Advisories

MA-639.092016: MyCERT Advisory - Apple Releases Multiple Security Updates

  • 22 Sep 2016
  • Advisory
1.0 Introduction

Apple has released security updates to address vulnerabilities in macOS Server, macOS Sierra, and Safari. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Apple security pages for macOS Server, macOS Sierra , and Safari and apply the necessary updates.


2.0 Impact

Exploitation of some of these vulnerabilities may allow a remote attacker to take control of a vulnerable system.


3.0 Affected Products

The affected product of Apple Software Update include:
  • Prior version of macOS Server 5.2
  • Prior version of macOS Sierra 10.12
  • Prior version of Safari 10

     
4.0 Recommendations

MyCERT highly recommends users of these applications to upgrade to the latest version of the affected products:

4.1 macOS Server 5.2
https://support.apple.com/en-us/HT207171

4.2 macOS Sierra 10.12
https://support.apple.com/en-us/HT207170

4.3 Safari 10
https://support.apple.com/en-us/HT207157


Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.


For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected] â€¨
Phone : 1-300-88-2999 (monitored during business hours)

Fax : +603 89453442ʉ۬
Handphone : +60 19 2665850 (24x7 call incident reporting)

SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888

Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT

Web : https://www.mycert.org.my
Twitter : http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users


5.0     References
 

 
Read More

MA-638.092016: MyCERT Advisory - Mozilla Releases Security Updates

  • 22 Sep 2016
  • Advisory
1.0     Introduction

Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. Users and administrators are encouraged to review the Mozilla Security Advisories for Firefox and Firefox ESR and apply the necessary updates.


2.0     Impact

These updates address vulnerabilities that could potentially allow an attacker to take control of an affected system.


3.0     Affected Products

The detail lists of the Mozilla affected products are as below:
  • prior versions of Firefox 49
  • prior versions of Firefox ESR 45.4

     
4.0     Recommendation

MyCERT highly recommends users of these applications to upgrade to the latest version of the affected products. The following updates are available: 


4.1 Mozilla Firefox 49

Advisories can be referred at:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/

Can be downloaded at: 

https://www.mozilla.org/en-GB/firefox/new/


4.2 Mozilla Firefox ESR 45.3

Advisories can be referred at: 

https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/

Can be downloaded at:

https://www.mozilla.org/en-US/firefox/organizations/all/



Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.


For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected] â€¨
Phone : 1-300-88-2999 (monitored during business hours)

Fax : +603 89453442ʉ۬
Handphone : +60 19 2665850 (24x7 call incident reporting)

SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888

Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT

Web : https://www.mycert.org.my
Twitter : http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users


5.0     References
 







 
Read More

MA-635.092016: MyCERT Advisory - Apple Releases Security Updates

  • 14 Sep 2016
  • Advisory
1.0 Introduction

Apple has released security updates to address vulnerabilities in watchOS, Xcode, and iOS.

 

2.0 Impact

Exploitation of these vulnerabilities could potentially allow a remote attacker to take control of the affected system.

 

3.0 Affected Product

  • All Apple Watch models
  • Xcode 8: OS X El Capitan v10.11.5 and later
  • iOS 10.0.1: iPhone 5 and later, iPad 4th generation nd later, iPod touch 6th generation and later

 

4.0 Recommendation

We encourage users and administrators to review the Apple security updates website (https://support.apple.com/en-my/HT201222) and apply the necessary updates.

watchOS 3: https://support.apple.com/kb/HT207141

Xcode 8: https://support.apple.com/kb/HT207140

iOS 10.0.1: https://support.apple.com/kb/HT207145 

Update the software on your Mac:
https://support.apple.com/en-my/HT201541

Update the iOS software on your iPhone, iPad or iPad touch
https://support.apple.com/kb/HT204204

More information on how to enable automatic updates and alternative ways to get the updates can be found at Update OS X and App Store apps on your Mac at:

https://support.apple.com/en-us/HT201541

 

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:
E-mail: [email protected] or [email protected] 
Phone: 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442 
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT
Web: https://www.mycert.org.my
Twitter: http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps: IOS Users or Android Users

 

5.0 References

Read More

MA-636.092016: MyCERT Advisory - Adobe Releases Security Updates

  • 14 Sep 2016
  • Advisory
1.0 Introduction

Adobe has released security updates to address vulnerabilities in Digital Editions, Flash Player, and Air SKD & Compiler software.

