Перейти к содержанию
View in the app

A better way to browse. Learn more.

IT2B - Технологии разведки для бизнеса

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Обновления клиентских программ и безопасность

Featured Replies

Опубликовано
  • Автор

очередное обновление от Microsoft - еще одна серьезная уязвимость

 

----------------------------------------------------------------------

 

TITLE:

Microsoft Windows DNS Spoofing Vulnerabilities

 

SECUNIA ADVISORY ID:

SA30925

 

VERIFY ADVISORY:

http://secunia.com/advisories/30925/

 

CRITICAL:

Moderately critical

 

IMPACT:

Spoofing

 

WHERE:

From remote

 

OPERATING SYSTEM:

Microsoft Windows 2000 Advanced Server

http://secunia.com/product/21/

Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2008 http://secunia.com/product/18255/

 

DESCRIPTION:

Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to poison the DNS cache.

 

1) An error in the Windows DNS client and Windows DNS server due to insufficient socket entropy when performing DNS queries can be exploited to poison the DNS cache.

 

2) An error in the Windows DNS server may cause it to accept records from responses outside of the remote server's authority. This can be exploited via specially crafted responses to DNS requests to poison the DNS cache.

 

SOLUTION:

Apply patches.

 

-- DNS Client --

 

Windows 2000 SP4:

http://www.microsoft.com/downloads/details...21-c70cd07cdd22

 

Windows XP SP2/SP3:

http://www.microsoft.com/downloads/details...a8-b38907467cdf

 

Windows XP Professional x64 Edition (optionally with SP2):

http://www.microsoft.com/downloads/details...1b-4ca89002907b

 

Windows Server 2003 SP1/SP2:

http://www.microsoft.com/downloads/details...ad-fcaf05d7dab9

 

Windows Server 2003 x64 Edition (optionally with SP2):

http://www.microsoft.com/downloads/details...6d-3131474ffe1f

 

Windows Server 2003 SP1/SP2 for Itanium-based systems:

http://www.microsoft.com/downloads/details...2d-a1980b66ae3e

 

 

-- DNS Server --

 

Windows 2000 Server SP4:

http://www.microsoft.com/downloads/details...d0-485d2d41335b

 

Windows Server 2003 SP1/SP2:

http://www.microsoft.com/downloads/details...b3-9cd88f468a42

 

Windows Server 2003 x64 Edition (optionally with SP2):

http://www.microsoft.com/downloads/details...21-1acd1c43b162

 

Windows Server 2003 SP1/SP2 for Itanium-based systems:

http://www.microsoft.com/downloads/details...f1-fec7408886bb

 

Windows Server 2008 for 32-bit Systems:

http://www.microsoft.com/downloads/details...13-c4fcae276c7b

 

Windows Server 2008 for x64-based Systems:

http://www.microsoft.com/downloads/details...0a-f5902d37bfd0

 

PROVIDED AND/OR DISCOVERED BY:

1) The vendor credits Dan Kaminsky, IOActive.

2) Reported by the vendor.

 

ORIGINAL ADVISORY:

MS08-037 (KB953230):

http://www.microsoft.com/technet/security/...n/MS08-037.mspx

  • Ответов 79
  • Просмотры 24,6т
  • Создана
  • Последний ответ

Топ авторов темы

Опубликовано
  • Автор

да, и кстати забыл отпостить про обновление Acrobat Reader. Рекомендую обновиться ;-)

 

----------------------------------------------------------------------

 

TITLE:

Adobe Reader/Acrobat JavaScript Method Handling Vulnerability

 

SECUNIA ADVISORY ID:

SA30832

 

VERIFY ADVISORY:

http://secunia.com/advisories/30832/

 

CRITICAL:

Highly critical

 

IMPACT:

DoS, System access

 

WHERE:

From remote

 

SOFTWARE:

Adobe Acrobat 8 Professional

http://secunia.com/product/13785/

Adobe Acrobat 8.x

http://secunia.com/product/12256/

Adobe Acrobat 7.x

http://secunia.com/product/4594/

Adobe Acrobat 7 Professional

http://secunia.com/product/13786/

Adobe Acrobat 3D

http://secunia.com/product/13149/

Adobe Reader 7.x

http://secunia.com/product/4546/

Adobe Reader 8.x

http://secunia.com/product/12829/

 

DESCRIPTION:

A vulnerability has been reported in Adobe Reader/Acrobat, which potentially can be exploited by malicious people to compromise a user's system.

