Advisories

MA-358.092013: MyCERT Alert - Critical Vulnerability in Microsoft Internet Explorer 8 and 9

  • 19 Sep 2013
  • Alert
1.0 Introduction

A critical vulnerability has been identified in the Microsoft Internet Explorer version 8 and 9. The vulnerability, if successfully exploited will cause the application to crash and could potentially allow an attacker to take control of the affected system. [1]

Essentially, an attacker can trick users into clicking on a URL that will direct the users to a specially crafted web page containing the exploit. However, based on incident reported, the malicious code was embedded to a well known website and start exploiting the visitors.

MyCERT is aware that a '0-day' exploit is available on the Internet at the time of the publication of this advisory. [2]

2.0 Impact

An attacker who successfully exploits this vulnerability will be able to execute codes remotely and gain the same privilege as the user. Unsuccessful attacks may cause denial-of-service (DoS) outcomes. This vulnerability could be exploited to install malware on the user's computer.

3.0 Affected Products

The detail list of the vulnerable products and versions are as below:

  • Microsoft Internet Explorer 8
  • Microsoft Internet Explorer 9

4.0 Recommendations

As of the writing of this advisory, Microsoft has not released any security patches for this vulnerability. However, users can use the following steps as a temporary workaround if they need to use Microsoft Internet Explorer:

4.1 Windows users are advised to apply the Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround. However, FixIt ONLY applies to 32-bit versions of Internet Explorer. User must have security update 2870699 installed for this Fix it to provide effective protection against this issue. Step by step on how to apply Fix it can be found at the following URL:

To enable or disable this Fix it solution, click the Fix it button or link under the Enable heading or under the Disable heading. Click Run in the File Download dialog box, and then follow the steps in the Fix it wizard.

4.2 Windows users are advised to add and enhanced EMET support for Internet Explorer (iexplorer.exe). Step by step on how to add the EMET support for specific application can be found in our Protecting Your Windows Computer with Enhanced Mitigation Experience Toolkit (EMET) tutorial at the following URL:

Configure your EMET to protect either

  • C:\program files\Internet Explorer\iexplore.exe
     
  • C:\Program Files (x86)\Internet Explorer\iexplore.exe

4.3 Disable Active Script support in the browser. Active Script can be disabled by referring to the following steps:

On the Tools menu, click Internet Options

Click the Security tab, choose Internet zone and click on Custom Level

Disable the Active Scripting and click OK

Do the same step for Local Intranet Security Zone

4.4 Another option for the recommendation in 4.3 is to configure the Enhanced Security Configuration for Internet Explorer and set the Internet Security Zone and Local Intranet Security Zones to "High".

4.5 Do not browse to untrusted websites or click on untrusted links especially URLs enclosed in e-mails from an unknown sender.

4.6 Browse the Internet through access of a lower privilege user to minimize the impact of the malicious file.

4.7 Consider using alternative web browsers to browse the Internet. Please make sure you use the latest version and stay up-to-date as well.

MyCERT would like to advise the users of Microsoft product to be vigilant of the latest security announcements by Microsoft and ensure that they automatically update the operating systems. The article on how to enable the auto update feature in Microsoft is available at the following URL:

Users may also consider using a vulnerability management tool such as Secunia to ensure that all applications are updated:

MyCERT generally advise users of this product to keep themselves updated with the latest security announcements by the vendor. In case the public receives any suspicious URL, and requires our further analysis, please reach us through the following channels:

E-mail : [email protected] or [email protected]
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: https://www.mycert.org.my

5.0 References

Read More

MA-357.092013: MyCERT Alert - Microsoft Security Bulletin Summary For September 2013

  • 11 Sep 2013
  • Alert
1.0 Introduction

Microsoft had released 13 Security Bulletins–four Critical and nine Important–which addressed 47 unique CVEs in Microsoft Windows, Office, Internet Explorer and SharePoint. For those who need to prioritize their deployment planning, we recommend focusing on MS13-067, MS13-068, and MS13-069 first.

2.0 The list of the critical vulnerabilities are as below:

2.1 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)

This security update resolves one publicly disclosed vulnerability and nine privately reported vulnerabilities in Microsoft Office Server software. The most severe vulnerability could allow remote code execution in the context of the W3WP service account if an attacker sends specially crafted content to the affected server.

