From security em unicamp.br Wed Apr 15 09:56:15 2009 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 15 Apr 2009 09:56:15 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA09-104A -- Microsoft Updates for Multiple Vulnerabilities Message-ID: <20090415125614.GB32921@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA09-104A -- Microsoft Updates for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 14 Apr 2009 15:44:19 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA09-104A Microsoft Updates for Multiple Vulnerabilities Original release date: April 14, 2009 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Office * Microsoft Windows Server * Microsoft ISA Server Overview Microsoft has released updates that address vulnerabilities in Microsoft Windows, Office, Windows Server, and ISA Server. I. Description As part of the Microsoft Security Bulletin Summary for April 2009, Microsoft released updates to address vulnerabilities that affect Microsoft Windows, Office, Windows Server, and ISA Server. II. Impact A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash. III. Solution Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for April 2009. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * Microsoft Security Bulletin Summary for April 2009 - * Microsoft Windows Server Update Services - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA09-104A Feedback VU#999892" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History April 14, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSeTi+XIHljM+H4irAQIIWQf/TWAkmQKay9j5fDLBcyMGJ3icTpG05Zp2 rM8UXMjKohKcDBhY1K9mxKxif5L81+y87PlBz/WTl3icn+57wAGMl/pAAeTz3Hp3 T98eKMXfzvVU57WDGGxy+4Ad57DIIF5hRkiGusDjnNJfd5kdH7q+8rPjPCUvtYAu H+0auzCpmob7NsIv/YuRXIHekkLiX5GPanhecy+mve1cvbSpXGKF9vf7LEGaFEsT 1XOtTeY0r4TjZEk/c5ahKqGehJINujvv4eVdiajqDOCVecaALi+p+XwMSLtlJvgK Vaa/ioPIFq8nNUz7eefVSadsary2RfmKegDwmg8FZX/UOso+tQ21KQ== =q59/ -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Apr 15 09:56:40 2009 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 15 Apr 2009 09:56:40 -0300 Subject: [SECURITY-L] CAIS-Alerta: Resumo dos Boletins de Seguranca Microsoft - Abril 2009 Message-ID: <20090415125639.GC32921@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Resumo dos Boletins de Seguranca Microsoft - Abril 2009 To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 14 Apr 2009 17:09:38 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, A Microsoft publicou 8 boletins de seguranca em 14 de abril, que abordam ao todo 21 vulnerabilidades que afetam produtos Microsoft. Estas vulnerabilidades permitem desde a elevacao de privilegios de um determinado usuario ate' a execucao remota de codigo. No momento da publicação deste resumo ha' exploracao de uma das vulnerabilidades do boletim MS09-009 (CVE-2009-0238). Esta vulnerabilidade, que afeta o Microsoft Excel, tem sido explorada ha' mais de 1 mes em ataques direcionados. SEVERIDADE . Critica - MS09-009: Vulnerabilidades no Microsoft Office Excel Um atacante que explore com sucesso estas vulnerabilidades pode obter controle total sobre um sistema afetado. - MS09-010: Vulnerabilidades no WordPad and Office Text Converters As vulnerabilidades permitem a execucao remota de codigo se um arquivo preparado pelo atacante para explorar as vulnerabilidades e' aberto. - MS09-011: Vulnerabilidade no Microsoft DirectShow Um atacante que explore com sucesso esta vulnerabilidade pode obter controle total sobre um sistema afetado. - MS09-013: Vulnerabilidades no Windows HTTP Services A vulnerabilidade mais severa permite a execucao remota de codigo. - MS09-014: Vulnerabilidades no Internet Explorer As vulnerabilidades permitem a execucao remota de codigo se um arquivo preparado para explorar as vulnerabilidades e' visualizado. . Importante - MS09-012: Vulnerabilidades no Windows As vulnerabilidades permitem a elevacao de privilegio de um usuario do sistema se um arquivo preparado para explorar uma das vulnerabilidades e' aberto. Um atacante que explore com sucesso estas vulnerabilidades pode obter controle total sobre um sistema afetado. - MS09-016: Vulnerabilidades no Microsoft ISA Server e Forefront Threat Management Gateway Estas vulnerabilidades permitem negacao de servico se um atacante envia pacotes de rede especialmente preparados para o sistema afetado, ou divulgacao de informacoes se um usuario clica em um URL malicioso ou visita um website com conteudo controlado pelo atacante. . Moderada - MS09-015: Vulnerabilidade no SearchPath Esta vulnerabilidade permite a elevacao de privilegio se um usuario realiza download de um arquivo preparado pelo atacante. . Baixa - Nenhum boletim O sistema de classificacao de severidade das vulnerabilidades adotado pelo CAIS