Secure IT Alert for Thursday, February 2, 2012
If you are running a current version of Apple Mac OS X, 10.6.x or OS X 10.7.x (Snow Leopard & Lion respectively), then you are vulnerable to exploits that these patches correct.
These security flaws could potentially allow an attacker to execute code on your computer after you visit a malicious web site or download/view affected documents or files, or allow Denial of Service (DoS) or even elevation of privileges.
How do you fix this? Apple has released OS X Security Update 2012-001 and OS X 10.7.3 to fix these security problems – UPDATE ASAP.
The 52 security vulnerabilities affect 27 components that are part of OS X and OS X server. Some of the affected software includes: Apache, OpenGL, PHP, QuickTime and Time Machine.
A few examples:
Buffer overflow vulnerability in ImageIO – View a malicious image and it could result in a crash of an application, or code to be executed on your computer. The upside is, it would only execute with your privileges.
Buffer overflow vulnerability in CoreAudio – Play a malicious audio file and experience a crash of your system, or execute code with your privileges.
QuickTime vulnerabilities – Six of these babies could mean that if you open a malicious image or video in QT, code could be executed with your privileges.
The full update information can be found at http://support.apple.com/kb/HT5130
Should you require assistance in applying these updates, do not hesitate to call us in the Greenville or Upstate SC area at 864.990.4748 or email info@homelandsecureit.com
Homeland Secure IT Alert for Wednesday, January 11, 2012
Yesterday was Adobe’s first patch day of the new year and the security bulletin describes a total of six vulnerabilities in Adobe Reader and Acrobat X 10.1.1 and older, on both Microsoft Windows and Apple Mac.
The issues that are addressed are considered “critical” in nature and the solution is to download and deploy updates or to allow the Adobe Software Updater to perform the updates for you.
Adobe Reader X 10.1.2
Adobe Acrobat X 10.1.2
A little something to keep you busy… Adobe vulnerabilities that affect Microsoft Windows, Mac and Unix machines.
Patch ‘em up!
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA11-350A
Adobe Updates for Multiple Vulnerabilities
Original release date: December 16, 2011
Last revised: –
Source: US-CERT
Systems Affected
* Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
* Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh, and UNIX
* Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
* Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh
Overview
Adobe has released Security Bulletin APSB11-30, which describes
multiple vulnerabilities affecting Adobe Reader and Acrobat.
I. Description
Adobe Security Bulletin APSB11-30 and Adobe Security Advisory
APSA11-04 describe a number of vulnerabilities affecting Adobe
Reader and Acrobat. These vulnerabilities affect Reader and Acrobat
9.4.6 and earlier 9.x versions. These vulnerabilities also affect
Reader X and Acrobat X 10.1.1 and earlier 10.x versions.
An attacker could exploit these vulnerabilities by convincing a
user to open a specially crafted PDF file. The Adobe Reader browser
plug-in, which can automatically open PDF documents hosted on a
website, is available for multiple web browsers and operating
systems.
Adobe Reader X and Adobe Acrobat X will be patched in the next
quarterly update scheduled for January 10, 2012.
Additional details for the U3D memory corruption vulnerability can
be found in US-CERT Vulnerability Note VU#759307.
II. Impact
These vulnerabilities could allow a remote attacker to execute
arbitrary code, write arbitrary files or folders to the file
system, escalate local privileges, or cause a denial of service on
an affected system as the result of a user opening a malicious PDF
file.
III. Solution
Update Reader
Adobe has released updates to address this issue. Users are
encouraged to read Adobe Security Bulletin APSB11-30 and update
vulnerable versions of Adobe Reader and Acrobat.
In addition to updating, please consider the following mitigations.
