Homeland Secure IT Alert for Wednesday, January 11, 2012

Yesterday was Adobe’s first patch day of the new year and the security bulletin describes a total of six vulnerabilities in Adobe Reader and Acrobat X 10.1.1 and older, on both Microsoft Windows and Apple Mac.

The issues that are addressed are considered “critical” in nature and the solution is to download and deploy updates or to allow the Adobe Software Updater to perform the updates for you.

Adobe Reader X 10.1.2

• For Windows
• For Mac

Adobe Acrobat X 10.1.2

• Standard and Pro for Windows
• Pro Extended for Windows
• Pro for Mac

This is kind of old news, but seeing a blog post by someone else today reminded me that it is not patched yet…

Apple Safari web browser can be used as an avenue that would allow malicious code on a web site to be run with whatever privileges you have on that computer.

Here’s an actual security bulletin you can read about this:

https://secunia.com/advisories/47237/

Until this is patched for sure, I believe I would not be using the Apple Safari browser on a Windows 7 machine.  Just my two cents.

Yesterday, Microsoft issued a security bulletin for the .NET issues mentioned the other day.  That document can be found here:

http://technet.microsoft.com/security/bulletin/ms11-dec

Critical Security Bulletins

============================

 

MS11-100

 

- Affected Software:

- Windows XP Service Pack 3

- Microsoft .NET Framework 1.1 Service Pack 1

- Microsoft .NET Framework 2.0 Service Pack 2

- Microsoft .NET Framework 3.5 Service Pack 1

- Microsoft .NET Framework 4

- Windows XP Professional x64 Edition Service Pack 2

- Microsoft .NET Framework 1.1 Service Pack 1

- Microsoft .NET Framework 2.0 Service Pack 2

- Microsoft .NET Framework 3.5 Service Pack 1

- Microsoft .NET Framework 4

- Windows Server 2003 Service Pack 2

- Microsoft .NET Framework 1.1 Service Pack 1

- Microsoft .NET Framework 2.0 Service Pack 2

- Microsoft .NET Framework 3.5 Service Pack 1

- Microsoft .NET Framework 4

- Windows Server 2003 x64 Edition Service Pack 2

- Microsoft .NET Framework 1.1 Service Pack 1

- Microsoft .NET Framework 2.0 Service Pack 2

- Microsoft .NET Framework 3.5 Service Pack 1

- Microsoft .NET Framework 4

- Windows Server 2003 with SP2 for Itanium-based Systems

- Microsoft .NET Framework 1.1 Service Pack 1

- Microsoft .NET Framework 2.0 Service Pack 2

- Microsoft .NET Framework 3.5 Service Pack 1

- Microsoft .NET Framework 4

- Windows Vista Service Pack 2

- Microsoft .NET Framework 1.1 Service Pack 1

- Microsoft .NET Framework 2.0 Service Pack 2

- Microsoft .NET Framework 3.5 Service Pack 1

- Microsoft .NET Framework 4

- Windows Vista x64 Edition Service Pack 2

- Microsoft .NET Framework 1.1 Service Pack 1

- Microsoft .NET Framework 2.0 Service Pack 2

- Microsoft .NET Framework 3.5 Service Pack 1

- Microsoft .NET Framework 4

- Windows Server 2008 for 32-bit Systems Service Pack 2

- Microsoft .NET Framework 1.1 Service Pack 1

(Windows Server 2008 Server Core installation not affected)

- Microsoft .NET Framework 2.0 Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Microsoft .NET Framework 3.5 Service Pack 1

(Windows Server 2008 Server Core installation not affected)

- Microsoft .NET Framework 4

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems Service Pack 2

- Microsoft .NET Framework 1.1 Service Pack 1

(Windows Server 2008 Server Core installation not affected)

- Microsoft .NET Framework 2.0 Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Microsoft .NET Framework 3.5 Service Pack 1

(Windows Server 2008 Server Core installation not affected)

- Microsoft .NET Framework 4

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Microsoft .NET Framework 1.1 Service Pack 1

