Secure IT Alert: XSS Vulnerabilities in Microsoft SharePoint Server Web Security Feature

Secure IT Alert Header

Homeland Secure IT Alert

Homeland Secure IT Alert for Thursday, October 14, 2010

It seems like only yesterday I was telling our friends and clients about security issues that were announced this week. Believe me, this isn’t Deja Vu all over again…  It’s just another day in the life of a system administrator….

If you are running Microsoft SharePoint, especially if it has been made available to the outside world via HTTP or HTTPS (not just internally to your users), then this update affects you and the patch should be applied immediately. It also affects Microsoft Groove Server 2010 and Microsoft Office Web Apps.

I have included the security bulletin from Watchguard below which better outlines this vulnerability.

As always, should you require additional assistance or have questions, please email info@homelandsecureit.com or call 864.990.4748. We offer complete computer / network service, support & consultation in the Greenville / Upstate SC area, and national sales of Watchguard Security Products.

XSS Vulnerabilities in SharePoint Server Web Security Feature

Severity: Medium
12 October , 2010

Summary:
This vulnerability affects: The SharePoint family of products and Office Web Apps

How an attacker exploits it: By sending specially crafted HTTP requests, or enticing users into clicking malicious links

Impact: An attacker can execute scripts on your web site with another user’s privileges

What to do: Install Microsoft’s various server updates as soon as possible, or let Windows Update do it for you

Exposure:
Microsoft SharePoint is a family of products (including Groove Server) that offers web-based collaboration, file sharing, and web publishing. Office Web Apps are free, web-based versions of Microsoft Office productivity suite.

In a security bulletin released as part of Patch Day, Microsoft describes two Cross-Site Scripting (XSS) vulnerabilities that affect the SharePoint family of products, and Office Web Apps. Ironically, the XSS vulnerabilities lie within a component called SafeHTML, which is supposed to improve web security by sanitizing HTML from malicious scripts. Though the two XSS vulnerabilities differ technically, they share the same scope and impact. By sending specially crafted HTTP requests to a server with SafeHTML enabled, or by enticing a victim into clicking a link that generates such a request, an attacker can exploit either of these XSS flaws to execute script on your server on behalf of another user. Attackers can leverage these sorts of XSS flaws to read or steal your users’ cookie files, potentially hijack their web sessions, or, in some cases, even execute code on those users’ computers with an increased level of trust.

If you use the SharePoint family of products, you should download, and install the appropriate updates as soon as possible.

Solution Path:
Microsoft has released updates to fix these vulnerabilities. SharePoint product administrators should download, test and deploy the corresponding updates as soon as possible, or let Windows Update do it for you:

SharePoint Services 3.0 w/SP2 (KB2345304)
SharePoint Services 3.0 w/SP2 64-bit (KB2345304)
SharePoint Foundation 2010 (KB2345322)
SharePoint Server 2007 w/SP2 (KB2345212)
SharePoint Server 2007 w/SP2 64-bit (KB2345212)
Groove Server 2010 (KB2346298)
Office Web Apps (KB2346411)

For All WatchGuard Users:
Most people do not allow Internet-based users to access their SharePoint servers. Unless you’ve created an HTTP or HTTPS policy allowing external users to access your SharePoint server, your Firebox or XTM appliance will prevent Internet-based attackers from leveraging these flaws. That said, your server are still at risk of internal attack. Therefore, the patches above are your best solution.

Status:
Microsoft has released updates to correct these vulnerabilities.

References:
Microsoft Security Bulletin MS10-72
This alert was researched and written by Corey Nachreiner, CISSP.

Homeland Secure IT Alert Footer

Homeland Secure IT Alert

SECURE IT ALERT: A plethora of Microsoft Windows, Office and IE updates are available

Secure IT Alert Header

Homeland Secure IT Alert

Homeland Secure IT Alert for Tuesday October 12, 2010

 

Well folks, we have a boat load of updates this go ’round….

These updates affect Microsoft Office on both MIcrosoft Windows and Microsoft Macintosh operating systems. Then of course there are updates to the Microsoft Windows Operating System itself, and Microsoft Internet Explorer.

The Reader’s Digest version(tm) goes like this – Update your systems and your applications. Failure to do so can result in your system being exploited by “bad guys”.

How this takes place: You or a user on your network is enticed into visiting a malicious website, opening a malious email, etc, and your system becomes compromised, in spite of having quality anti-virus, such as Symantec, Trend, etc. These are flaws in the applications and operating system that MUST be patched in order to afford you the most protection.

If you have issues applying these updates, or have questions, please email info@homelandsecureit.com or call 864.990.4748. We provide computer and network service, support and consultation in the Greenville and Upstate SC area.

If you would like additional information about the updates, please read below at the included email announcements from Watchguard. (We also offer sales, support and consultation for Watchguard).
***

More Security Vulnerabilities Affect Word and Excel
Severity: High
12 October, 2010

Summary:
These vulnerabilities affect: All current versions of Microsoft Office for Windows and Mac (specifically Word and Excel)
How an attacker exploits them: Typically, by enticing you to open maliciously crafted Office documents
Impact: An attacker can execute code, potentially gaining complete control of your computer
What to do: Install the appropriate Office patches immediately, or let Windows Update do it for you.
Exposure:
Today, Microsoft released two security bulletins describing 24 vulnerabilities found in components or programs that ship with Microsoft Office for Windows and Mac — more specifically, Word and Excel. Some of the vulnerabilities also affect the viewers, Office Compatibility Packs, and File Format Converters that ship with each program. Each vulnerability affects different versions of Office to a different extent.