Disable Flash in Adobe Reader and Acrobat
Disabling Flash in Adobe Reader will mitigate attacks that rely on
Flash content embedded in a PDF file. Disabling 3D & Multimedia
support does not directly address the vulnerability, but it does
provide additional mitigation and results in a more user-friendly
error message instead of a crash. To disable Flash and 3D &
Multimedia support in Adobe Reader 9, delete, rename, or remove
access to these files:
Microsoft Windows
“%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll”
“%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll”
Apple Mac OS X
“/Applications/Adobe Reader 9/Adobe
Reader.app/Contents/Frameworks/AuthPlayLib.bundle”
“/Applications/Adobe Reader 9/Adobe
Reader.app/Contents/Frameworks/Adobe3D.framework”
GNU/Linux (locations may vary among distributions)
“/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so”
“/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so”
File locations may be different for Adobe Acrobat or other Adobe
products that include Flash and 3D & Multimedia support. Disabling
these plugins will reduce functionality and will not protect
against Flash content that is hosted on websites. Depending on the
update schedule for products other than Flash Player, consider
leaving Flash and 3D & Multimedia support disabled unless they are
absolutely required.
Disable JavaScript in Adobe Reader and Acrobat
Disabling JavaScript may prevent some exploits from resulting in
code execution. Acrobat JavaScript can be disabled using the
Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable
Acrobat JavaScript).
Adobe provides a framework to blacklist specific JavaScipt APIs. If
JavaScript must be enabled, this framework may be useful when
specific APIs are known to be vulnerable or used in attacks.
Prevent Internet Explorer from automatically opening PDF files
The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to a safer option that
prompts the user by importing the following as a .REG file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\AcroExch.Document.7]
“EditFlags”=hex:00,00,00,00
Disable the display of PDF files in the web browser
Preventing PDF files from opening inside a web browser will
partially mitigate this vulnerability. If this workaround is
applied, it may also mitigate future vulnerabilities.
To prevent PDF files from automatically being opened in a web
browser, do the following:
1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the Preferences option.
4. Choose the Internet section.
5. Uncheck the “Display PDF in browser” checkbox.
Remove or restrict access to 3difr.x3d
By removing or restricting access to the 3difr.x3d file, Adobe
Reader and Acrobat will fail to render U3D content, which helps to
mitigate this vulnerability. PDF documents that use the PRC format
for 3D content will continue to function on Windows and Linux
platforms.
To disable U3D support in Adobe Reader 9 on Microsoft Windows,
delete or rename this file:
“%ProgramFiles%\Adobe\Reader 9.0\Reader\plug_ins3d\3difr.x3d”
For Apple Mac OS X, delete or rename this directory:
“/Applications/Adobe Reader 9/Adobe
Reader.app/Contents/Frameworks/Adobe3D.framework”
For GNU/Linux, delete or rename this file (locations may vary among
distributions):
“/opt/Adobe/Reader9/Reader/intellinux/plug_ins3d/3difr.x3d”
File locations may be different for Adobe Acrobat or other Adobe
products or versions.
Do not access PDF files from untrusted sources
Do not open unfamiliar or unexpected PDF files, particularly those
hosted on websites or delivered as email attachments. Please see
Cyber Security Tip ST04-010.
IV. References
* Security update available for Adobe Reader and Acrobat -
<https://www.adobe.com/support/security/bulletins/apsb11-30.html>
* Adobe Reader and Acrobat JavaScript Blacklist Framework -
<http://kb2.adobe.com/cps/504/cpsid_50431.html>
* Adobe Acrobat and Reader U3D memory corruption vulnerability -
<http://www.kb.cert.org/vuls/id/759307>
* Security Advisory for Adobe Reader and Acrobat -
<https://www.adobe.com/support/security/advisories/apsa11-04.html>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA11-350A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with “TA11-350A Feedback VU#759307″ in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2011 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
December 16, 2011: Initial release
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTuuZnz/GkGVXE7GMAQIN8ggAjjQO8LOasl98uasGZW2J5SHfkKr675Mf
ymRzBagFqO9QuId2RvFG2b9nuq5zdqETsrcG1t668wtYLUhBaoLmFXPe/KsDQ9n+
/p9PctVJFmJpV92S3kAHw+u4t1n/Aa/4IdK0oXNBDhkyXrp41F27LY+aQ8FWWuxZ
lL4jXSUQ/gLgb6hOhLjRCsQtEhAcPbX/mPNxl6bACXZaOVZT88fz9M7JXryDiJWO
uuFi3O2GT0Bd3fEsL57U/TSbq8SynadObMSj4/+Q1HmOHcD0L5gzd9/N4M3D1Emg
y7aeUpgycY5eFefY3LVVkb7JkTUbEZHbuNHydFKIJDRlaXBAo+D0QQ==
=rKM4
—–END PGP SIGNATURE—–
Microsoft didn’t forget your Christmas gift…. And it’s coming early!