- Microsoft .NET Framework 2.0 Service Pack 2

- Microsoft .NET Framework 3.5 Service Pack 1

- Microsoft .NET Framework 4

- Windows 7 for 32-bit Systems only:

- Microsoft .NET Framework 3.5.1

- Microsoft .NET Framework 4

- Windows 7 for 32-bit Systems Service Pack 1 only:

- Microsoft .NET Framework 3.5.1

- Microsoft .NET Framework 4

- Windows 7 for x64-based Systems only:

- Microsoft .NET Framework 3.5.1

- Microsoft .NET Framework 4

- Windows 7 for x64-based Systems Service Pack 1 only:

- Microsoft .NET Framework 3.5.1

- Microsoft .NET Framework 4

- Windows Server 2008 R2 for x64-based Systems only:

- Microsoft .NET Framework 3.5.1

(Windows Server 2008 R2 Server Core installation affected)

- Microsoft .NET Framework 4

- Windows Server 2008 R2 for x64-based Systems Service Pack 1 only:

- Microsoft .NET Framework 3.5.1

(Windows Server 2008 R2 Server Core installation affected)

- Microsoft .NET Framework 4

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems only:

- Microsoft .NET Framework 3.5.1

- Microsoft .NET Framework 4

- Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1 only:

- Microsoft .NET Framework 3.5.1

- Microsoft .NET Framework 4

- Impact: Elevation of Privilege

- Version Number: 1.0

Microsoft released Security Advisory 2659883 today which outlines a vulnerability in ASP.NET which could permit a Denial of Service.

More information is available here: http://technet.microsoft.com/security/advisory/2659883

Two notes from that page listed as “Mitigating Factors”:

• By default, IIS is not enabled on any supported Windows operating system
• Sites that disallow application/x-www-form-urlencoded or multipart/form-data HTTP content types are not vulnerable

Please visit the URL above to find out if your OS and version/s of the .NET Framework are affected. Basically it affects every OS, from Windows XP, Vista, 7, Server 2003, and Server 2008 R2, in 64 and 32 bit flavors, and just about every version of the .NET Framework.

Scroll down to the “Suggested Actions” section and read about “Workarounds” if you are using IIS.

If you are in the Greenville or Upstate, SC area and need assistance with this or any other computer service / support issue, please call us at 864.990.4748 or email info@homelandsecureit.com

A little something to keep you busy…   Adobe vulnerabilities that affect Microsoft Windows, Mac and Unix machines.

Patch ‘em up!

 

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA11-350A

Adobe Updates for Multiple Vulnerabilities

Original release date: December 16, 2011

Last revised: –

Source: US-CERT

Systems Affected

* Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh

* Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh, and UNIX

* Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh

* Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh

 

Overview

Adobe has released Security Bulletin APSB11-30, which describes

multiple vulnerabilities affecting Adobe Reader and Acrobat.

 

I. Description

Adobe Security Bulletin APSB11-30 and Adobe Security Advisory

APSA11-04 describe a number of vulnerabilities affecting Adobe

Reader and Acrobat. These vulnerabilities affect Reader and Acrobat

9.4.6 and earlier 9.x versions. These vulnerabilities also affect

Reader X and Acrobat X 10.1.1 and earlier 10.x versions.

 

An attacker could exploit these vulnerabilities by convincing a

user to open a specially crafted PDF file. The Adobe Reader browser

plug-in, which can automatically open PDF documents hosted on a

website, is available for multiple web browsers and operating

systems.

 

Adobe Reader X and Adobe Acrobat X will be patched in the next

quarterly update scheduled for January 10, 2012.

 

Additional details for the U3D memory corruption vulnerability can

be found in US-CERT Vulnerability Note VU#759307.

II. Impact

These vulnerabilities could allow a remote attacker to execute

arbitrary code, write arbitrary files or folders to the file

system, escalate local privileges, or cause a denial of service on

an affected system as the result of a user opening a malicious PDF

file.

 

III. Solution

Update Reader

Adobe has released updates to address this issue. Users are

encouraged to read Adobe Security Bulletin APSB11-30 and update

vulnerable versions of Adobe Reader and Acrobat.