The 24 flaws may affect different components and applications within Office, but the end result is always the same. By enticing one of your users into downloading and opening a maliciously crafted Office document, an attacker can exploit any of these vulnerabilities to execute code on a victim’s computer, usually inheriting that user’s level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user’s machine.

According to Microsoft’s bulletins, an attacker can exploit these flaws using two types of Office documents: Word (.doc) and Excel (.xls). So beware of all unexpected documents you receive with these file extensions.

If you’d like to learn more about each individual flaw, drill into the “Vulnerability Details” section of the security bulletins listed below:

MS10-079: Multiple Word Code Execution Vulnerabilities, rated Important
MS10-080: Multiple Excel Code Execution Vulnerabilities, rated Important
Solution Path
Microsoft has released patches for Office to correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.

Word update for:

Office XP w/SP3
Office 2003 w/SP3
2007 Microsoft Office System w/SP2
Office 2010
Office 2010 64-bit

Office 2004 for Mac
Office 2008 for Mac
Open XML File Format Converter for Mac
Microsoft Office Word Viewer
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
Microsoft Office Web App
Microsoft Word Web App

Excel update for:

Office XP w/SP3
Office 2003 w/SP3
2007 Microsoft Office System w/SP2

Office 2004 for Mac
Office 2008 for Mac
Open XML File Format Converter for Mac
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
For All WatchGuard Users:
While you can configure certain WatchGuard Firebox models to block Word and Excel documents, some organizations need to allow them in order to conduct business. Therefore, these patches are your best recourse. Temporarily though, you may still want to block these Office documents until you are able to install Microsoft’s patches.

If you want to block Word, Excel, and Works documents, follow the links below for video instructions on using your Firebox proxy’s content blocking features to block .doc and .xls files by their file extensions:

Firebox X Edge running 10.x
How do I block files with the FTP proxy?
How do I block files with the HTTP proxy?
How do I block files with the POP3 proxy?
How do I block files with the SMTP proxy
Firebox X Core and X Peak running Fireware 10.x
How do I block files with the FTP proxy?
How do I block files with the HTTP proxy?
How do I block files with the POP3 proxy?
How do I block files with the SMTP proxy?
Status:
Microsoft has released Office updates to fix these vulnerabilities.

References:
MS Security Bulletin MS10-079
MS Security Bulletin MS10-080
This alert was researched and written by Corey Nachreiner, CISSP.

A Dozen Windows Updates Plug 15 Security Holes

Bulletins Affect Media Player, .NET Framework, Kernel-Mode Drivers, and More
Severity: High
12 October, 2010

Summary:
These vulnerabilities affect: All current versions of Windows and components that ship with it (also the .NET Framework)
How an attacker exploits them: Multiple vectors of attack, including sending specially crafted network packets, or enticing your users to websites containing malicious media
Impact: Various results; in the worst case, an attacker can gain complete control of your Windows computer
What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you.
Exposure:
Today, Microsoft released a dozen security bulletins describing 15 vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity.

MS10-075: Media Player Network Sharing Code Execution Vulnerability
Windows Media Player (WMP) is the popular multimedia playback application that ships with Windows. By default, many Windows computers start the Media Player Network Sharing Service, which allows other computers on your network to share media from your computer. However, Windows Vista and 7 do not start this service by default.

According to Microsoft, the Media Player Network Sharing Service that ships with Windows Vista and 7 suffers from a security vulnerability involving the way it handles Real Time Streaming Protocol (RTSP) packets. By sending a specially crafted RTSP packet to a computer with the Network Sharing Service, an attacker can exploit this vulnerability to execute code on that computer under the context of the Network Services account. Though the Network Services account has limited privileges, the attacker could then leverage other vulnerabilities described in this alert to gain complete control of that computer. Typically, Windows only allows computers within your local network to access the Media Player Network Sharing Service, which tends to limit this to an internal threat. Furthermore, Neither Vista nor Windows 7 starts this service by default, which further mitigates this attack.
Microsoft rating: Critical

MS10-076: OpenType Font Engine Integer Overflow Vulnerability
Windows ships with an OpenType Font Engine to handle documents, emails, and web pages that contain OpenType fonts. The OpenType Font Engine suffers from an integer overflow vulnerability that has to do with how it handles certain tables within content that contains OpenType fonts. By luring one of your users into visiting a web page, or opening content that contains maliciously crafted OpenType fonts, an attacker could leverage this flaw to gain complete control of that user’s computer.
Microsoft rating: Critical

MS10-077: Code Execution Vulnerability in .NET Framework 4.0
Microsoft’s .NET Framework is an optional Windows component used to help developers create rich web applications, as well as to display said web content. Windows doesn’t ship with it by default, but many users install it. The 64-bit version of the .NET Framework 4.0 suffers from a code execution vulnerability that has to do with how one of it’s compilers optimizes code incorrectly. By enticing one of your users to a website containing a specially crafted web application, or into running a malicious .NET application, an attacker can exploit this flaw to execute code on that user’s computer, with that user’s privileges. As usual, attackers could gain complete control of the computer if the user has local administrative privileges.
Microsoft rating: Critical