 

2.0 Impact

Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

 

3.0 Affected Products

  • Digital Editions 4.5.1 and earlier versions (Windows, Mac, iOS and Android)
  • Adobe Flash Player Desktop Runtime 22.0.0.211 and earlier (Windows and Mac)
  • Adobe Flash Player Extended Support Release 18.0.0.366 and earlier (Windows and Mac)
  • Adobe Flash Player for Google Chrome 22.0.0.211 and earlier (Windows, Mac, Linux and ChromeOS)
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 22.0.0.211 and earlier (Windows 10 and 8.1)
  • Adobe Flash Player for Linux 11.2.202.632 and earlier (Linux)
  • Adobe AIR SDK and Compiler 22.0.0.153 and earlier (Windows and Mac)

 

4.0 Recommendation

Users and administrators are encouraged to review Adobe Security Bulletins and apply necessary updates:

 

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:
E-mail: [email protected] or [email protected] 
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442 
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYT
Web: https://www.mycert.org.my
Twitter: http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps: IOS Users or Android Users

 

5.0 References

Read More

MA-637.092016: MyCERT Advisory - Microsoft Releases September 2016 Security Bulletin

  • 14 Sep 2016
  • Advisory
1.0 Introduction

Microsoft has released 14 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.

 

2.0 The list of the Important vulnerabilities are as below:

2.1 Cumulative Security Update for Internet Explorer (3183038)

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=823624

2.2 Cumulative Security Update for Microsoft Edge (3183043)

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=823625

2.3 Security Update for Microsoft Graphics Component (3185848)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=824814

2.4 Security Update for Microsoft Office (3185852)

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=824817

2.5 Security Update for Microsoft Exchange Server (3185883)

This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow remote code execution in some Oracle Outside In libraries that are built into Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.
Patch: http://go.microsoft.com/fwlink/?LinkId=824829

2.6 Security Update for Silverlight (3182373)

This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application. An attacker would have no way to force a user to visit a compromised website. Instead, an attacker would have to convince the user to visit the website, typically by enticing the user to click a link in either an email or instant message that takes the user to the attacker's website.
Patch: http://go.microsoft.com/fwlink/?LinkId=824768

2.7 Security Update for Windows (3178467) 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker creates a specially crafted request and executes arbitrary code with elevated permissions on a target system.
Patch: http://go.microsoft.com/fwlink/?LinkId=821596

2.8 Security Update for Windows Kernel (3186973)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a target system.
Patch: http://go.microsoft.com/fwlink/?LinkId=825142

2.9 Security Update for Windows Lock Screen (3178469)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Windows improperly allows web content to load from the Windows lock screen.
Patch: http://go.microsoft.com/fwlink/?LinkId=821605

2.10 Security Update for Windows Secure Kernel Mode (3185876)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory.
Patch: http://go.microsoft.com/fwlink/?LinkId=824825

2.11 Security Update for SMBv1 Server (3185879)

This security update resolves a vulnerability in Microsoft Windows. On Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 operating systems, the vulnerability could allow remote code execution if an authenticated attacker sends specially crafted packets to an affected Microsoft Server Message Block 1.0 (SMBv1) Server. The vulnerability does not impact other SMB Server versions. Although later operating systems are affected, the potential impact is denial of service.
Patch: http://go.microsoft.com/fwlink/?LinkId=824826

2.12 Security Update for Microsoft Windows PDF Library (3188733)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow information disclosure if a user views specially crafted PDF content online or opens a specially crafted PDF document.
Patch: http://go.microsoft.com/fwlink/?LinkId=825727