Patch: http://technet.microsoft.com/en-us/security/bulletin/ms13-067

2.2 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473)

This security update resolves a privately reported vulnerability in Microsoft Outlook. The vulnerability could allow remote code execution if a user opens or previews a specially crafted email message using an affected edition of Microsoft Outlook. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Patch: https://technet.microsoft.com/en-us/security/bulletin/ms13-068

2.3 Cumulative Security Update for Internet Explorer (2870699)

This security update resolves ten privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Patch: https://technet.microsoft.com/en-us/security/bulletin/ms13-069

2.4 Vulnerability in OLE Could Allow Remote Code Execution (2876217)

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Patch: https://technet.microsoft.com/en-us/security/bulletin/ms13-070

3.0 The list of the Important vulnerabilities are as below:

3.1 Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user applies a specially crafted Windows theme on their system. In all cases, a user cannot be forced to open the file or apply the theme; for an attack to be successful, a user must be convinced to do so.

Patch: https://technet.microsoft.com/en-us/security/bulletin/ms13-071

3.2 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)

This security update resolves 13 privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Office software. An attacker who successfully exploited the most severe vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Patch: http://technet.microsoft.com/en-us/security/bulletin/ms13-072

3.3  Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)

This security update resolves three privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens a specially crafted Office file with an affected version of Microsoft Excel or other affected Microsoft Office software. An attacker who successfully exploited the most severe vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Patch: http://technet.microsoft.com/en-us/security/bulletin/ms13-073

3.4 Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)

This security update resolves three privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Access file with an affected version of Microsoft Access. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Patch: https://technet.microsoft.com/en-us/security/bulletin/ms13-074

3.4 Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687)

This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged on attacker launches Internet Explorer from the toolbar in Microsoft Pinyin IME for Simplified Chinese. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Only implementations of Microsoft Pinyin IME 2010 are affected by this vulnerability. Other versions of Simplified Chinese IME and other implementations of IME are not affected.

Patch: https://technet.microsoft.com/en-us/security/bulletin/ms13-075

3.5 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2876315)

This security update resolves seven privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs onto the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.

Patch: https://technet.microsoft.com/en-us/security/bulletin/ms13-076

3.6 Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339)

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker convinces an authenticated user to execute a specially crafted application. To exploit this vulnerability, an attacker either must have valid logon credentials and be able to log on locally or must convince a user to run the attacker's specially crafted application.

Patch: https://technet.microsoft.com/en-us/security/bulletin/ms13-077

3.7 Vulnerability in FrontPage Could Allow Information Disclosure (2825621)

This security update resolves a privately reported vulnerability in Microsoft FrontPage. The vulnerability could allow information disclosure if a user opens a specially crafted FrontPage document. The vulnerability cannot be exploited automatically; for an attack to be successful a user must be convinced to open the specially crafted document.

Patch: https://technet.microsoft.com/en-us/security/bulletin/ms13-078

3.8 Vulnerability in Active Directory Could Allow Denial of Service (2853587)

This security update resolves a privately reported vulnerability in Active Directory. The vulnerability could allow denial of service if an attacker sends a specially crafted query to the Lightweight Directory Access Protocol (LDAP) service.

Patch: https://technet.microsoft.com/en-us/security/bulletin/ms13-079

4.0 Recommendation

Users are recommended to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.

The how-to perform of the Windows Update is available at the following URL:

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor.

For further enquiries, please contact MyCERT through the following channels:

E-mail : [email protected] or [email protected]
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: https://www.mycert.org.my

5.0 References

Read More

MA-356.092013: MyCERT Alert - Security Updates for Multiple Critical Vulnerabilities in Adobe Products

  • 11 Sep 2013
  • Alert
1.0 Introduction

Adobe has released 3 security updates on September 10, 2013. The details are as below:

  • Security update for Adobe Shockwave Player
  • Security update for Adobe Reader and Acrobat
  • Security update for Adobe Flash Player 

2.0 Impact

This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system and also address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

3.0 Affected Products

3.1 Adobe Shockwave Player

Adobe Shockwave Player 12.0.3.133 and earlier versions on the Windows and Macintosh operating systems.