MS10-073 Windows Kernel-Mode Drivers Elevation of Privilege Vulnerabilities
The kernel is the core component of any computer operating system. Windows also ships with a kernel-mode device driver (win32k.sys) which handles many kernel-level devices. This kernel-mode driver suffers from multiple elevation of privilege vulnerabilities. Though these flaws differ technically, they share the same scope and impact. By running a specially crafted program, a local attacker could leverage these flaws to gain complete control of your Windows computers. However, the attacker would first need to gain local access to your Windows computers using valid credentials. This factor significantly reduces the risk of these flaws. That said, despite the lower severity of these flaws, attackers have exploited one of them in the wild — specifically, within the Stuxnet worm, which has received significant media attention.
Microsoft rating: Important

MS10-078: OpenType Font Format Driver Elevation of Privilege Vulnerability
The OpenType Font format driver is another component Windows uses to handle OpenType fonts. The OpenType Font format driver suffers from two elevation of privilege vulnerabilities involving its inability to handle specially crafted OpenType fonts. These flaws are similar in concept to the OpenType Engine flaw described above, except that an attacker needs to locally log into a vulnerable Windows machine, and execute a specially crafted program in order to exploit these flaws. Assuming the attacker can gain access to one of your Windows computers, his malicious program could then leverage either of these flaws to gain complete control of that computer. Granted, these vulnerabilities only affect XP and Server 2003.
Microsoft rating: Important

MS10-081: Common Control Library Buffer Overflow Vulnerability

Windows ships with a library of functions called the Common Control Library (Comctl32.dll), which helps it create the interactive windows it’s know for. This Common Control Library suffers from a heap buffer overflow vulnerability having to do with how it handles Scalable Vector Graphics (SVG) passed to it from 3rd party applications. By enticing your user to a website containing specially crafted code, an attacker could exploit this flaw to execute code on that user’s computer, with that user’s privileges. As usual, attackers could gain complete control of the computer if the user has local administrative privileges.
Microsoft rating: Important

MS10-082 Media Player Code Execution Vulnerability
As mentioned earlier, Windows Media Player (WMP) is the popular multimedia playback application that ships with Windows. Windows Media Player suffers from a second code execution vulnerability that has to do with how it handles web-based media. By enticing one of your users to a website containing specially crafted media, an attacker could gain complete control of that user’s computer. However, the user would have to click through at least one pop-up dialog from the website in order for this attack to succeed. This significantly reduces this flaws’ severity (compared to the first Media Player flaw, which requires no user interaction at all).
Microsoft rating: Important

MS10-083: WordPad and Windows Shell COM Object Code Execution Vulnerability
WordPad is a very basic word processing program and text editor that ships with Windows, and the Windows Shell is the primary GUI component for Windows. Both of these Windows components suffer from a flaw having to do with how they handle COM objects. Without going into technically detail, if an attacker can either entice you to a specially crafted web page, trick you into opening a malicious document with WordPad, or lure you into interacting with a malicious shortcut, he could leverage this flaw to execute code on your computer with your privileges. If you are a local administrator, the attack would gain total control of your computers.
Microsoft rating: Important

MS10-084: LPC Buffer Overflow Vulnerability

Remote Procedure Call (RPC) is a protocol Microsoft Windows uses to allow one computer on a network to execute a task on another computer and then receive the results of that task. Windows RPC also includes a Local Procedure Call (LPC) component, which Windows uses to exchange messages between local processes and threads.The Windows LPC component suffers from a buffer overflow vulnerability involving its inability to handle specially crafted LPC requests. By running a specially crafted program, a local attacker could leverage this flaw to execute code under the context of the Network Services account. Though the Network Services account has limited privileges, the attacker could then leverage other vulnerabilities described in this alert to gain complete control of that computer. However, by their very nature, LPC calls are only sent locally. That means the attacker would first need to gain local access to your Windows computers using valid credentials. This factor significantly reduces the risk of this flaw. Furthermore, this flaw only affects XP and Server 2003.
Microsoft rating: Important

MS10-085: SChannel DoS Vulnerability

The Secure Channel (SChannel) is a Windows security package that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) authentication protocols. According to today’s bulletin, SChannel suffers from a Denial of Service (DoS) vulnerability involving the way it handles specially crafted SSL/TLS handshake requests. By sending an SSL-enabled web server specially crafted requests, an attacker could leverage this flaw to cause your server to stop responding. You’d have to reboot the server to resume service. However, this flaw obviously only affects servers accepting incoming SSL connection — typically IIS web servers with secure pages. Unless you have such servers, and you have allowed the SSL connections through your firewall, you are not vulnerable to this attack.
Microsoft rating: Important

MS10-074: Microsoft Foundation Class Code Execution Vulnerability

Windows ships with a library of functions called the Foundation Class Library, which developers can use to write programs implementing many of Windows’ basic OS and GUI functions. In short, the Foundation Class Library suffers from a vulnerability that has to do with how it handles window titles. If your computer has a 3rd party application that was created using the Foundation Class Library, and that application allows some way for user input to change a windows title, and an external attacker can somehow manipulate the input in a way to change the windows title, he could exploit this flaw to execute code on your computer, with your privileges. As you can tell, that is a lot of “ifs.” Microsoft has established that none of their software is vulnerable to this flaw. So you are only affected by it if you have installed some 3rd party application that was coded in a very specific way. This flaw poses a very low risk.
Microsoft rating: Moderate

MS10-086: Shared Cluster Disk Tampering Vulnerability

Microsoft Cluster Server (MSCS) is a Windows component that allows you to cluster servers and disks. MSCS incorrectly sets permissions when adding news disks to a disk cluster. As a result, an internal attacker that can remotely access the file system of a cluster disk administrative share will have full control of that share, regardless of his privilege. However, usually only users on the local network will have access to disk shares. The flaw only affects Windows Server 2008 R2.
Microsoft rating: Moderate

Solution Path:
Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you.