 

In addition to updating, please consider the following mitigations.

 

Disable Flash in Adobe Reader and Acrobat

 

Disabling Flash in Adobe Reader will mitigate attacks that rely on

Flash content embedded in a PDF file. Disabling 3D & Multimedia

support does not directly address the vulnerability, but it does

provide additional mitigation and results in a more user-friendly

error message instead of a crash. To disable Flash and 3D &

Multimedia support in Adobe Reader 9, delete, rename, or remove

access to these files:

 

Microsoft Windows

“%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll”

“%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll”

 

Apple Mac OS X

“/Applications/Adobe Reader 9/Adobe

Reader.app/Contents/Frameworks/AuthPlayLib.bundle”

“/Applications/Adobe Reader 9/Adobe

Reader.app/Contents/Frameworks/Adobe3D.framework”

 

GNU/Linux (locations may vary among distributions)

“/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so”

“/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so”

 

File locations may be different for Adobe Acrobat or other Adobe

products that include Flash and 3D & Multimedia support. Disabling

these plugins will reduce functionality and will not protect

against Flash content that is hosted on websites. Depending on the

update schedule for products other than Flash Player, consider

leaving Flash and 3D & Multimedia support disabled unless they are

absolutely required.

 

Disable JavaScript in Adobe Reader and Acrobat

 

Disabling JavaScript may prevent some exploits from resulting in

code execution. Acrobat JavaScript can be disabled using the

Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable

Acrobat JavaScript).

 

Adobe provides a framework to blacklist specific JavaScipt APIs. If

JavaScript must be enabled, this framework may be useful when

specific APIs are known to be vulnerable or used in attacks.

 

Prevent Internet Explorer from automatically opening PDF files

 

The installer for Adobe Reader and Acrobat configures Internet

Explorer to automatically open PDF files without any user

interaction. This behavior can be reverted to a safer option that

prompts the user by importing the following as a .REG file:

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\AcroExch.Document.7]

“EditFlags”=hex:00,00,00,00

 

Disable the display of PDF files in the web browser

 

Preventing PDF files from opening inside a web browser will

partially mitigate this vulnerability. If this workaround is

applied, it may also mitigate future vulnerabilities.

 

To prevent PDF files from automatically being opened in a web

browser, do the following:

 

1. Open Adobe Acrobat Reader.

2. Open the Edit menu.

3. Choose the Preferences option.

4. Choose the Internet section.

5. Uncheck the “Display PDF in browser” checkbox.

 

Remove or restrict access to 3difr.x3d

 

By removing or restricting access to the 3difr.x3d file, Adobe

Reader and Acrobat will fail to render U3D content, which helps to

mitigate this vulnerability. PDF documents that use the PRC format

for 3D content will continue to function on Windows and Linux

platforms.

 

To disable U3D support in Adobe Reader 9 on Microsoft Windows,

delete or rename this file:

 

“%ProgramFiles%\Adobe\Reader 9.0\Reader\plug_ins3d\3difr.x3d”

 

For Apple Mac OS X, delete or rename this directory:

 

“/Applications/Adobe Reader 9/Adobe

Reader.app/Contents/Frameworks/Adobe3D.framework”

 

For GNU/Linux, delete or rename this file (locations may vary among

distributions):

 

“/opt/Adobe/Reader9/Reader/intellinux/plug_ins3d/3difr.x3d”

 

File locations may be different for Adobe Acrobat or other Adobe

products or versions.

 

Do not access PDF files from untrusted sources

 

Do not open unfamiliar or unexpected PDF files, particularly those

hosted on websites or delivered as email attachments. Please see

Cyber Security Tip ST04-010.

