Tageszusammenfassung - Freitag 5-12-2014

End-of-Shift report

Timeframe: Donnerstag 04-12-2014 18:00 − Freitag 05-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

MS14-DEC - Microsoft Security Bulletin Advance Notification for December 2014 - Version: 1.0

This is an advance notification of security bulletins that Microsoft is intending to release on December 9, 2014. This bulletin advance notification will be replaced with the December bulletin summary on December 9, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

https://technet.microsoft.com/en-us/library/security/MS14-DEC


Missing Exchange Patch Expected Among December Patch Tuesday Bulletins

Microsofts December 2014 advanced Patch Tuesday notification includes three critical bulletins and a missing Exchange patch originally scheduled for November.

http://threatpost.com/missing-exchange-patch-expected-among-december-patch-tuesday-bulletins/109722


Details Emerge on Sony Wiper Malware Destover

Kaspersky Lab has published an analysis of Destover, the wiper malware used in the attacks against Sony Pictures Entertainment, and its similarities to Shamoon and DarkSeoul.

http://threatpost.com/details-emerge-on-sony-wiper-malware-destover/109727


Upcoming Security Updates for Adobe Reader and Acrobat (APSB14-28)

December 4, 2014

http://blogs.adobe.com/psirt/?p=1147


Upcoming Adobe Reader, Acrobat Update to Patch Sandbox Escape

Adobe announced security updates for Reader and Acrobat that likely include patches for a sandbox escape vulnerability. Googles Project Zero released details and exploit code earlier this week.

http://threatpost.com/upcoming-adobe-reader-acrobat-update-to-patch-sandbox-escape/109738


Weekly Metasploit Wrapup: On Unicorns and Wizards

This week, we shipped a brand new exploit for the "unicorn" bug in Microsoft Internet Explorer, CVE-2014-6332, not-so-prosaically entitled, Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution. This is a big deal client-side vulnerability for the usual reason that Internet Explorer 11 accounts for about a quarter of browser traffic today; nearly always, remote code execution bugs in latest IE are usually particularly dangerous to leave unpatched in your environment. The buzz around this bug, though, is that it's been exploitable...

https://community.rapid7.com/community/metasploit/blog/2014/12/04/weekly-metasploit-wrapup


Schwachstelle: Yosemite schreibt Firefox-Eingaben mit

Unter Mac OS X 10.10 werden sämtliche Eingaben im Browser Firefox protokolliert. Mozilla spricht von einer schweren Schwachstelle, die in der aktuellen Version des Browsers geschlossen ist. Die Protokolldateien sind allgemein zugänglich und sollten gelöscht werden.

http://www.golem.de/news/schwachstelle-yosemite-schreibt-firefox-eingaben-mit-1412-110995-rss.html


Demo-Exploit für kritische Kerberos-Lücke in Windows Server

Höchste Zeit zu patchen: Mit dem Python Kerberos Exploitation Kit können sich Angreifer sonst zum Enterprise-Admin machen.

http://www.heise.de/security/meldung/Demo-Exploit-fuer-kritische-Kerberos-Luecke-in-Windows-Server-2481872.html


ZDI-14-403: (0Day) Microsoft Internet Explorer display:run-in Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

http://www.zerodayinitiative.com/advisories/ZDI-14-403/


ZDI: (0Day) 3S Pocketnet Tech VMS PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 multiple Vulnerabilities

http://www.zerodayinitiative.com/advisories/ZDI-14-393 http://www.zerodayinitiative.com/advisories/ZDI-14-394 http://www.zerodayinitiative.com/advisories/ZDI-14-395 http://www.zerodayinitiative.com/advisories/ZDI-14-396 http://www.zerodayinitiative.com/advisories/ZDI-14-397


DSA-3090 iceweasel - security update

Multiple security issues have been found in Iceweasel, Debians versionof the Mozilla Firefox web browser: Multiple memory safety errors, bufferoverflows, use-after-frees and other implementation errors may lead tothe execution of arbitrary code, the bypass of security restrictions ordenial of service.

https://www.debian.org/security/2014/dsa-3090


Security Advisory: libxml2 vulnerability CVE-2014-3660

(SOL15872)

https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15872.html?ref=rss


Novell Patches and Security Updates

https://download.novell.com/Download?buildid=gV_oiDtqRV0~ https://download.novell.com/Download?buildid=vPrLP1Ai9zY~ https://download.novell.com/Download?buildid=GuVaYIx6DDo~ https://download.novell.com/Download?buildid=lHQCbRDbSMI~ https://download.novell.com/Download?buildid=Tlic28DXD3o~ https://download.novell.com/Download?buildid=zhVqTr2nsdg~


MediaWiki Bugs Permit Cross-Site Request Forgery and API Code Injection Attacks

http://www.securitytracker.com/id/1031301


Security Advisories for VMware vSphere

http://www.vmware.com/security/advisories/VMSA-2014-0012.html http://www.vmware.com/security/advisories/VMSA-2014-0008.html http://www.vmware.com/security/advisories/VMSA-2014-0002.html


HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities

Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04517477


HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information

A potential security vulnerability has been identified with HP Insight Remote Support Clients running SSLv3 which may impact WBEM, WS-MAN and WMI connections from monitored devices to a HP Insight Remote Support Central Management Server (CMS).

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04510081 Next End-of-Shift report on 2014-12-09