100 likes | 486 Views
PREVIOUS GNEWS. Patch Tuesday. 11 Patches – 5 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter. MS10-018 - IE, Remote Execution – Out of Band Patch MS10-019 - Windows Could Allow, Remote Execution
E N D
Patch Tuesday • 11 Patches – 5 Critical • Affecting most everything • Other updates, MSRT, Defender Definitions, Junk Mail Filter • MS10-018 - IE, Remote Execution – Out of Band Patch • MS10-019 - Windows Could Allow, Remote Execution • MS10-020 - SMB Client, Remote Execution • MS10-021 - Windows Kernel, Privilege Escalation • MS10-022 - VBScript, Remote Execution • MS10-023 - Office Publisher, Remote Execution • MS10-024 - Exchange and Windows SMTP Service, DoS • MS10-025 - Windows Media Services, Remote Execution • MS10-026 - Microsoft MPEG Layer-3 Codecs, Remote Execution • MS10-027 - Media Player, Remote Execution • MS10-028 - Visio, Remote Execution • MS10-029 - Windows ISATAP Component, Spoofing
Holes / Patches • Oracle Patches Released • 47 critical patches • Adobe, 1 patche • APSB10-09 Adobe Reader and Acrobat • Install 9.3.2 • Apple, • OSX 10.6.3 released • QuickTime 7.6.6 released • iTunes 9.1 released • AirPort Base Station 2010-001 released • Browsers • Firefox, Chrome, Opera
Holes / Patches • MS virtual machine and doublespeak “There is no vulnerability introduced, just a loss of certain security protection mechanisms.” But wait didn’t you just say….. “First and foremost, customers should rest assured that this advisory does not affect the security of Windows 7 systems directly. The security safeguards (DEP, ASLR, SafeSEH, etc.) that are in place remain effective at helping protect users from malware on that system. In addition, Our Windows Server virtualization technology, Hyper-V, is also not affected by this advisory. Applications running inside a Hyper-V guest continue to benefit from these same security safeguards.” • Core Security Technologies “A Core Security Exploit Writer working with CoreLabs, the research arm of Core Security Technologies, found that affected versions of Virtual PC hypervisor contain a vulnerability that may allow attackers to bypass several security mechanisms of the Windows operating system to compromise vulnerable virtualized systems. The issue may also transform a certain type of common software bug into exploitable vulnerabilities. Affected versions of the product include: Microsoft Virtual PC 2007, Virtual PC 2007 SP1, Windows Virtual PC and Microsoft Virtual Server 2005. On Windows 7 the XP Mode feature is affected by the vulnerability. Microsoft Hyper-V technology is not affected by this problem. The issue was reported to Microsoft in August of 2009. The vendor indicated that it plans to solve the problem in future updates to the vulnerable products. “
Holes / Patches • ie o-day • Java • installing an alternate malicious library an attacker could compromise the machine. • Cisco • 15 patches released. • Unified Communications DoS • VMWare • DoS • VMnc codec • VMware Remote Console • ClamAV bypass • Clam 0.96 released
Hacking Disgruntled Austinian DoS’ed100+ cars Apache - XSS on issue tracking site exploited "If you are a user of the Apache-hosted JIRA, Bugzilla or Confluence, a hashed copy of your password has been compromised,“
Papers • [In]secure Magazine 25 • NIST Guide for PII
Updates skipfish 1.31b webappsec recon owasp codwcrawler 2.5 webappsec code review tool vicnum 14 vulnerable app Webraider 0.2.3.8 custom metasploit Sahi webappsec Pulledpork 0.4.0 snort rule manager / oinkmaster replacement stream armor ads tool
CON Events HITB Dubai Apr 19 THOTCON 0x1 Apr 23rd – Sold Out Source Apr 24 Interop Vegas Apr 25 CanSecWest Mar 24 BlackHat Europe Apr 12 Notacon Apr 15 Toorcon Seatle Apr 18
All images scavenged without permission All images scavenged without permission