 

The vulnerability is caused due to an error in the implementation of an unspecified JavaScript method and can be exploited to cause a crash or potentially execute arbitrary code via a specially crafted PDF file.

 

NOTE: The vulnerability is reportedly being exploited in the wild.

 

The vulnerability is reported in the following products and

versions:

* Adobe Reader versions 8.0 through 8.1.2

* Adobe Reader versions 7.0.9 and earlier

* Adobe Acrobat Professional, 3D and Standard versions 8.0 through

8.1.2

* Adobe Acrobat Professional, 3D and Standard versions 7.0.9 and earlier

 

SOLUTION:

Adobe Reader 8 for Windows:

Update to Adobe Reader 8.1.2 Security Update 1.

http://www.adobe.com/support/downloads/detail.jsp?ftpID=3967

 

Adobe Reader 8 for Macintosh:

Update to Adobe Reader 8.1.2 Security Update 1.

http://www.adobe.com/support/downloads/detail.jsp?ftpID=3966

 

Acrobat 8 for Windows:

Update to Acrobat 8.1.2 Security Update 1.

http://www.adobe.com/support/downloads/detail.jsp?ftpID=3976

 

Acrobat 8 for Macintosh:

Update to Acrobat 8.1.2 Security Update 1.

http://www.adobe.com/support/downloads/detail.jsp?ftpID=3977

 

Acrobat 3D Version 8 for Windows:

Update to Acrobat 3D Version 8.1.2 Security Update 1.

http://www.adobe.com/support/downloads/detail.jsp?ftpID=3975

 

Adobe Reader 7.0 through 7.0.9:

Upgrade to Adobe Reader 7.1.0.

http://www.adobe.com/go/getreader

 

Acrobat 7 for Windows:

Update to Acrobat 7.1.0.

http://www.adobe.com/support/downloads/pro...latform=Windows

 

Acrobat 7 for Macintosh:

Update to Acrobat 7.1.0.

http://www.adobe.com/support/downloads/pro...tform=Macintosh

 

PROVIDED AND/OR DISCOVERED BY:

The vendor credits the Information Security Team of the Johns Hopkins University Applied Physics Laboratory.

 

ORIGINAL ADVISORY:

Adobe APSB08-15:

http://www.adobe.com/support/security/bull.../apsb08-15.html

 

----------------------------------------------------------------------

  • 3 недели спустя...
Опубликовано
  • Автор

с некоторым запозданием напоминаю - надо снова обновить Firefox до версии 2.0.16

 

----------------------------------------------------------------------

 

TITLE:

Mozilla Firefox 2 URI Launching Vulnerability

 

SECUNIA ADVISORY ID:

SA31120

 

VERIFY ADVISORY:

http://secunia.com/advisories/31120/

 

CRITICAL:

Less critical

 

IMPACT:

Security Bypass, Exposure of sensitive information

 

WHERE:

From remote

 

SOFTWARE:

Mozilla Firefox 2.0.x

http://secunia.com/product/12434/

 

DESCRIPTION:

A vulnerability has been reported in Firefox 2, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information.

 

The problem is that it is possible to open multiple tabs via pipe symbols within the URI and can e.g. be exploited to launch "chrome:"

URIs via the command-line. This can also be exploited to read files from a user's system using the "file:" URI but requires that an attacker is able to place a malicious file in a guessable location on a user's system (e.g. in combination with another security issue).