MS10-075:

For Windows Vista (w/SP1 or SP2)
For Windows Vista x64 (w/SP1 or SP2)
For Windows 7
For Windows 7 x64
Note: Other versions of Windows are not affected by this vulnerability.

MS10-076:

For Windows XP (w/SP3)
For Windows XP x64 (w/SP2)
For Windows Server 2003 (w/SP2)
For Windows Server 2003 x64 (w/SP2)
For Windows Server 2003 Itanium (w/SP2)
For Windows Vista (w/SP1 or SP2)
For Windows Vista x64 (w/SP1 or SP2)
For Windows Server 2008 (w/SP2) *
For Windows Server 2008 x64 (w/SP2) *
For Windows Server 2008 Itanium (w/SP2)
For Windows 7
For Windows 7 x64
For Windows Server 2008 R2 x64 *

For Windows Server 2008 R2 Itanium

* Note: Server Core installations not affected.

MS10-077:

Microsoft .NET Framework 4.0 Update for all 64-bit versions of Windows.
MS10-073:

For Windows XP (w/SP3)
For Windows XP x64 (w/SP2)
For Windows Server 2003 (w/SP2)
For Windows Server 2003 x64 (w/SP2)
For Windows Server 2003 Itanium (w/SP2)
For Windows Vista (w/SP1 or SP2)
For Windows Vista x64 (w/SP1 or SP2)
For Windows Server 2008 (w/SP2)

For Windows Server 2008 x64 (w/SP2)

For Windows Server 2008 Itanium (w/SP2)
For Windows 7
For Windows 7 x64
For Windows Server 2008 R2 x64
For Windows Server 2008 R2 Itanium
MS10-078:

For Windows XP (w/SP3)
For Windows XP x64 (w/SP2)
For Windows Server 2003 (w/SP2)
For Windows Server 2003 x64 (w/SP2)
For Windows Server 2003 Itanium (w/SP2)
Note: Other versions of Windows are not affected.
MS10-081:

For Windows XP (w/SP3)
For Windows XP x64 (w/SP2)
For Windows Server 2003 (w/SP2)
For Windows Server 2003 x64 (w/SP2)
For Windows Server 2003 Itanium (w/SP2)
For Windows Vista (w/SP1 or SP2)
For Windows Vista x64 (w/SP1 or SP2)
For Windows Server 2008 (w/SP2) *
For Windows Server 2008 x64 (w/SP2) *
For Windows Server 2008 Itanium (w/SP2)
For Windows 7
For Windows 7 x64
For Windows Server 2008 R2 x64 *

For Windows Server 2008 R2 Itanium

* Note: Server Core installations not affected.

MS10-082:

All versions of Windows Media Player for:

For Windows XP (w/SP3)
For Windows XP x64 (w/SP2)
For Windows Server 2003 (w/SP2)
For Windows Server 2003 x64 (w/SP2)
For Windows Vista (w/SP1 or SP2)
For Windows Vista x64 (w/SP1 or SP2)
For Windows Server 2008 (w/SP2) *
For Windows Server 2008 x64 (w/SP2) *
For Windows 7
For Windows 7 x64
For Windows Server 2008 R2 x64 *

* Note: Server Core installations not affected.
MS10-083:

Updates for WordPad:

For Windows XP (w/SP3)
For Windows XP x64 (w/SP2)
For Windows Server 2003 (w/SP2)
For Windows Server 2003 x64 (w/SP2)
For Windows Server 2003 Itanium (w/SP2)
For Windows Vista (w/SP1 or SP2)
For Windows Vista x64 (w/SP1 or SP2)
For Windows Server 2008 (w/SP2) *
For Windows Server 2008 x64 (w/SP2) *
For Windows Server 2008 Itanium (w/SP2)
For Windows 7
For Windows 7 x64
For Windows Server 2008 R2 x64 *

For Windows Server 2008 R2 Itanium
Updates for Windows Shell:

For Windows Vista (w/SP1 or SP2)
For Windows Vista x64 (w/SP1 or SP2)
For Windows Server 2008 (w/SP2) *
For Windows Server 2008 x64 (w/SP2) *
For Windows Server 2008 Itanium (w/SP2)
For Windows 7
For Windows 7 x64
For Windows Server 2008 R2 x64 *

For Windows Server 2008 R2 Itanium
* Note: Server Core installations not affected.
MS10-084:

For Windows XP (w/SP3)
For Windows XP x64 (w/SP2)
For Windows Server 2003 (w/SP2)
For Windows Server 2003 x64 (w/SP2)
For Windows Server 2003 Itanium (w/SP2)
Note: Other versions of Windows are not affected.
MS10-085:

For Windows Vista (w/SP1 or SP2)
For Windows Vista x64 (w/SP1 or SP2)
For Windows Server 2008 (w/SP2)
For Windows Server 2008 x64 (w/SP2)
For Windows Server 2008 Itanium (w/SP2)
For Windows 7
For Windows 7 x64
For Windows Server 2008 R2 x64
For Windows Server 2008 R2 Itanium
Note: Other versions of Windows are not affected.