3.2 Adobe Reader and Acrobat

  • Adobe Reader XI (11.0.03) and earlier 11.x versions for Windows and Macintosh
  • Adobe Reader X (10.1.7) and earlier 10.x versions for Windows and Macintosh
  • Adobe Acrobat XI (11.0.03) and earlier 11.x versions for Windows and Macintosh
  • Adobe Acrobat X (10.1.7) and earlier 10.x versions for Windows and Macintosh

3.3 Adobe Flash Player

  • Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.297  and earlier versions for Linux
  • Adobe Flash Player 11.1.115.69 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.64 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.8.0.870 and earlier versions for Windows and Android
  • Adobe AIR 3.8.0.910 and earlier versions for Macintosh
  • Adobe AIR 3.8.0.870 SDK & Compiler and earlier versions for Windows
  • Adobe AIR 3.8.0.910 SDK & Compiler and earlier versions for Macintosh

4.0 Recommendation

MyCERT recommends users of Adobe to upgrade to the newest version of the affected softwares from:

4.1 Adobe Shockwave Player

Adobe recommends users of Adobe Shockwave Player 12.0.3.133 and earlier versions update to the newest version 12.0.4.144, available here:

http://get.adobe.com/shockwave/

4.2 Adobe Reader and Acrobat

4.2.1 Adobe Reader

Users on Windows and Macintosh can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule.  Update checks can be manually activated by choosing Help > Check for Updates.

Adobe Reader users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.

Adobe Reader users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.

4.2.2 Adobe Acrobat

Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule.  Update checks can be manually activated by choosing Help > Check for Updates.

Acrobat Standard and Pro users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows.

Acrobat Pro Extended users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows.

Acrobat Pro users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.

4.3 Adobe Flash Player

  • Adobe recommends users of Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh update to the newest version 11.8.800.168 by downloading it from the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.
     
  • Adobe recommends users of Adobe Flash Player 11.2.202.297 and earlier versions for Linux update to Adobe Flash Player 11.2.202.310 by downloading it from the Adobe Flash Player Download Center.
     
  • For users of Flash Player 10.3.183.90 and earlier versions for Windows and Macintosh, who cannot update to Flash Player 11.8.800.168, Adobe has made available the update Flash Player 11.7.700.242, which can be downloaded here.* Note:  Beginning July 9, 2013, Adobe Flash Player 11.7.x replaced version 10.3.x as the extended support version.  Adobe recommends users upgrade to version 11.7.x in order to continue to receive security updates.  See this blog post for further details.
     
  • Adobe Flash Player 11.8.800.97 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.8.800.170 for Windows, Macintosh and Linux.
     
  • Adobe Flash Player 11.8.800.94 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.8.800.168 for Windows 8.
     
  • Users of Adobe Flash Player 11.1.115.69 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.81*.  * Note: Applicable only for Android 4.x devices with Flash Player installed prior to August 15, 2012.
     
  • Users of Adobe Flash Player 11.1.111.64 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.73*.  * Note: Applicable only for Android 3.x devices and earlier with Flash Player installed prior to August 15, 2012.
     
  • Users of Adobe AIR 3.8.0.870 and earlier versions for Windows should update to Adobe AIR 3.8.0.1430.
     
  • Users of Adobe AIR 3.8.0.910 and earlier versions for Macintosh should update to Adobe AIR 3.8.0.1430.
     
  • Users of the Adobe AIR 3.8.0.870 SDK & Compiler and earlier versions for Windows should update to the Adobe AIR 3.8.0.1430 SDK & Compiler.
     
  • Users of the Adobe AIR 3.8.0.910 SDK & Compiler and earlier versions for Macintosh should update to the Adobe AIR 3.8.0.1430 SDK & Compiler.
     
  • Users of the Adobe AIR 3.8.0.870 and earlier versions for Android should update to Adobe AIR 3.8.0.1430 by browsing to Google play or the Amazon Marketplace on an Android device.

MyCERT generally advise users to keep themselves updated with the latest security announcements by the vendor. In case the public receives any suspicious URL or .SWF file, and requires our further analysis, please reach us through the following channels:

E-mail : [email protected]
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT <EMAIL> <COMPLAINT> to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: https://www.mycert.org.my

5.0 References

Read More
Showing 1-3 of 3 items.
(not set)
(not set)
(not set)
Popular Advisories
Archives