Перейти к содержанию
View in the app

A better way to browse. Learn more.

IT2B - Технологии разведки для бизнеса

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Обновления клиентских программ и безопасность

Featured Replies

Опубликовано
  • Автор

вот и наступил очередной "черный вторник" - пора обновлять Windows, так как есть критические уязвимости

 

----------------------------------------------------------------------

 

TITLE:

Microsoft Internet Explorer Two Code Execution Vulnerabilities

 

SECUNIA ADVISORY ID:

SA33845

 

VERIFY ADVISORY:

http://secunia.com/advisories/33845/

 

CRITICAL:

Highly critical

 

IMPACT:

System access

 

WHERE:

From remote

 

SOFTWARE:

Microsoft Internet Explorer 7.x

http://secunia.com/advisories/product/12366/

 

DESCRIPTION:

Two vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.

 

1) An unspecified error exists due to the use of a previously deleted object. This can be exploited to corrupt memory and execute arbitrary code when a user e.g. visits a malicious web site.

 

2) An unspecified error exists within the handling of Cascading Style Sheets (CSS). This can be exploited to cause a memory corruption and execute arbitrary code when a user e.g. visits a specially crafted web site.

 

SOLUTION:

Apply patches.

 

Windows XP SP2/SP3:

http://www.microsoft.com/downloads/details...f9-825d973f998e

 

Windows XP Professional x64 Edition (optionally with SP2):

http://www.microsoft.com/downloads/details...6c-981ef685c0e3

 

Windows Server 2003 SP1/SP2:

http://www.microsoft.com/downloads/details...ff-6abc1b4a16fe

 

Windows Server 2003 x64 Edition (optionally with SP2):

http://www.microsoft.com/downloads/details...fe-b15f8e766792

 

Windows Server 2003 with SP1/SP2 for Itanium-based systems:

http://www.microsoft.com/downloads/details...e1-1004389833be

 

Windows Vista (optionally with SP1):

http://www.microsoft.com/downloads/details...4f-6bd847799650

 

Windows Vista x64 Edition (optionally with SP1):

http://www.microsoft.com/downloads/details...5f-b5f02ce3dfb5

 

Windows Server 2008 for 32-bit Systems:

http://www.microsoft.com/downloads/details...ad-77e6f760a25c

 

Windows Server 2008 for x64-based Systems:

http://www.microsoft.com/downloads/details...50-7804c622c230

 

Windows Server 2008 for Itanium-based systems:

http://www.microsoft.com/downloads/details...cf-6afc7a71c510

 

PROVIDED AND/OR DISCOVERED BY:

The vendor credits:

1) Zero Day Initiative

2) Sam Thomas via Zero Day Initiative.

 

ORIGINAL ADVISORY:

MS09-002 (KB961260):

http://www.microsoft.com/technet/security/...n/ms09-002.mspx

 

----------------------------------------------------------------------

 

----------------------------------------------------------------------

 

TITLE:

Microsoft Office Visio Multiple Vulnerabilities

 

SECUNIA ADVISORY ID:

SA33833

 

VERIFY ADVISORY:

http://secunia.com/advisories/33833/

 

CRITICAL:

Highly critical

 

IMPACT:

System access

 

WHERE:

From remote

 

SOFTWARE:

Microsoft Visio 2002

http://secunia.com/advisories/product/1091/

Microsoft Visio 2003

http://secunia.com/advisories/product/1092/

Microsoft Visio 2007

http://secunia.com/advisories/product/13229/

 

DESCRIPTION:

Some vulnerabilities have been reported in Microsoft Office Visio, which can be exploited by malicious people to compromise a user's system.

 

1) An error when parsing object data during opening of Visio files can be exploited to corrupt memory via a specially crafted Visio file.

 

2) An error when copying object data in memory can be exploited to corrupt memory via a specially crafted Visio file.

 

3) An error in the handling of memory when opening Visio files can be exploited to corrupt memory via a specially crafted Visio file.

 

Successful exploitation may allow execution of arbitrary code.

 

SOLUTION:

Apply patches.

