Jump to content

US CERTS Combined

Guest MEB

By Guest MEB
in Windows 98

 Share

Recommended Posts

Guest MEB

Guest MEB

Posted
Posted

This post concerns issues in Windows [not us/9X] IE, and other,. the second

segment concerns exploits in PDF documents.

As 9x can not use the newer Reader versions, disable Java, html

connections, and other aspects in the 9X reader [see its settings to

disable], or use something like Foxit Reader to help avoid potential issues.

Your firewall can also be used to block Adobe Reader's access to the outside

world.

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

National Cyber Alert System

 

Technical Cyber Security Alert TA08-043C

 

 

Microsoft Updates for Multiple Vulnerabilities

 

Original release date: February 12, 2008

Last revised: February 12, 2008

Source: US-CERT

 

Systems Affected

 

* Microsoft Windows

* Microsoft Internet Explorer

* Microsoft Office

* Microsoft Visual Basic

* Microsoft Internet Information Services (IIS)

 

Overview

 

Microsoft has released updates that address critical vulnerabilities

in Microsoft Windows, Internet Explorer, Office, Visual Basic and

Internet Information Services (IIS). Exploitation of these

vulnerabilities could allow a remote, unauthenticated attacker to

execute arbitrary code, gain elevated privileges, or crash a

vulnerable system.

 

I. Description

 

Microsoft has released updates to address vulnerabilities that affect

Microsoft Windows, Internet Explorer, Office, Visual Basic and

Internet Information Services (IIS) as part of the Microsoft Security

Bulletin Summary for February 2008. The most severe vulnerabilities

could allow a remote, unauthenticated attacker to execute arbitrary

code. For more information, see the US-CERT Vulnerability Notes

Database.

 

II. Impact

 

A remote, unauthenticated attacker could execute arbitrary code, gain

elevated privileges, or cause a denial of service.

 

III. Solution

 

Apply updates from Microsoft

 

Microsoft has provided updates for these vulnerabilities in the

February 2008 security bulletins. The security bulletins describe any

known issues related to the updates. Administrators are encouraged to

note these issues and test for any potentially adverse effects.

Administrators should consider using an automated update distribution

system such as Windows Server Update Services (WSUS).

 

IV. References

 

* US-CERT Vulnerability Notes for Microsoft February 2008 updates -

<http://www.kb.cert.org/vuls/byid?searchview&query=ms08-feb>

 

* Microsoft Security Bulletin Summary for February 2008 -

<http://www.microsoft.com/technet/security/bulletin/ms08-feb.mspx>

 

* Microsoft Update - <https://www.update.microsoft.com/microsoftupdate/>

 

* Windows Server Update Services -

<http://www.microsoft.com/windowsserversystem/updateservices/default.mspx>

 

_________________________________________________________________

 

The most recent version of this document can be found at:

 

<http://www.us-cert.gov/cas/techalerts/TA08-043C.html>

_________________________________________________________________

 

Feedback can be directed to US-CERT Technical Staff. Please send

email to <cert@cert.org> with "TA08-043C Feedback VU#104665" in the

subject.

_________________________________________________________________

 

For instructions on subscribing to or unsubscribing from this

mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

_________________________________________________________________

 

Produced 2008 by US-CERT, a government organization.

 

Terms of use:

 

<http://www.us-cert.gov/legal.html>

_________________________________________________________________

 

Revision History

 

February 12, 2008: Initial release

 

 

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.2.1 (GNU/Linux)

 

iQEVAwUBR7IkKvRFkHkM87XOAQIMdgf/Z4QINqEeDeTdbKj9Jn4K+v5WKr+GWL0R

J3C7PfJyQvqnl0ctnqF4DOBvi8xgPXWuhCqh6XEgi7ImkJVxI8HPpy1gj8K9YC5J

ZDidLPOPvo3suzeEw3pNX/9oN9sOSsvCxwkzgq3cw7e3/vh69zLJWEg3Mz5Vc0UC

lU8u4HLMpDFXzn2NA3/YlTDyc45OV3Z5LCA8GHkqIBzZLZUtprIjIeXBOxbY3pqw

Ac9f8FB5c88PHW8+34pXmzt7QXuynW+8yrCuApIc0ZduUpB1+7Pi1aVmDwxxGdSz

GUP3Ue8minBwUIyBn3h1jxUwO7nADPToVVLHj8fwHaFXvoNQha8iKg==

=imPA

-----END PGP SIGNATURE-----

 