 

 

IV. References

 

* Security update available for Adobe Reader and Acrobat -

<https://www.adobe.com/support/security/bulletins/apsb11-30.html>

 

* Adobe Reader and Acrobat JavaScript Blacklist Framework -

<http://kb2.adobe.com/cps/504/cpsid_50431.html>

 

* Adobe Acrobat and Reader U3D memory corruption vulnerability -

<http://www.kb.cert.org/vuls/id/759307>

 

* Security Advisory for Adobe Reader and Acrobat -

<https://www.adobe.com/support/security/advisories/apsa11-04.html>

 

____________________________________________________________________

 

The most recent version of this document can be found at:

 

<http://www.us-cert.gov/cas/techalerts/TA11-350A.html>

____________________________________________________________________

 

Feedback can be directed to US-CERT Technical Staff. Please send

email to <cert@cert.org> with “TA11-350A Feedback VU#759307″ in

the subject.

____________________________________________________________________

 

For instructions on subscribing to or unsubscribing from this

mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

____________________________________________________________________

 

Produced 2011 by US-CERT, a government organization.

 

Terms of use:

 

<http://www.us-cert.gov/legal.html>

____________________________________________________________________

 

Revision History

 

December 16, 2011: Initial release

 

 

—–BEGIN PGP SIGNATURE—–

Version: GnuPG v1.4.5 (GNU/Linux)

 

iQEVAwUBTuuZnz/GkGVXE7GMAQIN8ggAjjQO8LOasl98uasGZW2J5SHfkKr675Mf

ymRzBagFqO9QuId2RvFG2b9nuq5zdqETsrcG1t668wtYLUhBaoLmFXPe/KsDQ9n+

/p9PctVJFmJpV92S3kAHw+u4t1n/Aa/4IdK0oXNBDhkyXrp41F27LY+aQ8FWWuxZ

lL4jXSUQ/gLgb6hOhLjRCsQtEhAcPbX/mPNxl6bACXZaOVZT88fz9M7JXryDiJWO

uuFi3O2GT0Bd3fEsL57U/TSbq8SynadObMSj4/+Q1HmOHcD0L5gzd9/N4M3D1Emg

y7aeUpgycY5eFefY3LVVkb7JkTUbEZHbuNHydFKIJDRlaXBAo+D0QQ==

=rKM4

—–END PGP SIGNATURE—–

As promised, Microsoft released SP2 for Exchange Server 2010 on 2011-12-12, and the SP brings with it a number of features and fixes:

• Incorporates all the changes from Update Rollup 1 through 6 for SP1
• Adds Hybrid Configuration Wizard for ease of managing a deployment between your on site Exchange and your Office 365 Exchange
• Introduces Address Book Policies, which determine the GAL, OAB, room list and address lists that are visible to the mailbox user that is assigned that policy
• New Cross-Site Silent Redirection for Outlook Web App can pass off requests to another server in another Active Directory site, and also permit a single sign-on
• Adds Mini Version of Outlook Web App suited for mobile users (tablets, pads, smart phones, basically anything with a browser)
• Mailbox Replication Service changes permit you to move mailboxes from on-premises to another forest or Outlook.com
• Mailbox Auto-Mapping changes allow you to disable Auto-Mapping to save on resources
• Added five Multi-Valued Custom Attributes which allow you to store additional information for your mail recipient objects
• Litigation Hold prohibits you from disabling or deleting a mailbox that has been placed on “litigation hold”

If you are running an Exchange Server 2010 without the current rollups applied to SP1, updating to SP2 today is a great idea as you can kill multiple birds with one stone!

Should you require assistance in the Greenville or Upstate, SC area please call 864.990.4748 or email info@homelandsecureit.com

National Cyber Alert System
Technical Cyber Security Alert TA11-347A

Last updated December 13, 2011

Microsoft didn’t forget your Christmas gift….  And it’s coming early!

That’s right, Microsoft Patch Tuesday is upon us again, and this December 13th you can expect a slew of updates covering the entire line of current Microsoft Windows operating systems.

Operating Systems: Windows XP 64 & 32 bit, Server 2003 64 & 32 bit and Itanium based servers, Vista 32 & 64 bit, Windows Server 2008 and the Server Core, Server 2008 R2 Windows 7 32 / 64

Other Software: Microsoft Internet Explorer 6, 7, 8 and 9, Microsoft Office for Windows 2010 & Office 2004 2008 for Mac and individual applications Publisher 2003 & 2007,  Excel 2003 PowerPoint 2007 & 2010,  PowerPoint Viewer 2007, Office compatibility pack for Word, Excel and PowerPoint File Formats.