 

Microsoft Office Visio 2002 SP2:

http://www.microsoft.com/downloads/details...25-4b65302362cb

 

Microsoft Office Visio 2003 SP3:

http://www.microsoft.com/downloads/details...02-7f42bcd7a1a9

 

Microsoft Office Visio 2007 SP1:

http://www.microsoft.com/downloads/details...fc-691e0604ff82

 

PROVIDED AND/OR DISCOVERED BY:

The vendor credits Bing Liu, Fortinet FortiGuard Global Security Research Team.

 

ORIGINAL ADVISORY:

MS09-005 (KB957634, KB955654, KB955655, KB957831):

http://www.microsoft.com/technet/security/...n/MS09-005.mspx

 

----------------------------------------------------------------------

  • 2 недели спустя...
  • Ответов 79
  • Просмотры 24,6т
  • Создана
  • Последний ответ

Топ авторов темы

Опубликовано
  • Автор

мнда, что-то с уязвимостью в Adobe дела обстоят хуже - рекомендуется вообще не открывать PDF-документы из неизвестных источников и ждать патча Adobe (11 марта) :smile2:

 

_ttp://secunia.com/blog/44/

By now, most people should hopefully be aware of the 0-day vulnerability currently being actively exploited in Adobe Reader/Acrobat.

 

We initially heard rumours about this 0-day vulnerability on 16th February 2009 and began digging for something more concrete over the following days. Three days later, Adobe confirmed the existence of the 0-day vulnerability and Secunia issued an advisory. Later, a more in-depth analysis was provided to customers on our Secunia Binary Analysis Service.

 

Disabling JavaScript does not prevent exploitation

Over the last couple of days, we have seen many sources recommend users to disable support for JavaScript in Adobe Reader/Acrobat to prevent exploitation. While this does prevent many of the currently seen exploits from successfully executing arbitrary code (as they rely on JavaScript), it does not protect against the actual vulnerability.

 

During our analysis, Secunia managed to create a reliable, fully working exploit (available for Secunia Binary Analysis customers), which does not use JavaScript and can therefore successfully compromise users, who may think they are safe because JavaScript support has been disabled.

 

All users of Adobe Reader/Acrobat should therefore show extreme caution when deciding which PDF files to open regardless of whether they have disabled JavaScript support or not. Hopefully, Adobe will be issuing patches very soon.

Опубликовано
  • Автор

и еще одна 0-day уязвимость в Excel (см. (_ttp://www.securityfocus.com/bid/33870/info) - в отсутствие патча совет аналогичный (не открывать документов из ненадежных источников :smile3: )

 

_ttp://secunia.com/advisories/33954/

 

Secunia Advisory: SA33954

Release Date: 2009-02-24

 

Critical:

Extremely critical

Impact: System access

Where: From remote

Solution Status: Unpatched

 

Software: Microsoft Excel 2000

Microsoft Excel 2002

Microsoft Excel 2003

Microsoft Office 2000

Microsoft Office 2003 Professional Edition

Microsoft Office 2003 Small Business Edition

Microsoft Office 2003 Standard Edition

Microsoft Office 2003 Student and Teacher Edition

Microsoft Office 2004 for Mac

Microsoft Office 2007

Microsoft Office 2008 for Mac

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

Microsoft Office Excel 2007

Microsoft Office Excel Viewer 2003

Microsoft Office Excel Viewer 2007

Microsoft Office XP

 

Description:

A vulnerability has been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system.

 

The vulnerability is caused due to an error that may cause an invalid object to be referenced when opening an Excel document.

 

Successful exploitation allows execution of arbitrary code.

 

NOTE: According to Microsoft, the vulnerability is currently being actively exploited.

 

 

Solution:

The vendor recommends using MOICE (Microsoft Office Isolated Conversion Environment) for opening untrusted Office documents and/or using Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents.

 

Provided and/or discovered by:

Reported as a 0-day.