That’s right, Microsoft Patch Tuesday is upon us again, and this December 13th you can expect a slew of updates covering the entire line of current Microsoft Windows operating systems.
Operating Systems: Windows XP 64 & 32 bit, Server 2003 64 & 32 bit and Itanium based servers, Vista 32 & 64 bit, Windows Server 2008 and the Server Core, Server 2008 R2 Windows 7 32 / 64
Other Software: Microsoft Internet Explorer 6, 7, 8 and 9, Microsoft Office for Windows 2010 & Office 2004 2008 for Mac and individual applications Publisher 2003 & 2007, Excel 2003 PowerPoint 2007 & 2010, PowerPoint Viewer 2007, Office compatibility pack for Word, Excel and PowerPoint File Formats.
Chances are good that if you own a Microsoft Windows machine, or a Mac with Office, then you need to be letting your system update.
The complete bulletin can be found here: http://technet.microsoft.com/security/bulletin/ms11-dec
If you need assistance applying these updates or with any other computer service issue, please let us know! 864.990.4748 or info@homelandsecureit.com
In the last 24hrs, I have spoken with or assisted at least 3 people who have become infected due to opening a malicious email.
One of them was my wifey, Pamela, who received an email from the US Postal Service stating that her package had been refused and to open the attached file for details. Due to her old Microsoft Windows Vista system which without question should be updated, the payload from the trojan was dropped and she was without her computer for 3 hours while over 300,000 items were scanned again and again and her icons restored so she could use her desktop.
What is happening is a bit of social engineering. The emails appear to come from someone you trust, in this case the Post Office, and they appear to have important information, just too good to pass up. A busy worker may be momentarily fooled, and likely, at the very moment they click on the item, they think, “Ohhh I bet I shouldn’t have done that”, but it is too late.
- How can you keep from becoming a victim of this type of exploit?
- Avoid using unpatched Microsoft Windows systems! When updates are released, install them.
- Install all updates to important applications, such as Microsoft Office.
- Install all updates to Adobe Reader, Flash, Acrobat, and to JAVA.
- Keep current and trustworthy anti-virus such as Trend Micro Titanium 2012 on all your computers.
- Use caution when opening attachments. Ask yourself why the USPS would be sending you and email and why would the information be in an attachment before clicking on it.
Before I get responses such as “Macs do not have that problem”, yes, Apple Mac OS X does have that problem. We have dealt with almost as many Mac security issues this year as we have Windows 7. Regardless of the Operating System, a little common sense and preventative maintenance goes a long way!
Should you need help with a virus cleanup or virus removal for your personal computer or your business, we can help. We also partner with Trend Micro to offer Worry-Free, Trend Micro Titanium, and the entire outstanding line of Trend Micro anti-virus, anti-spyware, anti-spam and anti-everything software, just give us a call at 864.990.4748 or email info@homelandsecureit.com.
Are you using something other than Microsoft Internet Explorer 9 (IE9) for your web browser? A growing number of you are, and Microsoft does not like it one bit. In fact, if you go visit their promo site, you can receive “Free stuff from sites you love” if you will just cross over to the dark side, so to speak.
Here’s the link to the “Beauty of the Web” site… HERE
Sites represented are Slacker Radio, AOL Radio, Grooveshark, hulu, Flixter, Fandango, ticketmaster, vimeo, zynga and Pandora.