MS10-074:

For Windows XP (w/SP3)
For Windows XP x64 (w/SP2)
For Windows Server 2003 (w/SP2)
For Windows Server 2003 x64 (w/SP2)
For Windows Server 2003 Itanium (w/SP2)
For Windows Vista (w/SP1 or SP2)
For Windows Vista x64 (w/SP1 or SP2)
For Windows Server 2008 (w/SP2) *
For Windows Server 2008 x64 (w/SP2) *
For Windows Server 2008 Itanium (w/SP2)
For Windows 7
For Windows 7 x64
For Windows Server 2008 R2 x64 *

For Windows Server 2008 R2 Itanium

* Note: Server Core installations not affected.

MS10-086:

For Windows Server 2008 R2 x64
For Windows Server 2008 R2 Itanium
Note: Other versions of Windows are not affected.

For All WatchGuard Users:
Attackers can exploit these flaws using diverse exploitation methods. A properly configured firewall can mitigate the risk of some of these issues (the ones that rely on access to local resources). That said, the Firebox cannot protect you from local attacks, nor can it prevent attacks that leverage normal HTTP traffic. Therefore, installing Microsoft’s updates is your most secure course of action.

Status:
Microsoft has released patches correcting these issues.

References:
Microsoft Security Bulletin MS10-073
Microsoft Security Bulletin MS10-074
Microsoft Security Bulletin MS10-075
Microsoft Security Bulletin MS10-076
Microsoft Security Bulletin MS10-077
Microsoft Security Bulletin MS10-078
Microsoft Security Bulletin MS10-081
Microsoft Security Bulletin MS10-082
Microsoft Security Bulletin MS10-083
Microsoft Security Bulletin MS10-084
Microsoft Security Bulletin MS10-085
Microsoft Security Bulletin MS10-086
This alert was researched and written by Corey Nachreiner, CISSP.

Cumulative IE Patch Fixes Ten New Security Flaws

Severity: High
12 October, 2010

Summary: This vulnerability affects: All current versions of Internet Explorer, running on all current versions of Windows How an attacker exploits it: Usually, by enticing one of your users to visit a malicious web page
Impact: Various, in the worst case an attacker can execute code on your user’s computer, potentially gaining complete control of it What to do: Deploy the appropriate Internet Explorer patches immediately, or let Windows Automatic Update do it for you Exposure: In a security bulletin released today as part of Patch Day, Microsoft describes ten new vulnerabilities in Internet Explorer (IE) 8.0 and earlier versions, running on all current versions of Windows (including Windows 7 and Windows Server 2008). Microsoft rates the aggregate severity of these new flaws as Critical.

The ten vulnerabilities differ technically, but four of the most serious ones share the same general scope and impact. These four issues involve various memory corruption flaws having to do with how IE handles certain HTML elements and objects. If an attacker can lure one of your users to a web page containing malicious web code, he could exploit any one of these four vulnerabilities to execute code on that user’s computer, inheriting that user’s privileges. Typically, Windows users have local administrative privileges. In that case, the attacker could exploit these flaws to gain complete control of the victim’s computer.

The remaining vulnerabilities consists of Cross-Site or Cross-Domain Scripting (XSS) flaws and some Information Disclosure issues.

Keep in mind, today’s attackers often hijack legitimate web pages and booby-trap them with malicious code. Typically, they do this via hosted web ads or through SQL injection and XSS attacks. Even recognizable and authentic websites could pose a risk to your users if hijacked in this way.

If you’d like to know more about the technical differences between these flaws, see the “Vulnerability Information” section of Microsoft’s bulletin. Technical differences aside, the memory corruption flaws in IE pose significant risk. You should download and install the IE cumulative patch immediately.

Solution Path:
These patches fix serious issues. You should download, test, and deploy the appropriate IE patches immediately, or let Windows Automatic Update do it for you. By the way, Microsoft no longer supports Windows 2000 and IE 5.x. If you still run a legacy version of IE or Windows, we highly recommend you update in order to get the latest security updates.

Internet Explorer 6.0
For Windows XP (w/SP3)
For Windows XP x64 (w/SP2)
For Windows Server 2003 (w/SP2)
For Windows Server 2003 x64 (w/SP2)
For Windows Server 2003 Itanium (w/SP2)
Internet Explorer 7.0
For Windows XP (w/SP3)
For Windows XP x64 (w/SP2)
For Windows Server 2003 (w/SP2)
For Windows Server 2003 x64 (w/SP2)
For Windows Server 2003 Itanium (w/SP2)
For Windows Vista (w/SP1 or SP2)
For Windows Vista x64 (w/SP1 or SP2)
For Windows Server 2008 (w/SP2) *
For Windows Server 2008 x64 (w/SP2) *
For Windows Server 2008 Itanium (w/SP2)
Internet Explorer 8.0
For Windows XP (w/SP3)
For Windows XP x64 (w/SP2)
For Windows Server 2003 (w/SP2)
For Windows Server 2003 x64 (w/SP2)
For Windows Vista (w/SP1 or SP2)
For Windows Vista x64 (w/SP1 or SP2)
For Windows Server 2008 (w/SP2) *
For Windows Server 2008 x64 (w/SP2) *
For Windows 7
For Windows 7 x64
For Windows Server 2008
For Windows Server 2008 x64

  • Note: These flaws do not affect Windows Server 2008 administrators who installed using the Server Core installation option.