Chances are good that if you own a Microsoft Windows machine, or a Mac with Office, then you need to be letting your system update.

The complete bulletin can be found here: http://technet.microsoft.com/security/bulletin/ms11-dec

If you need assistance applying these updates or with any other computer service issue, please let us know!  864.990.4748 or info@homelandsecureit.com

 

 

In the last 24hrs, I have spoken with or assisted at least 3 people who have become infected due to opening a malicious email.

One of them was my wifey, Pamela, who received an email from the US Postal Service stating that her package had been refused and to open the attached file for details. Due to her old Microsoft Windows Vista system which without question should be updated, the payload from the trojan was dropped and she was without her computer for 3 hours while over 300,000 items were scanned again and again and her icons restored so she could use her desktop.

What is happening is a bit of social engineering.  The emails appear to come from someone you trust, in this case the Post Office, and they appear to have important information, just too good to pass up. A busy worker may be momentarily fooled, and likely, at the very moment they click on the item, they think, “Ohhh I bet I shouldn’t have done that”, but it is too late.

• How can you keep from becoming a victim of this type of exploit?
• Avoid using unpatched Microsoft Windows systems!  When updates are released, install them.
• Install all updates to important applications, such as Microsoft Office.
• Install all updates to Adobe Reader, Flash, Acrobat, and to JAVA.
• Keep current and trustworthy anti-virus such as Trend Micro Titanium 2012 on all your computers.
• Use caution when opening attachments. Ask yourself why the USPS would be sending you and email and why would the information be in an attachment before clicking on it.

Before I get responses such as “Macs do not have that problem”, yes, Apple Mac OS X does have that problem. We have dealt with almost as many Mac security issues this year as we have Windows 7.  Regardless of the Operating System, a little common sense and preventative maintenance goes a long way!

Should you need help with a virus cleanup or virus removal for your personal computer or your business, we can help. We also partner with Trend Micro to offer Worry-Free, Trend Micro Titanium, and the entire outstanding line of Trend Micro anti-virus, anti-spyware, anti-spam and anti-everything software, just give us a call at 864.990.4748 or email info@homelandsecureit.com.

Just using your mouse to make computer commands takes more time than you think – keyboard shortcuts save both time and energy by reducing multiple clicks to a single combination of keys.

Keyboard shortcuts are used for tasks that you do all the time, such as opening or saving files, but a large number of people do not know they even exist!

The table below offers only a fraction of the common standard-keyboard shortcuts, many of which work across Microsoft Office applications—such as Outlook, Visio, PowerPoint, Word, Excel & Publisher.

A full list of built-in keyboard shortcuts can be found in the Help section of any particular computer-based application.

Press this	To do this
F1	Open Help
F7	Check the spelling of titles or words in any Office application with the Spelling & Grammar checker
Windows logo key	Open the Start menu
Alt+F4	Quit a program
Alt+Tab	Switch between open programs or windows
Ctrl+N	Open a new (blank) document
Ctrl+A	Select all content in a document, window, or text box
Ctrl+S	Save the current file or document (works in most programs)
Ctrl+C	Copy the selection
Ctrl+X	Cut the selection
Ctrl+V	Paste the selection
Ctrl+P	Print a document or webpage
Ctrl+Z	Undo an action
Ctrl+Y	Redo an action
Ctrl+F	Find text in a document
Ctrl+H	Find and replace text in a document
Ctrl+B	Boldface text
Ctrl+I	Italicize text
Ctrl+U	Underline text
Ctrl+G	Go to a page, line, or bookmark in a document
Windows logo key +F1	Display Windows Help and Support
Esc	Cancel the current task
Application key	Open a menu of commands related to a selection in a program (equivalent to right-clicking the selection)

 

This information comes courtesy of our partner, ACRBO…