 

Original Advisory:

Microsoft:

http://www.microsoft.com/technet/security/...ory/968272.mspx

 

CVE reference:

CVE-2009-0238

Опубликовано
  • Автор

мелкомягкие опять облажались и вынуждены срочно выпускать патч для обновления, отключающего автозапуск (из-за червя Conficker)

у кого-то уже сработал агент Windows Update, а кому-то надо его вручную запустить :smile3:

 

_ttp://isc.sans.org/diary.html?n&storyid=5938

Microsoft released a patch to correct the "disable autorun registry key" enforcement.

http://support.microsoft.com/kb/967715

Updates are offered for the following OSes:

* Microsoft Windows 2000

* Windows XP Service Pack 2

* Windows XP Service Pack 3

* Windows Server 2003 Service Pack 1

* Windows Server 2003 Service Pack 2

 

The US Cert released an announcement stating that "Microsoft Windows does not disable AutoRun properly" back on January 20th.

http://www.us-cert.gov/cas/techalerts/TA09-020A.html

 

"Disabling AutoRun on Microsoft Windows systems can help prevent the spread of malicious code. However, Microsoft's guidelines for disabling AutoRun are not fully effective, which could be considered a vulnerability."

 

The Conficker worm spreads via autorun and we have run several diaries about autorun issues.

Conficker -> http://isc.sans.org/diary.html?storyid=5695

PictureFrame malware -> http://isc.sans.org/diary.html?storyid=3817

PictureFrame Malware2 -> http://isc.sans.org/diary.html?storyid=3807

Опубликовано
  • Автор

и время в очередной раз обновить Adobe Flash Player :smile3:

 

----------------------------------------------------------------------

 

TITLE:

Adobe Flash Player Multiple Vulnerabilities

 

SECUNIA ADVISORY ID:

SA34012

 

VERIFY ADVISORY:

http://secunia.com/advisories/34012/

 

DESCRIPTION:

Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious, local users to disclose sensitive information and potentially gain escalated privileges, and by malicious people to bypass certain security restrictions, disclose potentially sensitive information, and compromise a user's system.

 

1) An error when processing multiple references to an unspecified object can be exploited to dereference freed memory via a specially crafted SWF file.

 

Successful exploitation allows execution of arbitrary code.

 

2) An input validation error in the processing of SWF files can be exploited to cause a crash and potentially execute arbitrary code.

 

3) An error when displaying the mouse pointer on Windows can be exploited to potentially conduct "Clickjacking" attacks.

 

4) An error in the Linux Flash Player binary can be exploited to disclose sensitive information and potentially gain escalated privileges.

 

SOLUTION:

Apply vendor updates.

 

Flash Player 9.x:

Update to version 9.0.159.0.

http://www.adobe.com/go/kb406791

 

Flash Player 10.0.12.36 and prior:

Update to version 10.0.22.87.

http://www.adobe.com/go/getflash

 

Flash Player 10.0.12.36 and prior (network distribution):

Update to version 10.0.22.87.

http://www.adobe.com/licensing/distribution

 

Flash Player 10.0.15.3 and prior for Linux:

Update to version 10.0.22.87.

http://www.adobe.com/go/getflash

 

AIR 1.5:

Update to version 1.5.1.

http://get.adobe.com/air

 

Flash CS4 Professional:

Update to version 10.0.22.87.

http://www.adobe.com/support/flashplayer/downloads.html#fp10

 

Flash CS3 Professional:

Update to version 9.0.159.0.

http://www.adobe.com/support/flashplayer/downloads.html#fp9

 

Flex 3:

Update to version 10.0.22.87.

http://www.adobe.com/support/flashplayer/downloads.html#fp9

 

PROVIDED AND/OR DISCOVERED BY:

1) Javier Vicente Vallejo, reported via iDefense

2) The vendor credits Roee Hay from IBM Rational Application Security.

3) The vendor credits Eduardo Vela.

4) The vendor credits Josh Bressers of Red Hat and Tavis Ormandy of the Google Security Team.

 

ORIGINAL ADVISORY:

Adobe:

http://www.adobe.com/support/security/bull.../apsb09-01.html

 

iDefense:

http://labs.idefense.com/intelligence/vuln...play.php?id=773

 

----------------------------------------------------------------------

Для публикации сообщений создайте учётную запись или авторизуйтесь

Account

Navigation

Поиск

Поиск

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.