For All WatchGuard Users:
These attacks travel as normal-looking HTTP traffic, which you must allow if your network users need to access the World Wide Web. Therefore, the patches above are your best solution.

Status:
Microsoft has released patches to fix these vulnerabilities.

References:
MS Security Bulletin MS10-071
This alert was researched and written by Corey Nachreiner, CISSP.
***
 

Homeland Secure IT Alert Footer

Homeland Secure IT Alert

3

Listen to your Asterisk / TrixBox Voice Mail WAV Email Attachments on Android Phones

Are you using an Asterisk based VoIP system and have your voice mails sent to you via email? If you are using an Android based phone, you may not be able to open these attachments within email and play them.

Several forums discuss workarounds that should get you going, such as having the VoIP system convert the audio file to MP3 format, but there is an easier way than that.

We found a great Android app in the Market Place that handles this perfectly! For the price of only 99 cents, you can open your emails, and if they contain WAV file attachments, play them, instead of possibly saving them, then using another media player to listen.

There are probably free apps that will do the same thing, however, this one tested well and performs as expected, so I will recommend it to you.

Search the Android Market Place for “WavPlayer”, it is by Dennis Lockshine.

Once installed, open an email with a voice mail (WAV) attachment and you can then PLAY. When prompted, select the WAV Player app…

If you are using another app, maybe a free one, or a more full featured one, I would love to hear from you… If you are in the Greenville / Upstate SC area and need help with this app or your VoIP system, please call us at 864.990.4748 or email info@homelandsecureit.com

48

IP Cam Viewer by Robert Chou is the best surveillance camera viewer for Android!

Since we have cameras at our offices and homes, it was only natural to want to see them on our new Android phones (Samsung Epic 4g).

IP Cam Viewer

IP Cam Viewer by Robert Chou for Android

We downloaded every app we could find in the marketplace and tried each of them out. Without a doubt, the best remote camera viewer was “IP Cam Viewer” by Robert Chou.

This app is only $10.00 to purchase, and free to use if you only have 4 cameras. The registered version will view all of our cameras at all locations as the app supports up to 32 cameras.

Will it work with your system? Chances are good that it will as it supports over 200 camera systems. It had settings for our office CCTV DVR where we have 8 cameras and our Panasonic IP cameras at the office (4 additional cameras) as well as the cameras that keep watch over our home, which are also Panasonic IP cameras.

We can view all of them at once on the phone, or view one large and several smaller frames. We can use the Pan-Tilt-Zoom functionality and a really cool feature is that we can enable the microphones and listen in at the remote site for the cameras that support that.

So if you are looking for the perfect app for your Android based phone, skip all the others, which seem to have annoying issues and lack of compatibility and download IP Cam Viewer Lite first. I bet you pay the 10 bucks and register it within 24hrs!

If you are wanting security / surveillance cameras for your Greenville or Upstate SC based home or business, we offer a wide selection of standard CCTV systems and IP Network Cameras, DVRs, NVRs, and more! Call us at 864.990.4748 or email info@homelandsecureit.com

UPDATE  –  2012-12-08:

This camera viewer software is STILL our favorite. We continue to evaluate every app we can to make sure our customers have the best tools in their arsenal to protect their property.

Robert Chou has an IP Cam Viewer for the iPad and iPhone too, and guess what?  It is also the best remote camera viewer software I have seen on those platforms!  There is support for more cameras than any other app I am aware of!

The Microsoft Windows 7 Home Premium Family Pack Can Save You Money!

Windows 7 Home Premium Family Pack

Windows 7 Home Premium Family Pack

Microsoft’s Windows 7 Home Premium Family Pack offers you a three pack of licenses, allowing up to three computers in your family to upgrade to Windows 7 Home Premium! It is available in either 32 or 64 bit versions.

The cost is very affordable at only about 50 dollars per seat! In comparison, a single upgrade version of Windows 7 Home Premium is $119.

This offer is available while supplies last and this is the second time since the initial release of Windows 7 that Microsoft has offered this special. Within months of the first special, they had sold out, so you may wish to jump on this offer while you can.

If you would like more information about how you can save money on Microsoft products for your home or business, please shoot us an email at info@homelandsecureit.com or call at 864.990.4748. We offer national sales of Microsoft product and complete computer service / repair in the Greeenville & Upstate SC area.

Microsoft Office “Home Use Program” allows your employees to use MS Office at home for $9.95

Microsoft’s Home Use Program, or “HUP” is a benefit offered to those with Microsoft’s Software Assurance, which allows you to offer your employees the latest version of the Microsoft Office suite to use at home.

Let’s say you purchase 25 seats of Microsoft Office 2010 Professional Plus with Software Assurance from Homeland Secure IT, you can then turn around and offer your staff the ability to download the Office Suite and use it on their home computers for only $9.95! (They can also purchase the physical media for an additional $12.00 or purchase Office 2008 for Mac for $8.00)

Allowing your employees to have access to the latest version of Microsoft Office at home helps them to become accustomed to the software you are using, or planning to deploy, which in turn helps boost their productivity!