-----------------------------------------------

 

The reason for this post is that this exploit has been used in PDF

documents which you might encounter:

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

National Cyber Alert System

 

Technical Cyber Security Alert TA08-043A

 

 

Adobe Reader and Acrobat Vulnerabilities

 

Original release date: February 12, 2008

Last revised: --

Source: US-CERT

 

 

Systems Affected

 

* Adobe Reader version 8.1.1 and earlier

* Adobe Acrobat Professional, 3D, and Standard versions 8.1.1 and

earlier

 

 

Overview

 

Adobe has released Security advisory APSA08-01 to address multiple

vulnerabilities affecting Adobe Reader and Acrobat. The most severe of

these vulnerabilities could allow a remote attacker to execute

arbitrary code.

 

 

I. Description

 

Adobe Security advisory APSA08-01 addresses a number of

vulnerabilities affecting the Adobe Acrobat family of products,

including Adobe Reader. Acrobat versions 8.1.1 and earlier are

affected. Further details are available in the US-CERT Vulnerability

Notes Database.

 

An attacker could exploit these vulnerabilities by convincing a user

to load a specially crafted Adobe Portable Document Format (PDF) file.

Acrobat integrates with popular web browsers, and visiting a web site

is usually sufficient to cause Acrobat to load PDF content.

 

At least one of these vulnerabilities is being actively exploited. The

SANS Internet Storm Center Handler's Diary contains more information.

 

 

II. Impact

 

The impacts of these vulnerabilities vary. The most severe of these

vulnerabilities allows a remote attacker to execute arbitrary code.

 

 

III. Solution

 

Upgrade

 

Upgrade Adobe Reader or Acrobat to version 8.1.2 according to the

information in Adobe Security advisory APSA08-01.

 

 

Disable web browser display for PDF documents

 

Preventing PDF documents from opening inside a web browser may

mitigate this vulnerability. Applying the following workaround in

conjunction with upgrading may prevent similar vulnerabilities from

being automatically exploited.

 

To prevent PDF documents from automatically being opened in a web

browser with Acrobat or Reader:

1. Open Adobe Acrobat or Adobe Reader.

2. Open the Edit menu.

3. Choose the Preferences option.

4. Choose the Internet section.

5. De-select the "Display PDF in browser" check box.

 

 

Disable automatic opening of PDF documents in Microsoft Internet Explorer

 

To disable automatic opening of PDF files in Microsoft Internet

Explorer (IE), a second step is required. To configure IE to prompt

before opening a PDF file, disable the "Display PDF in browser"

feature (as described above) and then make the following changes to

the Windows registry:

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\AcroExch.Document.7]

"EditFlags"=hex:00,00,00,00

 

 

Disable JavaScript in Adobe Reader and Acrobat

 

Disabling JavaScript in Adobe Reader and Acrobat may prevent this

vulnerability from being exploited. In Acrobat Reader, JavaScript can

be disabled in the General preferences dialog (Edit --> Preferences

--> JavaScript, de-select Enable Acrobat JavaScript).

 

 

IV. References

 

* US-CERT Vulnerability Notes for Adobe Security advisory APSA08-01

- <http://www.kb.cert.org/vuls/byid?searchview&query=APSA08-01>

 

* Securing Your Web Browser -

<http://www.us-cert.gov/reading_room/securing_browser/>

 

* Adobe Security Advisory APSA08-01 -

<http://www.adobe.com/support/security/advisories/apsa08-01.html>

 

* Adobe Reader 8.1.2 Release Notes -

<http://www.adobe.com/go/kb403079>

 

* SANS Internet Storm Center Handler's Diary -

<http://isc.sans.org/diary.html?storyid=3958>

 

* Configuring Windows Explorer - Registry EditFlags -

<http://mc-computing.com/WinExplorer/WinExplorerEditFlags.htm>

 

* Internet Explorer Opens .exe Files Instead of Downloading Them -

<http://support.microsoft.com/kb/140991>

 

* Office Documents opening in IE -

<http://blogs.msdn.com/omars/archive/2004/04/29/123181.aspx>

 

____________________________________________________________________

 

The most recent version of this document can be found at:

 

<http://www.us-cert.gov/cas/techalerts/TA08-043A.html>

____________________________________________________________________

 

Feedback can be directed to US-CERT Technical Staff. Please send

email to <cert@cert.org> with "TA08-043A Feedback VU#666281" in the

subject.

