End-of-Shift report
Timeframe: Dienstag 08-04-2014 18:00 − Mittwoch 09-04-2014 18:00
Handler: Robert Waldner
Co-Handler: n/a
Security updates available for Adobe Flash Player (APSB14-09)
A Security Bulletin (APSB14-09) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin.
http://blogs.adobe.com/psirt/?p=1081
Assessing risk for the April 2014 security updates
Today we released four security bulletins addressing 11 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other two have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
http://blogs.technet.com/b/srd/archive/2014/04/08/assessing-risk-for-the-april-2014-security-updates.aspx
Summary for April 2014 - Version: 1.0
* Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution
* Cumulative Security Update for Internet Explorer
* Vulnerability in Windows File Handling Component Could Allow Remote Code Execution
* Vulnerability in Microsoft Publisher Could Allow Remote Code Execution
http://technet.microsoft.com/en-ca/security/bulletin/ms14-apr
WordPress 3.8.2 Security Release
WordPress 3.8.2 is now available. This is an important security release for all previous versions and we strongly encourage you to update your sites immediately.
This releases fixes a weakness that could let an attacker force their way into your site by forging authentication cookies
http://wordpress.org/news/2014/04/wordpress-3-8-2/
OSISoft PI Interface for DNP3 Improper Input Validation
OVERVIEWAdam Crain of Automatak and Chris Sistrunk, Sr. Consultant for Mandiant, have identified an improper input validation vulnerability in the OSIsoft PI Interface for DNP3 product. OSIsoft has produced an update that mitigates this vulnerability. OSIsoft and Automatak have tested the new version to validate that it resolves the vulnerabilityThis vulnerability can be remotely exploited.
http://ics-cert.us-cert.gov/advisories/ICSA-14-098-01
WellinTech KingSCADA Stack-Based Buffer Overflow
An anonymous researcher working with HP’s Zero Day Initiative has identified a stack-based buffer overflow in the WellinTech KingSCADA Stack. WellinTech has produced a patch that mitigates this vulnerability.This vulnerability could be exploited remotely.
http://ics-cert.us-cert.gov/advisories/ICSA-14-098-02
OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
The April 2014 Security Updates
Today, we release four bulletins to address 11 CVEs in Microsoft Windows, Internet Explorer and Microsoft Office.
http://blogs.technet.com/b/msrc/archive/2014/04/08/the-april-2014-security-updates.aspx
Heartbleed SSL-GAU: Neue Zertifikate braucht das Land
Ein simples Update reicht nicht: Nach der OpenSSL-Lücke müssen Serverbetreiber Zertifikate austauschen. Bei manchen CAs geht das kostenlos, andere Zertifikats-Anbieter und Hoster belassen es bei Warnungen.
http://www.heise.de/newsticker/meldung/Heartbleed-SSL-GAU-Neue-Zertifikate-braucht-das-Land-2166639.html/from/rss09?wt_mc=rss.ho.beitrag.rdf
Juniper SSL VPN (IVEOS) OpenSSL TLS Heartbeat Information Disclosure Vulnerability
Juniper has acknowledged a vulnerability in Juniper SSL VPN (IVEOS), which can be exploited by malicious people to disclose potentially sensitive information.
https://secunia.com/advisories/57758
Bugtraq: CVE-2014-0160 mitigation using iptables
Following up on the CVE-2014-0160 vulnerability, heartbleed. We've created some iptables rules to block all heartbeat queries using the very powerful u32 module.
The rules allow you to mitigate systems that can't yet be patched by blocking ALL the heartbeat handshakes. We also like the capability to log external scanners :)
http://www.securityfocus.com/archive/1/531779
Heartbleed vendor notifications, (Wed, Apr 9th)
As people are running around having an entertaining day we thought it might be a good idea to keep track of the various vendor notifications. Id like to start a list here and either via comments or sending it let us know of vendor notifications relating to this issue. Please provide comments to the original article relating to the vulnerability itself, and use this post to only provide links to vendor notifications rather than articles etc about the issue.
http://isc.sans.edu/diary.html?storyid=17929&rss
Bugtraq: SQL Injection in Orbit Open Ad Server
High-Tech Bridge Security Research Lab discovered vulnerability in Orbit Open Ad Server, which can be exploited to perform SQL Injection attacks, alter SQL requests to database of vulnerable application and potentially gain control over the vulnerable website.
http://www.securityfocus.com/archive/1/531781
Office für Mac: Update stopft kritische Lücke
Mit einer neuen OS-X-Version von Office 2011 hat Microsoft die RTF-Schwachstelle in Word beseitigt. Die Aktualisierung soll verschiedene Probleme in Outlook, Excel und Word beheben.
http://www.heise.de/security/meldung/Office-fuer-Mac-Update-stopft-kritische-Luecke-2166963.html
Sophos Web Appliance Security Bypass Vulnerability
A vulnerability has been reported in Sophos Web Appliance, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to an unspecified error related to the "Change Password" dialog box and can be exploited to change the administrative password.
https://secunia.com/advisories/57706
Security Notice-Statement on OpenSSL Heartbeat Extension Vulnerability
Huawei has noticed information regarding OpenSSL heartbeat extension security vulnerability and immediately launched a thorough investigation.
The investigation is still ongoing. Huawei PSIRT will keep updating the SN and will provide conclusions as soon as possible. Please stay tuned.
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-331856.htm