 

Successful exploitation requires that the URI is passed to Firefox from e.g. another browser and that Firefox is not running.

 

The vulnerability is reported in versions prior to 2.0.0.16.

 

SOLUTION:

Update to version 2.0.0.16.

http://www.mozilla.com/en-US/firefox/all-older.html

 

PROVIDED AND/OR DISCOVERED BY:

The vendor credits Billy Rios.

 

ORIGINAL ADVISORY:

MFSA 2008-35:

http://www.mozilla.org/security/announce/2...fsa2008-35.html

 

 

  • 3 недели спустя...
Опубликовано
  • Автор

пришло время обновить Internet Explorer (да и Windows в-целом) - вышло очередное обновление Windows (см. анализ на SANS - _ttp://isc.sans.org/diary.html?n&storyid=4876).

 

 

_ttp://secunia.com/advisories/31375/

----------------------------------------------------------------------

 

TITLE:

Internet Explorer Multiple Vulnerabilities

 

SECUNIA ADVISORY ID:

SA31375

 

VERIFY ADVISORY:

http://secunia.com/advisories/31375/

 

CRITICAL:

Highly critical

 

IMPACT:

System access

 

WHERE:

From remote

 

SOFTWARE:

Microsoft Internet Explorer 5.01

http://secunia.com/product/9/

Microsoft Internet Explorer 6.x

http://secunia.com/product/11/

Microsoft Internet Explorer 7.x

http://secunia.com/product/12366/

 

DESCRIPTION:

Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

 

1) An unspecified error may result in uninitialised memory being accessed in certain situations.

 

2) Another unspecified error may result in uninitialised memory being accessed in certain situations.

 

3) An error exists in the way Internet Explorer may access an object that has not been correctly initialised or has been deleted. This can be exploited to corrupt memory.

 

4) Two other unspecified errors may result in uninitialised memory being accessed in certain situations.

 

5) An error in the way arguments are validated in print preview handling can be exploited to corrupt memory.

 

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

 

SOLUTION:

Apply patches.

 

-- Windows 2000 SP4 --

 

Internet Explorer 5.01 SP4:

http://www.microsoft.com/downloads/details...9D-DB0EE067D65B

 

Internet Explorer 6 SP1:

http://www.microsoft.com/downloads/details...A4-63A814954796

 

 

-- Internet Explorer 6 --

 

Windows XP SP2:

http://www.microsoft.com/downloads/details...8D-4FCE44CC0BC2

 

Windows XP SP3:

http://www.microsoft.com/downloads/details...8D-4FCE44CC0BC2

 

Windows XP Professional x64 Edition (optionally with SP2):

http://www.microsoft.com/downloads/details...EF-34E7337FF604

 

Windows Server 2003 SP1/SP2:

http://www.microsoft.com/downloads/details...A0-CE38EFE13524

 

Windows Server 2003 x64 Edition (optionally with SP2):

http://www.microsoft.com/downloads/details...4E-7D4DDA5E0A90

 

Windows Server 2003 with SP1/SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details...BC-BB55EB0045FE

 

 

-- Internet Explorer 7 --

 

Windows XP SP2/SP3:

http://www.microsoft.com/downloads/details...A3-2D3C6A953752

 

Windows XP Professional x64 Edition (optionally with SP2):

http://www.microsoft.com/downloads/details...18-AB0517C5E7CF

 

Windows Server 2003 SP1/SP2:

http://www.microsoft.com/downloads/details...7C-053DD59A65BF

 

Windows Server 2003 x64 Edition (optionally with SP2):

http://www.microsoft.com/downloads/details...D0-7D3CD71C1987

 

Windows Server 2003 with SP1/SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details...BD-1E3976C82ACF

 

Windows Vista (optionally with SP1):

http://www.microsoft.com/downloads/details...44-E4CB104C4CAD

 

Windows Vista x64 Edition (optionally with SP1):

http://www.microsoft.com/downloads/details...D6-80F991266428

 

Windows Server 2008 for 32-bit Systems:

http://www.microsoft.com/downloads/details...CF-86D86C56B0F8

 

Windows Server 2008 for x64-based Systems:

http://www.microsoft.com/downloads/details...67-A0EAE8D5EE5D

 

Windows Server 2008 for Itanium-based Systems:

http://www.microsoft.com/downloads/details...95-E9D7A5B3D3F7

 

PROVIDED AND/OR DISCOVERED BY:

1) The vendor credits Yamata Li, Palo Alto Networks.

