End-of-Shift report
Timeframe: Donnerstag 04-12-2014 18:00 − Freitag 05-12-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
MS14-DEC - Microsoft Security Bulletin Advance Notification for December 2014 - Version: 1.0
This is an advance notification of security bulletins that Microsoft is intending to release on December 9, 2014.
This bulletin advance notification will be replaced with the December bulletin summary on December 9, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
https://technet.microsoft.com/en-us/library/security/MS14-DEC
Missing Exchange Patch Expected Among December Patch Tuesday Bulletins
Microsofts December 2014 advanced Patch Tuesday notification includes three critical bulletins and a missing Exchange patch originally scheduled for November.
http://threatpost.com/missing-exchange-patch-expected-among-december-patch-tuesday-bulletins/109722
Details Emerge on Sony Wiper Malware Destover
Kaspersky Lab has published an analysis of Destover, the wiper malware used in the attacks against Sony Pictures Entertainment, and its similarities to Shamoon and DarkSeoul.
http://threatpost.com/details-emerge-on-sony-wiper-malware-destover/109727
Upcoming Security Updates for Adobe Reader and Acrobat (APSB14-28)
December 4, 2014
http://blogs.adobe.com/psirt/?p=1147
Upcoming Adobe Reader, Acrobat Update to Patch Sandbox Escape
Adobe announced security updates for Reader and Acrobat that likely include patches for a sandbox escape vulnerability. Googles Project Zero released details and exploit code earlier this week.
http://threatpost.com/upcoming-adobe-reader-acrobat-update-to-patch-sandbox-escape/109738
Weekly Metasploit Wrapup: On Unicorns and Wizards
This week, we shipped a brand new exploit for the "unicorn" bug in Microsoft Internet Explorer, CVE-2014-6332, not-so-prosaically entitled, Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution. This is a big deal client-side vulnerability for the usual reason that Internet Explorer 11 accounts for about a quarter of browser traffic today; nearly always, remote code execution bugs in latest IE are usually particularly dangerous to leave unpatched in your environment. The buzz around this bug, though, is that it's been exploitable...
https://community.rapid7.com/community/metasploit/blog/2014/12/04/weekly-metasploit-wrapup
Schwachstelle: Yosemite schreibt Firefox-Eingaben mit
Unter Mac OS X 10.10 werden sämtliche Eingaben im Browser Firefox protokolliert. Mozilla spricht von einer schweren Schwachstelle, die in der aktuellen Version des Browsers geschlossen ist. Die Protokolldateien sind allgemein zugänglich und sollten gelöscht werden.
http://www.golem.de/news/schwachstelle-yosemite-schreibt-firefox-eingaben-mit-1412-110995-rss.html
Demo-Exploit für kritische Kerberos-Lücke in Windows Server
Höchste Zeit zu patchen: Mit dem Python Kerberos Exploitation Kit können sich Angreifer sonst zum Enterprise-Admin machen.
http://www.heise.de/security/meldung/Demo-Exploit-fuer-kritische-Kerberos-Luecke-in-Windows-Server-2481872.html
ZDI-14-403: (0Day) Microsoft Internet Explorer display:run-in Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
http://www.zerodayinitiative.com/advisories/ZDI-14-403/
ZDI: (0Day) 3S Pocketnet Tech VMS PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 multiple Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-14-393
http://www.zerodayinitiative.com/advisories/ZDI-14-394
http://www.zerodayinitiative.com/advisories/ZDI-14-395
http://www.zerodayinitiative.com/advisories/ZDI-14-396
http://www.zerodayinitiative.com/advisories/ZDI-14-397
DSA-3090 iceweasel - security update
Multiple security issues have been found in Iceweasel, Debians versionof the Mozilla Firefox web browser: Multiple memory safety errors, bufferoverflows, use-after-frees and other implementation errors may lead tothe execution of arbitrary code, the bypass of security restrictions ordenial of service.
https://www.debian.org/security/2014/dsa-3090
Security Advisory: libxml2 vulnerability CVE-2014-3660
(SOL15872)
https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15872.html?ref=rss
Novell Patches and Security Updates
https://download.novell.com/Download?buildid=gV_oiDtqRV0~
https://download.novell.com/Download?buildid=vPrLP1Ai9zY~
https://download.novell.com/Download?buildid=GuVaYIx6DDo~
https://download.novell.com/Download?buildid=lHQCbRDbSMI~
https://download.novell.com/Download?buildid=Tlic28DXD3o~
https://download.novell.com/Download?buildid=zhVqTr2nsdg~
MediaWiki Bugs Permit Cross-Site Request Forgery and API Code Injection Attacks
http://www.securitytracker.com/id/1031301
Security Advisories for VMware vSphere
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://www.vmware.com/security/advisories/VMSA-2014-0008.html
http://www.vmware.com/security/advisories/VMSA-2014-0002.html
HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04517477
HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information
A potential security vulnerability has been identified with HP Insight Remote Support Clients running SSLv3 which may impact WBEM, WS-MAN and WMI connections from monitored devices to a HP Insight Remote Support Central Management Server (CMS).
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04510081
Next End-of-Shift report on 2014-12-09