For more information about Microsoft Software Assurance, or to purchase Microsoft products such as Microsoft Windows 7 Professional, Office 2010 Professional, Microsoft Server 2008, Exchange Server 2010 or any other Microsoft product, please email info@homelandsecureit.com or call 864.990.4748.

We are a Microsoft Small Business Specialist providing sales, service and support to Greenville and Upstate SC…

SECURE IT ALERT: Adobe Reader & Acrobat Updates Affect Macintosh, Windows, UNIX

Secure IT Alert Header
Homeland Secure IT Alert

Homeland Secure IT Alert for Wednesday, October 6, 2010

I realize I am sounding like a broken record (remember those?), however, Adobe has addressed vulnerabilities in their Adobe Reader, Adobe Acrobat, and also Adobe Air products which you should be aware of.

Skipping to the chase, please, for the love of God, update your Adobe products when prompted, or if NOT prompted, open each Adobe product and go to the Update option and do so… If you are running really old versions, you could just visit the Adobe.com website and download the latest versions, but be sure you update those too!

These vulnerabilities affect Apple Macintosh OS X, Microsoft Windows and even UNIX operating systems. Nobody is left out here.

Should you require assistance with this or any other computer / network security or support issue in the Greenville / Upstate SC area, feel free to call upon us at 864.990.4748 or email info@homelandsecureit.com

Original CERT alert follows…

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA10-279A

Adobe Reader and Acrobat Affected by Multiple Vulnerabilities

Original release date: October 06, 2010
Last revised: —
Source: US-CERT

Systems Affected

* Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh, and UNIX
* Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh
* Adobe Reader 8.2.4 and earlier versions for Windows, Macintosh, and UNIX
* Adobe Acrobat 8.2.4 and earlier versions for Windows and Macintosh

Overview

Adobe has released Security Bulletin APSB10-21, which describes
multiple vulnerabilities affecting Adobe Reader and Acrobat.

I. Description

Adobe Security Bulletin APSB10-21 describes a number of
vulnerabilities affecting Adobe Reader and Acrobat. These
vulnerabilities affect Reader and Acrobat 9.3.4, earlier 9.x
versions, 8.2.4, and earlier 8.x versions.

An attacker could exploit these vulnerabilities by convincing a
user to open a specially crafted PDF file. The Adobe Reader browser
plug-in, which can automatically open PDF documents hosted on a
website, is available for multiple web browsers and operating
systems.

Additional information is available in US-CERT Vulnerability Note
VU#491991.

II. Impact

These vulnerabilities could allow a remote attacker to execute
arbitrary code, write arbitrary files or folders to the file
system, escalate local privileges, or cause a denial of service on
an affected system as the result of a user opening a malicious PDF
file.

III. Solution

Update

Adobe has released updates to address this issue. Users are
encouraged to read Adobe Security Bulletin APSB10-21 and update
vulnerable versions of Adobe Reader and Acrobat.

Disable JavaScript in Adobe Reader and Acrobat

Disabling JavaScript may prevent some exploits from resulting in
code execution. Acrobat JavaScript can be disabled using the
Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable
Acrobat JavaScript).

Adobe provides a framework to blacklist specific JavaScipt APIs. If
JavaScript must be enabled, this feature may be useful when
specific APIs are known to be vulnerable or used in attacks.

Prevent Internet Explorer from automatically opening PDF files

The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to a safer option that
prompts the user by importing the following as a .REG file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\AcroExch.Document.7] “EditFlags”=hex:00,00,00,00

Disable the display of PDF files in the web browser

Preventing PDF files from opening inside a web browser will
partially mitigate this vulnerability. If this workaround is
applied, it may also mitigate future vulnerabilities.

To prevent PDF files from automatically being opened in a web
browser, do the following:

1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the Preferences option.
4. Choose the Internet section.
5. Uncheck the “Display PDF in browser” checkbox.

Do not access PDF files from untrusted sources

Do not open unfamiliar or unexpected PDF files, particularly those
hosted on websites or delivered as email attachments. Please see
Cyber Security Tip ST04-010.

IV. References

* Security update available for Adobe Reader and Acrobat –
<http://www.adobe.com/support/security/bulletins/apsb10-21.html>

* US-CERT Vulnerability Note VU#491991 –
<http://www.kb.cert.org/vuls/id/491991>

* Adobe Reader and Acrobat JavaScript Blacklist Framework –
<http://kb2.adobe.com/cps/504/cpsid_50431.html>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA10-279A.html>

Homeland Secure IT Alert Footer

Homeland Secure IT Alert

Intuit Quickbooks 2011 Products NOW Live

In an earlier post I prematurely announced the release of Intuit Quickbooks 2011 as well as the whole suite of software from Intuit.

That release date was pushed back due to some technical issues, and as of today, they are now live!

You can click our affiliate link and save up to 20% on Intuit Quickbooks 2011 and other Intuit offerings….

