Tageszusammenfassung - Mittwoch 16-01-2013

End-of-Shift report

Timeframe: Dienstag 15-01-2013 18:00 − Mittwoch 16-01-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner

When Disabling IE6 (or Java, or whatever) is not an Option..., (Tue, Jan 15th)

Were getting a whole lot of bad advice regarding the latest crop of vulnerabilities. Folks are saying things like disable Java, or Migrate away from IE6/7/8, or even Migrate to IE10 or Firefox. While these will certainly mitigate the current vulnerability, its often not a practical way to go. If you pick the right week, almost anything could be your target disable that component - everyone has a zero day at one time or another. Specific to this weeks issues, there are lots of business...

http://isc.sans.edu/diary.html?storyid=14947&rss


January 2013 Out-of-Band Security Bulletin Webcast, Q&A, and Slide Deck

Today we’re publishing the January 2013 Out-of-Band Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded 17 questions focusing on Security Update MS13-088, and SecurityAdvisory 2794220 which was deprecated by this update release. All questions and answers are included in the transcript. We invite our customers to join us for the next scheduled webcast on Wednesday, February 13th at 11 a.m. PST (UTC-8), when we will go into detail about the February...

http://blogs.technet.com/b/msrc/archive/2013/01/15/january-2013-out-of-band-security-bulletin-webcast-q-amp-a-and-slide-deck.aspx


Bugtraq: Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability

Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability

http://www.securityfocus.com/archive/1/525317


Oracles Januar-Patches schließen 86 Lücken

Mit dem jetzt veröffentlichten regulären Critical Patch Update behebt Oracle unter anderem 24 Sicherheitslücken in seinen Datenbankprodukten, davon 18 in MySQL. Einige davon ließen sich übers Netz ohne Anmeldung ausnutzen.

http://rss.feedsportal.com/c/32407/f/463925/s/27929ccc/l/0L0Sheise0Bde0Cmeldung0COracles0EJanuar0EPatches0Eschliessen0E860ELuecken0E17844350Bhtml0Cfrom0Crss0A9/story01.htm


Security hotfix released for ColdFusion (APSB13-03)

Today, a Security Bulletin (APSB13-03) has been posted in regards to a security hotfix for Adobe ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. Adobe recommends users update their product installation using the instructions provided in the security bulletin. This posting is provided “AS IS” with no warranties and confers no rights.

http://blogs.adobe.com/psirt/2013/01/security-hotfix-released-for-coldfusion-apsb13-03.html


Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability

Please give us your feedback on Cisco Security Intelligence Operations. Thanks! A vulnerability in Cisco Adaptive Security Appliance (ASA) Software for the Cisco ASA 1000V Cloud Firewall may cause the Cisco ASA 1000V to reload after processing a malformed H.323 message. Cisco ASA 1000V Cloud Firewall is affected when H.323 inspection is enabled.Cisco has released free software updates that address this vulnerability.This advisory is posted at the following...

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130116-asa1000v?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability