Explorer, MS Office Components, Windows Explorer, etc.. So in all this was a pretty heavy Black Tuesday for MSFT.

The Fail

As MSFT was releasing their patches another group of people were releasing their own little bug. On Tuesday morning as the patches from MSFT were being released several online publications starting reporting a new IE 0day exploit in the wild. All the publicity started here at PC World and from there it just rolls down hill.

The flaw was made public in Chinese language discussion forums two days ago by a security group called the Knownsec team. In tests, it worked on IE 7 running on Windows XP, Service Pack 2.

Since the initial report out of PC World the news starts to spiral out of other media outlets. However nothingĀ  good gets published until HD Moore does some really good analysis on the exploit over at the Breaking Point Security blog.

Defenses

  1. Start off by switching browsers to FireFox. You can get it here.
  2. Enable DEP on your system,

Until MSFT releases a patch for this I would recommend switching to another browser.

]]> http://www.securesandiego.com/2008/12/patch-tuesday-fail/feed/ 0 Patch Or Die http://www.securesandiego.com/2008/10/patch-or-die/ http://www.securesandiego.com/2008/10/patch-or-die/#comments Fri, 24 Oct 2008 06:06:48 +0000 admin http://www.securesandiego.com/?p=36 Caught your eye on that one. It seems there is a new vulnerability/exploit out there that MSFT so “bad” that they have resleased an out of band patch. How bad is it, well let’s just say you should patch all your windows system ASAP. I am not going to analyze this patch again, as many others have done so already.

Just 2 words for you – PATCH IT

As of 11:00 PM PST there is a known working Exploit in the wild in the form of a worm.

Read all about this in teh links below.

Microsoft Patch Notification

Microsoft TechNet Blog entry

Microsoft TechNet Blog Entry more about

The normal SANS Stuff

Exploit information links below

Good blog entry on the worm/exploit – ThreatExpert

Another Good Entry – Team Furry

Comment as you see fit.

]]> http://www.securesandiego.com/2008/10/patch-or-die/feed/ 0