Intuit Quickbooks & Quicken Authorized Affiliate Purchase at 20% off retail

Intuit Quickbooks & Quicken Authorized Affiliate Purchase at 20% off retail

4

Sprint Samsung Epic 4g being used for computer service technicians – first impressions

Sprint Samsung Epic 4gWanna buy a RIM Blackberry 8350i for Nextel / Sprint? We have a few for sale! http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=320599349838#ht_694wt_1139

In an earlier blog posts, I rambled a bit about the desire to leave the Blackberry, but why we didn’t, and then last week, I posted about finally dumping the Blackberry phones for new Android smart phones.

Today I will bore you with my thoughts on how these devices are going to fare in our own application. For those of you who don’t know, Homeland Secure IT is a provider of computer, server & network service, support, repair, consultation and sales here in Greenville, SC. We have a number of computer service technicians who need instant access to each other, to the web, and to their email, so they can better assist our clients.

Previously, the Blackberry was THE tool for the job, but more recently, we have had connectivity issues, poor coverage in the Upstate and a general unhappy feeling due to dropped calls, etc. The inability to run the latest applications was also a drag, but it did not prohibit us from performing our job.

Thank God, all of our fears of leaving the Blackberry behind were unsubstantiated, well at least most of them…

We were worried about the slow email transport that active sync to our Microsoft Exchange Server would subject us to… That was unwarranted. We are realizing only a slight delay over the Blackberry Enterprise Server. We are missing our “notes”, but there are ways to deal with that.

We worried that Direct Connect would be missed… While not perfect, the app suggested by our friend Bradley Durham called “TiKL” allows almost the same functionality. The audio quality is not quite as good, and it can get choppy, depending upon signal quality.

The best part about switching is that I am no longer being disconnected from half the calls that I make!!!!

Here’s a partial list of some of the apps that we are finding useful in our application:

  • TinyDVR – Free version of a network camera viewer lets me watch a couple cameras at my home.
  • IP Cam Viewer – Free version of a network camera viewer app, lets me watch 4 of the 12 cameras at our office.
  • Advanced Task Killer – Free version of ATK helps keep memory in check by killing off apps on the Android.
  • Barcode scanner – Free app lets us see those QR codes and scan bar codes.
  • Bump – Exchange business cards between iPhone and Android users with a “bump”
  • Files Anywhere – Lets us share files, even fax from the phone.
  • Pocket Cloud from Wyse – Let’s us remote desktop to servers for quick maintenance.

There are a number of others I use, but mainly for personal purposes….

In using these phones over the weekend, it is painfully apparent that battery life is going to be our biggest obstacle. As much as I use mine to check email, text, talk and “direct connect”, I am only able to get about 3 hrs max without using a charger…  Not good. So I have purchased chargers for everywhere, and await the release of high capacity batteries.

The other problem may be in the durability of this device. A Blackberry can be dropped, or even thrown, and will survive. One wrong bump and I am sure that the Samsung Epic 4g will be damaged… Most likely the screen will break from a slight impact. To help protect myself, I have purchased a high quality cover and holster, after it shows up, I will post about it here.

As always, your comments are welcome!

2

We finally dumped Nextel Blackberry phones & went with Sprint Samsung Epic 4g

Sprint Samsung Epic 4gAfter another horrible day of Nextel service I gave up and went to the Sprint store where they attempted to upgrade the software on my Blackberry 8350i…   What was supposed to take a few minutes (45 or so) ended up taking until the end of their business day, and they were going to have it for me at start of business today.

I was at their door at 9 AM to find the nice little tech all apologetic over the fact that the update bombed during the night and that she had started it over….   I figured 45 minutes, maybe an hour…   So I waited… And waited.

Turns out the operating system had become corrupt and the trusty old BB was now a brick…  She said a phone could be in tomorrow but it looked like Monday. (This was at about 11:30 or so)

If you know me, you know that I am one connected guy, constantly getting and sending emails, direct connects, phone calls, twitter, facebook, foursquare, yada yada yada, and being without my phone for 18+ hours was making me more than antsy! The tech was going to put my SIM card, keyboard and whatever in another old/broken phone and let me use that. But then the phone would be just a phone, until it was put back on our Blackberry Enterprise Server, only to repeat this again when the replacement phone came in.

At this point, I called my wife and we went for option two. We purchased new Samsung Epic 4g Android 2.2 phones, and swung our service over from the Nextel side to the Sprint side. Then worked on getting all the phones going for the techs and myself. I left there at about 2:15 in the afternoon, with a phone in my hand for the first time in almost 24hrs.

Now we are getting these new phones setup and tweaked to suit our needs…  They are associated with our Microsoft Exchange Server (I have two Exchange servers and a Google account associated with mine), and using the app that Bradley Durham told us about, TiKL, we now have a replacement for Nextel’s “Direct Connect”, though kinda sketchy…

The specs for the Samsung Epic 4g are quite amazing…

  • Android 2.2 OS
  • 1Ghz Samsung
  • 4″ AMOLED
  • 5 Megapixel camera 720p
  • 16 GB memory card
  • 3g / 4g speeds (Up to 10 Mbps at 4g which is not in Greenville yet)
  • WiFi Hotspot for up to 5 devices
  • QWERTY Keyboard that slides out
  • Claims of 6+ hours talk time

Only time will tell, and I will post a follow-up to this post as we get used to these phones…..     As for me, I am back to finding the perfect app for Twitter, Facebook, etc, etc, etc….

If you want to read my original post, go HERE

Have a great weekend!!!