____________________________________________________________________

 

For instructions on subscribing to or unsubscribing from this

mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

____________________________________________________________________

 

Produced 2008 by US-CERT, a government organization.

 

Terms of use:

 

<http://www.us-cert.gov/legal.html>

____________________________________________________________________

 

 

Revision History

 

February 12, 2008: Initial release

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.2.1 (GNU/Linux)

 

iQEVAwUBR7GpKvRFkHkM87XOAQLYfwf9EXuDalc6LTL67Y8B10IOYyOokKTVoU6S

KELfTOOutRM4mZB0RFaqR1baphSya2T4mt6Zt+52pJzVga2bKkifvHIgY4kQ0sgA

2Le9xiBd+9ZQGglcEVn0QlUl9FazFp5bQNC3gRtobxCAKz0ERUy9hznjk6mFqcJG

xYvVuYf3NauoaLGFBqg59XFpXyjLzN67vNKqsOE8FXX9eOjzqEGS78FTi3BM2/fW

JZeLe8zqn4WAOqCgqvUwotqi1rFvD97xwkh6w890Mspgku0nbCV3ZptLTHRSwLg4

5SIApXzuxRx2OntUyCMYYuhNnODlAGlT2RfO6Wtkes1E+8c1cscaag==

=zk0E

-----END PGP SIGNATURE-----

 

--

 

MEB

http://peoplescounsel.orgfree.com

_________

  • 4 weeks later...
  • Replies 1
  • Created
  • Last Reply

Popular Days

Popular Days

Guest MEB

Guest MEB

Posted
Posted

Re: US CERTS Combined - Sun JAVA

 

Re: US CERTS Combined - Sun JAVA

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

National Cyber Alert System

 

Technical Cyber Security Alert TA08-066A

 

 

Sun Updates for Multiple Vulnerabilities in Java

 

Original release date: March 6, 2008

Last revised: --

Source: US-CERT

 

 

Systems Affected

 

Sun Java Runtime Environment versions

* JDK and JRE 6 Update 4 and earlier

* JDK and JRE 5.0 Update 14 and earlier

* SDK and JRE 1.4.2_16 and earlier

* SDK and JRE 1.3.1_21 and earlier

 

 

Overview

 

Sun has released alerts to address multiple vulnerabilities affecting

the Sun Java Runtime Environment. The most severe of these

vulnerabilities could allow a remote attacker to execute arbitrary

code.

 

 

I. Description

 

The Sun Java Runtime Environment (JRE) allows users to run Java

applications in a browser or as standalone programs. Sun has released

updates to the Java Runtime Environment software to address multiple

vulnerabilities. Further details about these vulnerabilities are

available in the US-CERT Vulnerability Notes Database.

 

Sun released the following alerts to address these issues:

* 233321 Two Security Vulnerabilities in the Java Runtime

Environment Virtual Machine

 

* 233322 Security Vulnerability in the Java Runtime Environment With

the Processing of XSLT Transformations

 

* 233323 Multiple Security Vulnerabilities in Java Web Start May

Allow an Untrusted Application to Elevate Privileges

 

* 233324 A Security Vulnerability in the Java Plug-in May Allow an

Untrusted Applet to Elevate Privileges

 

* 233325 Vulnerabilties in the Java Runtime Environment image

Parsing Library

 

* 233326 Security Vulnerability in the Java Runtime Environment May

Allow Untrusted JavaScript Code to Elevate Privileges Through Java

APIs

 

* 233327 Buffer Overflow Vulnerability in Java Web Start May Allow

an Untrusted Application to Elevate its Privileges

 

 

II. Impact

 

The impacts of these vulnerabilities vary. The most severe of these

vulnerabilities allows a remote attacker to execute arbitrary code.