2) Reported by the vendor.

3) The vendor credits Tavis Ormandy, Google Security Team.

4) The vendor credits Sam Thomas via ZDI along with TippingPoint and ZDI.

5) Reported by the vendor.

 

ORIGINAL ADVISORY:

MS08-045 (KB953838):

http://www.microsoft.com/technet/security/...n/MS08-045.mspx

 

----------------------------------------------------------------------

 

 

Опубликовано
  • Автор

а теперь то же самое для пользователей Opera

 

----------------------------------------------------------------------

 

TITLE:

Opera Multiple Vulnerabilities

 

SECUNIA ADVISORY ID:

SA31549

 

VERIFY ADVISORY:

http://secunia.com/advisories/31549/

 

CRITICAL:

Highly critical

 

IMPACT:

Security Bypass, Spoofing, Exposure of sensitive information, DoS, System access

 

WHERE:

From remote

 

SOFTWARE:

Opera 5.x

http://secunia.com/product/82/

Opera 6.x

http://secunia.com/product/81/

Opera 7.x

http://secunia.com/product/761/

Opera 8.x

http://secunia.com/product/4932/

Opera 9.x

http://secunia.com/product/10615/

 

DESCRIPTION:

Some vulnerabilities have been reported in Opera, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, bypass certain security restrictions, disclose potentially sensitive information, or potentially compromise a user's system.

 

1) An unspecified error exists when Opera is executed as a protocol handler. This can be exploited to cause a crash and potentially execute arbitrary code.

 

NOTE: Reportedly, the vulnerability only affects Opera for Windows.

 

2) The problem is that a web page can change the address of frames from other sites opened inside a pop-up window. This can be exploited to load malicious content into a frame of a trusted website.

 

3) An unspecified error can be exploited to conduct cross-site scripting attacks. No further information is currently available.

 

4) An error exists in the processing of custom shortcut and menu commands. This can be exploited to execute applications with potentially dangerous parameters, created from uninitialized memory.

 

Successful exploitation may allow execution of arbitrary code, but requires that a user is tricked into modifying shortcuts or menu files.

 

5) An error exists while reporting websites as secure for browsing.

This can be exploited to determine the reporting of an insecure website as secure by including a frame with content from a secure website.

 

6) An error exists when checking if a web page links to a local file.

This can be exploited to link to local feed source files and potentially determine if a file is present on the local system.

 

7) An error exists when processing news feed subscription requests.

This can be exploited to change the address field to the address of the malicious web page and mislead a user.

 

The vulnerabilities are reported in versions prior to 9.52.

 

SOLUTION:

Update to version 9.52.

http://www.opera.com/download/

 

PROVIDED AND/OR DISCOVERED BY:

The vendor credits:

3) Chris Weber of Casaba Security

4) Michael A. Puls II

5) Lars Kleinschmidt

 

ORIGINAL ADVISORY:

http://www.opera.com/docs/changelogs/windows/952/

 

http://www.opera.com/support/search/view/892/

http://www.opera.com/support/search/view/893/

http://www.opera.com/support/search/view/894/

http://www.opera.com/support/search/view/895/

http://www.opera.com/support/search/view/896/

http://www.opera.com/support/search/view/897/

 

----------------------------------------------------------------------

Для публикации сообщений создайте учётную запись или авторизуйтесь

Account

Navigation

Поиск

Поиск

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.