Of course, you have to be using IE to take advantage of the offers. The process is to drag the icon to your taskbar to pin it there, then share the information on Twitter or Facebook.
Mac OS X users will have to run IE 9 in a virtual machine in order to take advantage of this…
Apple released a slew of updates to address major security vulnerabilities this week…
Be sure get your devices up to date…
- OS X Lion v10.7.2 and Security Update 2011-006
- iTunes 10.5
- Safari 5.1.1
- iOS 5 Software Update
- Numbers for iOS v1.5
- Pages for iOS v1.5
- Apple TV 4.4
In what is becoming way too common, the popular site, mysql.com was exploited, and used to distribute malware by redirecting visitors to another site this week.
Anyone browsing to mysql.com yesterday would have been redirected, and without even being prompted, then likely been exploited themselves by the software running on the rogue website which apparently looked for vulnerable browser plugins to use for an injection point.
Trend Micro’s smart web filtering may have caught this and stopped it, but one thing is for sure… Doing everything you can to protect yourself from this type of exploit is more important than ever.
You should always insure you are running up-to-date and mainstream/quality anti-virus software (Such as Trend Micro), and also keep your operating system (whether Microsoft Windows, Apple Mac OS X or even linux), browser, and all support software such as Adobe Flash Player, Adobe Reader and JAVA, as well as Microsoft Office fully updated!
Another thing you should consider is backups! With the cost of USB hard drives at an all time low, and online backup (Like our Servosity offering) being an easy install, configuration and affordable, there is no excuse to not have backups.
Should you need assistance in the Greenville / Upstate SC area determining what you or your business needs, please contact us at 864.990.4748 or email info@homelandsecureit.com. We provide sales of Trend Micro, Symantect & McAfee anti-virus protection, virus cleanup & removal, and can handle your computer service & computer repair tasks!
Using Mac’s in your enterprise?
You will want to read this article http://www.theregister.co.uk/2011/08/26/mac_osx_lion_security_hole/…
This is kind of a big deal, as it underscores that Mac OS X Lion machines simply fail at LDAP, a basic part of enterprise network integration.
In short, if you bring these Macs into your environment, once authenticated, they simply don’t care which password is entered, they simply say “yer in!”…
Those of you who believe Macs are super secure need to rethink that philosophy and accept that there are problems with all OSes that pose a threat. About a week ago, I posted about a threat that involves a pure Mac server network, without any Microsoft involvement, just as bad as this current LDAP issue, no, actually worse.
If you would like to discuss integration of Macs into your Greenville / Upstate, SC Microsoft Windows environment, please give us a call at 864.990.4748 or email info@homelandsecureit.com…
I’ve posted this before… External, portable, USB hard drives are convenient to store some data on, but dang it, don’t put everything on one and trust that it is forever and always going to be there for you.
These devices use 2.5″ hard drives like you would find in a notebook computer, and while there is nothing wrong with those drives, they do tend to be a little more fragile and have a shorter life-span than their 3.5″ brethren.
Case in point…. Today, I was going to copy some data from my daughter’s old computer to an external usb drive… While the data made it over there, it was the straw that broke the camel’s back and other things started happening. The huge collection of music that resided on the drive became unstable. It was taking long periods of time to open the files, some were damaged and thousands were missing.
Running recovery software only resulted in finding parts of files, because when I started copying my daughter’s files to that drive, they overwrote sectors where parts of the other files had been… There’s no recovering that.
Thankfully, I had a backup, but what if I did not?
The moral of this story is – backup, backup, backup… Use something like an online cloud backup system or multiple hardware devices, and do it often. DO NOT put all your eggs in one basket and trust some >100 dollar usb drive. Doesn’t matter if you are using a Microsoft Windows PC, Mac OS X, Linux, or an Commodore 64, back it up!
Should you need help determining which backup solution is right for you or your business, please give us a call at 864.990.4748 or email info@homelandsecureit.com. We are one of Greenville / Upstate South Carolina’s premier computer & server backup specialists and we have a disk, tape, cloud or NAS solution to suit your application!