 

 

III. Solution

 

Apply an update from Sun

 

These issues are addressed in the following versions of the Sun Java

Runtime environment:

* JDK and JRE 6 Update 5 or later

* JDK and JRE 5.0 Update 15 or later

* SDK and JRE 1.4.2_17 or later

* SDK and JRE 1.3.1_21 and earlier

 

If you install the latest version of Java, older versions of Java may

remain installed on your computer. If these versions of Java are not

needed, you may wish to remove them. For instructions on how to remove

older versions of Java, refer to the following instructions from Sun.

 

Disable Java

 

Disable Java in your web browser, as specified in the Securing Your

Web Browser document. While this does not fix the underlying

vulnerabilities, it does block a common attack vector.

 

 

IV. References

 

* US-CERT Vulnerability Notes for Sun Alerts -

<http://www.kb.cert.org/vuls/byid?searchview&query=SUNJAVA_020608>

 

* Securing Your Web Browser -

<http://www.us-cert.gov/reading_room/securing_browser/>

 

* Sun Alert 233321 -

<http://sunsolve.sun.com/search/document.do?assetkey=1-66-233321-1>

 

* Sun Alert 233322 -

<http://sunsolve.sun.com/search/document.do?assetkey=1-66-233322-1>

 

* Sun Alert 233323 -

<http://sunsolve.sun.com/search/document.do?assetkey=1-66-233323-1>

 

* Sun Alert 233324 -

<http://sunsolve.sun.com/search/document.do?assetkey=1-66-233324-1>

 

* Sun Alert 233325 -

<http://sunsolve.sun.com/search/document.do?assetkey=1-66-233325-1>

 

* Sun Alert 233326 -

<http://sunsolve.sun.com/search/document.do?assetkey=1-66-233326-1>

 

* Sun Alert 233327 -

<http://sunsolve.sun.com/search/document.do?assetkey=1-66-233327-1>

 

* Java SE Technologies at a Glance -

<http://java.sun.com/javase/technologies/>

 

* Java SE Security -

<http://java.sun.com/javase/technologies/security/index.jsp>

 

* Can I remove older versions of the JRE after installing a newer

version? - <http://www.java.com/en/download/faq/5000070400.xml>

____________________________________________________________________

 

The most recent version of this document can be found at:

 

<http://www.us-cert.gov/cas/techalerts/TA08-066A.html>

____________________________________________________________________

 

Feedback can be directed to US-CERT Technical Staff. Please send

email to <cert@cert.org> with "TA08-066A Feedback VU#223028" in the

subject.

____________________________________________________________________

 

For instructions on subscribing to or unsubscribing from this

mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

____________________________________________________________________

 

Produced 2008 by US-CERT, a government organization.

 

Terms of use:

 

<http://www.us-cert.gov/legal.html>

____________________________________________________________________

 

 

Revision History

 

March 6, 2008: Initial release

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.2.1 (GNU/Linux)

 

iQEVAwUBR9BZrfRFkHkM87XOAQLTzQgAnYzrhCIWEuWRlfH8tVWZl159MZ+vEX5Z

TYwjqClljWyy8edzxNWRUV0pqHVe799hJtRA1luKgTEOWqOtXLrw6/AGdpIf+3CB

ikiAEQR4Cirvt5lHRrlZjMG7eBPZwGQtFgHxzVrEE2lwDl5UDGejMDz+rTwJCm7/

HWBkktM7suHWpZu9jKFpfnizFTbzRSXw/CcALe/FwFxjND3hBjnDWv2Gu7bmMaEA

7a/Q8IJ8mNiU6ZIYdriQEVZHZs6IHtzyw39Qh9NpL+NAGuBxna4MXAOtqoIR1Rvt

FyzZUfjMvEBSKHvA6VWrWmt/JlaSlcVUZB7jRIyInYTvbYPwAnylXg==

=U6aE

-----END PGP SIGNATURE-----

 

--

 

MEB

http://peoplescounsel.orgfree.com

_________

 Share
Go to topic listing
×
×
  • Create New...