* You are viewing the archive for September, 2010

Cisco Announces Several Vulnerabilities

Cisco has released details on several vulnerabilites today. Details are in the link below. Exploits exists for at least one of these despite the fact that the announcement below says that there are no known exploits.References:http://www.cisco.com/warp/public/707/cisco-sa-20100922-igmp.shtmlhttp://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtmlhttp://www.cisco.com/warp/public/707/cisco-sa-20100922-sslvpn.shtmlhttp://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtmlhttp://www.cisco.com/warp/public/707/cisco-sa-20100922-h323.shtmlhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtmlemail: david @ sharpesecurity.com website: www.sharpesecurity.comTwitter: twitter.com/sharpesecurity

Share

MANDIANT Memoryze 1.4.2900 Released

Jamie Butler and friends at MANDIANT have released Memoryze 1.4.2900. This new version supports Windows 7 32- and 64-bit and Windows Server 2008 64-bit. Despite how well the Volatility Framework works with Windows XP, I am fairly certain it has now been firmly relegated to third place behind HBGary Responder and MANDIANT Memoryze in the Windows RAM dump analysis space.References:http://blog.mandiant.com/archives/1459email: david @ sharpesecurity.com website: www.sharpesecurity.comTwitter: twitter.com/sharpesecurity

Share

Adobe Flash Player 10.1.85.3 Released

Adobe has released versions 10.1.85.3 of their Flash player product for Windows, Apple Mac, Solaris, and Linux. This new version contains a security-related update that addresses a vulnerability that is being actively exploited in the wild.References:http://www.adobe.com/support/security/bulletins/apsb10-22.htmlemail: david @ sharpesecurity.com website: www.sharpesecurity.comTwitter: twitter.com/sharpesecurity

Share

Google Chrome 6.0.472.62 Released

Google Chrome 6.0.472.62 has been released for Windows, Mac, and Linux. The update includes fixes for 3 vulnerabilities, all 3 of which are classified as high or critical.References:http://sites.google.com/a/chromium.org/dev/Home/chromium-securityhttp://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=haemail: david @ sharpesecurity.com website: www.sharpesecurity.comTwitter: twitter.com/sharpesecurity

Share

Samba 3.5.5 Released – Contains Important Security Fix

Samba 3.5.5 has been released. This release contains an important security fix for a remotely exploitable buffer overrun issue. Details are in the links below.

UPDATE 09 Nov 2010 – The latest available version of Samba is now 3.5.6.

References:
http://www.samba.org/samba/history/security.html
http://www.samba.org/samba/history/samba-3.5.5.html
http://www.samba.org/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Share

IBM DB2 9.7 Fixpack 3 Released

IBM has released IBM DB2 9.7 Fixpack 3. This contains a number of important security-related fixes. For more detail, please refer to the links below.References:http://www-01.ibm.com/support/docview.wss?uid=swg1IC68015http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406http://www-01.ibm.com/support/docview.wss?uid=swg21446455email: david @ sharpesecurity.com website: www.sharpesecurity.comTwitter: twitter.com/sharpesecurity

Share

Apple Quicktime Player 7.6.8 Released

Apple has released version 7.6.8 of their Quicktime Player for Windows. This version contains security fixes as described in the first link below, including a fix to address the remotely exploitable “_Marshaled_pUnk” vulnerability (for which publicly available exploit code exists).References:http://support.apple.com/kb/HT4339email: david @ sharpesecurity.com website: www.sharpesecurity.comTwitter: twitter.com/sharpesecurity

Share

Google Chrome 6.0.472.59 Released

Google Chrome 6.0.472.59 has been released for Windows, Mac, and Linux. The update includes fixes for 10 vulnerabilities, 6 of which are classified as critical.References:http://sites.google.com/a/chromium.org/dev/Home/chromium-securityhttp://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=haemail: david @ sharpesecurity.com website: www.sharpesecurity.comTwitter: twitter.com/sharpesecurity

Share

Recent VBmania Mass Mailer Malware Deleted the Windows Automatic Updates Service

It looks like the recent VBmania (“Here You Have” and “Just for You”) mass mailer malware deleted the Automatic Updates service from infected machines. Microsoft Automatic Updates, WSUS, and SCCM-integrated WSUS need the Automatic Updates service working to successfully install monthly Microsoft patches and other updates.It looks like reinstalling the Automatic Updates service fixes the damage on affected machines.  Your antivirus tool won’t restore this broken configuration for you.  You will need to do that as a follow up activity after the initial infections have been removed.A quick way to tell if a machine lost its Automatic Updates … Continue Reading

Share

Cisco Patches Vulns for Several Wireless LAN Controllers

Cisco lists the following devices as all being affected by at least one of the vulnerabilities. These devices are commonly found in enterprise environments, so it is likely you need to take action if you are a Cisco shop.Cisco 2000 Series WLCsCisco 2100 Series WLCsCisco 4100 Series WLCsCisco 4400 Series WLCsCisco 5500 Series WLCsCisco Wireless Services Modules (WiSMs)Cisco WLC Modules for Integrated Services Routers (ISRs)Cisco Catalyst 3750G Integrated WLCsReferences:http://cisco.com/warp/public/707/cisco-sa-20100908-wlc.shtmlemail: david @ sharpesecurity.com website: … Continue Reading

Share

Apple iOS 4.1 Released for iPhone and iPod Touch

Apple has released iOS version 4.1. This version includes several security fixes (see link below) alongside many feature updates. References:http://support.apple.com/kb/HT4334email: david @ sharpesecurity.com website: www.sharpesecurity.comTwitter: twitter.com/sharpesecurity

Share

Apple Safari 5.0.2 and 4.1.2 Released

Apple has released security updates and other bugfixes for the Apple Safari 4.1 and 5.0 browser platforms. The latest versions are 5.0.2 and 4.1.2. Some of these security bugs are remotely exploitable according to Apple’s release notes (below).References:http://support.apple.com/kb/HT4333email: david @ sharpesecurity.com website: www.sharpesecurity.comTwitter: twitter.com/sharpesecurity

Share

Firefox 3.6.9 Released

Mozilla has released Firefox 3.6.9 This version contains security fixes according to the release notes (below). Firefox 3.5.12 was released as well for those not wanting to move to 3.6.x.References:https://wiki.mozilla.org/Releases/Firefox_3.6.9https://wiki.mozilla.org/Releases/Firefox_3.5.12email: david @ sharpesecurity.com website: www.sharpesecurity.comTwitter: twitter.com/sharpesecurity

Share

New Security Update in Apple iTunes 10 Released

Apple has released iTunes version 10 (10.0.0.68) for Windows. This release includes several security updates – all in WebKit.References:http://support.apple.com/kb/HT4328email: david @ sharpesecurity.com website: www.sharpesecurity.comTwitter: twitter.com/sharpesecurity

Share

Google Chrome 6.0.472.53 Released

Google Chrome 6.0.472.53 has been released for Windows, Mac, and Linux. The update includes fixes for 14 vulnerabilities, 7 of which are classified as critical.References:http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.htmlhttp://sites.google.com/a/chromium.org/dev/Home/chromium-securityemail: david @ sharpesecurity.com website: www.sharpesecurity.comTwitter: twitter.com/sharpesecurity

Share