2.13 Security Update in OLE Automation for VBScript Scripting Engine (3188724)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user of an affected system to visit a malicious or compromised website. Note that you must install two updates to be protected from the vulnerability discussed in this bulletin: The update in this bulletin, MS16-116, and the update in MS16-104.
Patch: http://go.microsoft.com/fwlink/?LinkId=825725

2.14 Security Update for Adobe Flash Player (3188128)

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Patch: http://go.microsoft.com/fwlink/?LinkId=825603

 

3.0 Recommendation

Users are recommended to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.
The how-to perform of the Windows Update is available at the following URL:

 

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.


For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected] 
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442 
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: https://www.mycert.org.my
Twitter: http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users

 

5.0 References

Read More

MA-634.092016: MyCERT Alert - The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations

  • 09 Sep 2016
  • Alert
1.0     Introduction

The advancing capabilities of organized hacker groups and cyber adversaries create an increasing global threat to information systems. The rising threat levels place more demands on security personnel and network administrators to protect information systems. Protecting the network infrastructure is critical to preserve the confidentiality, integrity, and availability of communication and services across an enterprise.

To address threats to network infrastructure devices, this Alert provides information on recent vectors of attack that advanced persistent threat (APT) actors are targeting, along with prevention and mitigation recommendations.


2.0     Impact

These updates address if network infrastructure is compromised could potentially allow an attacker to gain full control of the network infrastructure enabling further compromise of other types of devices and data and allowing traffic to be redirected, changed, or denied. Possibilities of manipulation include denial-of-service, data theft, or unauthorized changes to the data.


3.0     Affected Products

Network Infrastructure Devices such as routers, firewall, switches, load-balancers, intrusion detection systems, etc.
 

4.0     Recommendation

MyCERT highly recommend administrators to ensure proper configuration and control of network devices : 


4.1 Proliferation of Threats to Information Systems
4.2 Solution

4.2.1 Segregate Networks and Functions
  • Physical Separation of Sensitive Information
    Recommendations:
    • Implement Principles of Least Privilege and need-to-know when designing network segments.
    • Separate sensitive information and security requirements into network segments.
    • Apply security recommendations and secure configurations to all network segments and network layers.
  • Virtual Separation of Sensitive Information
    Recommendations:
    • Use Private Virtual LANs to isolate a user from the rest of the broadcast domains.
    • Use Virtual Routing and Forwarding (VRF) technology to segment network traffic over multiple routing tables simultaneously on a single router.
    • Use VPNs to securely extend a host/network by tunneling through public or private networks.

4.2.2 Limit Unnecessary Lateral Communications
Recommendations:
  • Restrict communications using host-based firewall rules to deny the flow of packets from other hosts in the network. The firewall rules can be created to filter on a host device, user, program, or IP address to limit access from services and systems.
  • Implement a VLAN Access Control List (VACL), a filter that controls access to/from VLANs. VACL filters should be created to deny packets the ability to flow to other VLANs.
  • Logically segregate the network using physical or virtual separation allowing network administrators to isolate critical devices onto network segments.
     
4.2.3 Harden Network Device
Recommendations:
  • Disable unencrypted remote admin protocols used to manage network infrastructure (e.g., Telnet, FTP).
  • Disable unnecessary services (e.g. discovery protocols, source routing, HTTP, SNMP, BOOTP).
  • Use SNMPv3 (or subsequent version) but do not use SNMP community strings.
  • Secure access to the console, auxiliary, and VTY lines.
  • Implement robust password policies and use the strongest password encryption available.
  • Protect router/switch by controlling access lists for remote administration.
  • Restrict physical access to routers/switches.
  • Backup configurations and store offline. Use the latest version of the network device operating system and update with all patches.
  • Periodically test security configurations against security requirements.
  • Protect configuration files with encryption and/or access controls when sending them electronically and when they are stored and backed up.
     
