From alertmailinglist at skiifwrald.com Fri Nov 12 11:52:31 2010 From: alertmailinglist at skiifwrald.com (Security and IT News Alerts) Date: Fri, 12 Nov 2010 12:22:31 +1030 Subject: [Sunnet Alert] Advisory #284 - Microsoft (Multiple), Multiple News Message-ID: S?nnet Beskerming Alert List Advisory #284 You are receiving this message because you have subscribed to our Information Security Alert Mailing List, or have been selected for a specific one-off copy. If you believe that you are receiving this message in error,pleasecontactinfo at beskerming.com to resolve the error. Why not upgrade to get same day notification on security threats? Details and rates available online - (http://www.beskerming.com/premium/generic_advisory.html). Why not go the next step and get delivery tailored just for your company? (http://www.beskerming.com/premium/focussed_advisory.html) Once you've had a chance to read through this advisory, come back and answer the following question. Did you like the timeliness of the advisory? Our premium subscribers get this sort of service on every advisory - same day coverage of security discoveries and full details on all external tracking data that we have discovered, to help keep you informed and form a well-rounded opinion and assessment of the risk to you, your systems, and your data. Contents -------------------------------------------------------------------- 1. SECURITY -------------------------------------------------------------------- 1.1 Microsoft (Multiple) - Remote Hacker Automatic Control - Time Since Discovery - 3 Days ======================================= /* - Remote or Local - Can it be achieved through a network or does it require physical access? - Hacker - The bad guy - Manual or Automatic - Does the vulnerability need to be manually performed, or can it be automated? - Control, Denial of Service or Data Theft - Will the hacker get control of your system / website, will they prevent you from using it, or will they steal data. */ -------------------------------------------------------------------- 2. NEWS -------------------------------------------------------------------- 2.1 Homepage.mac.com is Dead, Long Live homepage.mac.com 2.2 Nobel Peace Prize Site Hacked to Serve Firefox Attack 2.3 The Importance of a Good Backup ===================================== 1. SECURITY 1.1 Microsoft Windows - Remote Hacker Automatic Control -- Products Affected -- Forefront Unified Access Gateway, Office -- Technical Description -- MS10-087 - Office. Remote Code Execution. Replaces MS10-003, MS10-036. Critical MS10-088 - Office. Remote Code Execution. Replaces MS10-004, MS10-036, MS09-017. Important MS10-089 - Forefront Unified Access Gateway. Elevation of Privilege. Important -- Description -- November's Security Bulletin release by Microsoft this week saw three bulletins released, in line with the Advance Notification from last week. The first two bulletins deal with remote code execution vulnerabilities with various elements of Office, while the third bulletin is for Forefront Unified Access Gateway elevation of privilege vulnerabilities. At least some of the vulnerabilities had been publicly disclosed prior to patch release, though there were no indications of any attacks targeting them. -- Recommended Action -- All users and administrators should apply the updates at the earliest opportunity. -- Source -- http://www.microsoft.com/technet/security/bulletin/ms10-nov.mspx http://www.beskerming.com/services/176/Patch_Briefing http://store.eSellerate.net/s.asp?s=STR3448907936&Cmd=CATALOG&CategoryID=9811 -- Updates Available -- http://www.microsoft.com/technet/security/bulletin/ms10-087.mspx http://www.microsoft.com/technet/security/bulletin/ms10-088.mspx http://www.microsoft.com/technet/security/bulletin/ms10-089.mspx -- External Tracking Data -- CVE-ID: CVE-2010-3333 (MS10-087) CVE-ID: CVE 2010-3334 (MS10-087) CVE-ID: CVE-2010-3335 (MS10-087) CVE-ID: CVE 2010-3336 (MS10-087) CVE-ID: CVE-2010-3337 (MS10-087) CVE-ID: CVE-2010-2572 (MS10-088) CVE-ID: CVE 2010-2573 (MS10-088) CVE-ID: CVE-2010-2732 (MS10-089) CVE-ID: CVE 2010-2733 (MS10-089) CVE-ID: CVE-2010-2734 (MS10-089) CVE-ID: CVE-2010-3936 (MS10-089) -- Threat Matrix -- U O Home User 10 10 (Highly Critical) Corporate 10 10 (Highly Critical) ======================================= /* Threat Matrix: U - User O - Operator Harmless - 0 ----- 10 - Highly Critical */ ======================================= 2. NEWS 2.1 Homepage.mac.com is Dead, Long Live homepage.mac.com First it was GeoCities going to the great bit-bucket in the sky, now it has been joined by Apple's .Mac HomePage offering. As of November 8th, access to sites hosted on homepage.mac.com will be withdrawn. Having notified users more than 12 months ago that publishing material to the homepage.mac.com domain would cease, Apple have completed the wind down of the legacy service, replacing it with the MobileMe (me.com) service. For at least a little while longer, some of the homepage.mac.com sites are still present, though the domain now redirects to me.com, and mac.com redirects to Apple's Macintosh hardware offerings. Old homepage.mac.com material hasn't been deleted, it has just been moved into the user's iDisk online storage. 2.2 Nobel Peace Prize Site Hacked to Serve Firefox Attack For many years, one of the arguments as to why the Windows platform was targeted so much by malware authors was due to its widespread popularity and market share. When the Internet gained widespread acceptance and use, many attacks against Microsoft's dominant Internet Explorer were explained using similar logic. Attacks that targeted other browsers would often also include an infection vector for Internet Explorer, to improve the chances of actually gaining infected users. Taking this line of reasoning a step further, users of other internet browsers argue that by not using Internet Explorer, their Internet experience is inherently safer. Just this past week an interesting variation to this situation has come to light, with an attack surfacing on the Nobel Peace Prize website that only targeted users of the Firefox browser. The attack was made using a very recently disclosed vulnerability and did not contain any infection vector targeting Internet Explorer users. The malware installed by the attack gives the attacker control over the infected system to the same level as the infected user. Until a patch can be applied, disabling JavaScript support prevents infection due to this vulnerability. 2.3 The Importance of a Good Backup It can never be stressed too much how important it is to maintain a sound backup policy, which includes testing the backups to ensure that they will actually work when you need them. A Swedish Professor recently found out how important this is when he had a laptop stolen which contained material that had not been backed up. Much to the professor's surprise, a week later he was sent a USB thumb drive that had been taken along with the laptop. On the thumb drive were all the files from the laptop, conveniently backed up for the professor by the thief. ======================================= Sincerely, S?nnet Beskerming Team info at beskerming.com S?nnet Beskerming Pty. Ltd. Adelaide, Australia http://www.beskerming.com Tel: +61 (0) 410 707 444 ** S?nnet Beskerming Pty. Ltd. ** Established in mid 2004, S?nnet Beskerming Pty. Ltd. is the sister company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and commercialise the research coming out of Jongsma & Jongsma Pty. Ltd.. S?nnet Beskerming Pty. Ltd. is an Information Security specialist and, in conjunction with the tools developed by Jongsma & Jongsma Pty. Ltd., provides total security solutions and services, from the perimeter to internal data stores, including web application security and security testing and analysis.