4.2.4 Secure Access to Infrastructure Devices
Recommendations:
  • Implement Multi-Factor Authentication
  • Manage Privileged Access
  • Manage Administrative Credentials
     
4.2.5 Perform Out-of-Band Management
Recommendations:
  • Segregate standard network traffic from management traffic.
  • Enforce that management traffic on devices only comes from the OoB.
  • Apply encryption to all management channels.
  • Encrypt all remote access to infrastructure devices such as terminal or dial-in servers.
  • Manage all administrative functions from a dedicated host (fully patched) over a secure channel, preferably on the OoB.
  • Harden network management devices by testing patches, turning off unnecessary services on routers and switches, and enforcing strong password policies. Monitor the network and review logs Implement access controls that only permit required administrative or management services (SNMP, NTP SSH, FTP, TFTP).
     
4.2.6 Validate Integrity of Hardware and Software
Recommendations:
  • Maintain strict control of the supply chain; purchase only from authorized resellers.
  • Require resellers to implement a supply chain integrity check to validate hardware and software authenticity.
  • Inspect the device for signs of tampering.
  • Validate serial numbers from multiple sources.
  • Download software, updates, patches, and upgrades from validated sources.
  • Perform hash verification and compare values against the vendor’s database to detect unauthorized modification to the firmware.
  • Monitor and log devices, verifying network configurations of devices on a regular schedule.
  • Train network owners, administrators, and procurement personnel to increase awareness of grey market devices.


Generally, MyCERT advises the administrators to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.


For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected] â€¨
Phone : 1-300-88-2999 (monitored during business hours)

Fax : +603 89453442ʉ۬
Handphone : +60 19 2665850 (24x7 call incident reporting)

SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888

Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT

Web : https://www.mycert.org.my
Twitter : http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users


5.0     References
 






 
Read More

MA-633.092016: MyCERT Advisory - WordPress Releases Security Update

  • 08 Sep 2016
  • Advisory
1.0     Introduction

WordPress 4.6 and prior versions are affected by two vulnerabilities: a cross-site scripting vulnerability via image filename, and a path traversal vulnerability in the upgrade package uploader.

Users and administrators are encouraged to review the WordPress Security Release and upgrade to WordPress 4.6.1.


2.0     Impact

These updates address vulnerabilities that could allow a remote attacker to take control of an affected system.


3.0     Affected Products

The affected products are WordPress versions 4.6 and earlier versions.


4.0     Recommendation

MyCERT highly recommends users of these applications to upgrade to the latest version of the affected products:
  • Wordpress users are highly advice to download latest version of Wordpress (4.6.1) which is available at:

    https://wordpress.org/download/
  • Another way is by utilizing the Wordpress interface, in which users can go to “Dashboard > Updates” and click “Update Now”.


Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.


For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected] â€¨
Phone : 1-300-88-2999 (monitored during business hours)

Fax : +603 89453442ʉ۬
Handphone : +60 19 2665850 (24x7 call incident reporting)

SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888

Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT

Web : https://www.mycert.org.my
Twitter : http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users


5.0     References
 
Read More

MA-632.092016: MyCERT Advisory - Adobe Releases Security Updates for ColdFusion

  • 02 Sep 2016
  • Advisory
1.0 Introduction
 
Adobe has released security updates to address a vulnerability in ColdFusion. Adobe has released security hotfixes for ColdFusion versions 10 and 11. These hotfixes resolve a critical vulnerability that could lead to information disclosure (CVE-2016-4264).
 
2.0 Impact
 
Exploitation of this vulnerability may allow a remote attacker to obtain sensitive information from an affected system.
 
3.0 Affected Products
 
  • ColdFusion 11 (update 9 and earlier versions)
  • ColdFusion 10 (update 20 and earlier versions)
 
4.0 Recommendation
 
Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
 
 
Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
 
For further enquiries, please contact MyCERT through the following channels:
 
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYT
Web: https://www.mycert.org.my
Twitter: http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps: IOS Users or Android Users
 
5.0 References
 
Read More
Showing 1-8 of 8 items.
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
Popular Advisories
Archives