neste resumo e' o da propria Microsoft. O CAIS recomenda que se aplique, minimamente, as correcoes para vulnerabilidades classificadas como Criticas e Importantes. No caso de correcoes para vulnerabilidades classificadas como Moderadas o CAIS recomenda que ao menos as recomendacoes de mitigacao sejam seguidas. . Critica - Vulnerabilidades cuja exploracao possa permitir a propagacao de um worm sem a necessidade de interacao com o usuario. . Importante - Vulnerabilidades cuja exploracao pode resultar no comprometimento de confidencialidade, integridade ou disponibilidade de dados de usuarios ou a integridade ou disponibilidade de recursos de processamento. . Moderada - exploracao e' mitigada significativamente por fatores como configuracao padrao, auditoria ou dificuldade de exploracao. . Baixa - uma vulnerabilidade cuja exploracao seja extremamente dificil ou cujo impacto seja minimo. CORRECOES DISPONIVEIS Recomenda-se fazer a atualizacao para as versoes disponiveis em: . Microsoft Update https://www.update.microsoft.com/microsoftupdate/ . Windows Server Update Services http://www.microsoft.com/windowsserversystem/updateservices/default.mspx MAIS INFORMACOES . Microsoft Security Bulletin Summary for April 2009 http://www.microsoft.com/technet/security/bulletin/ms09-apr.mspx . SANS ISC Handler's Diary 2009-04-14: April Black Tuesday Overview http://isc.sans.org/diary.html?storyid=6193 . MS09-009 - Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) http://www.microsoft.com/technet/security/bulletin/MS09-009.mspx . MS09-010 - Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx . MS09-011 - Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373) http://www.microsoft.com/technet/security/Bulletin/MS09-011.mspx . MS09-012 - Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) http://www.microsoft.com/technet/security/Bulletin/MS09-012.mspx . MS09-013 - Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) http://www.microsoft.com/technet/security/bulletin/MS09-013.mspx . MS09-014 - Cumulative Security Update for Internet Explorer (963027) http://www.microsoft.com/technet/security/Bulletin/MS09-014.mspx . MS09-015 - Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426) http://www.microsoft.com/technet/security/Bulletin/MS09-015.mspx . MS09-016 - Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759) http://www.microsoft.com/technet/security/bulletin/MS09-016.mspx . Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (968272) http://www.microsoft.com/technet/security/advisory/968272.mspx . Microsoft Security Vulnerability Research & Defense http://blogs.technet.com/swi/ . Microsoft Brasil Security http://www.microsoft.com/brasil/security . Technet Brasil - Central de Seguranca http://www.technetbrasil.com.br/seguranca . Windows Live OneCare http://safety.live.com/site/pt-BR/default.htm Identificador CVE (http://cve.mitre.org): CVE-2008-1436, CVE-2008-4841, CVE-2008-2540, CVE-2009-0077, CVE-2009-0078, CVE-2009-0079, CVE-2009-0080, CVE-2009-0084, CVE-2009-0086, CVE-2009-0087, CVE-2009-0088, CVE-2009-0089, CVE-2009-0100, CVE-2009-0235, CVE-2009-0237, CVE-2009-0238, CVE-2009-0550, CVE-2009-0551, CVE-2009-0552, CVE-2009-0553, CVE-2009-0554 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ultimas versoes e correcoes oferecidas pelos fabricantes. Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBSeTtlekli63F4U8VAQEZ5gP/Xpxm47NNXxb/aIDtmTFVC/znKuOB816r lboGQNOJVq4xsw00nCDMudAJCEJ7WCnszyhqHm/w+osa3CEVQBq79x/1EP8R3QwK zRWo09L5EbQg1x+CqnVHOPm/3ipp8nJmQtnRAapCGfXARYXPqvDf4GOmt1FCPhNO kq6cTmdPAsk= =tCSx -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Thu Apr 16 10:15:41 2009 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 16 Apr 2009 10:15:41 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA09-105A -- Oracle Updates for Multiple Vulnerabilities Message-ID: <20090416131540.GC33414@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA09-105A -- Oracle Updates for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Wed, 15 Apr 2009 15:42:42 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA09-105A Oracle Updates for Multiple Vulnerabilities Original release date: April 15, 2009 Last revised: -- Source: US-CERT Systems Affected * Oracle Database 11g, version 11.1.0.6, 11.1.0.7 * Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4 * Oracle Database 10g, version 10.1.0.5 * Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV * Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 * Oracle Outside In SDK HTML Export 8.2.2, 8.3.0 * Oracle XML Publisher 5.6.2, 10.1.3.2, 10.1.3.2.1 * Oracle BI Publisher 10.1.3.3.0 10.1.3.3.1, 10.1.3.3.2, 10.1.3.3.3, 10.1.3.4 * Oracle E-Business Suite Release 12, version 12.0.6 * Oracle E-Business Suite Release 11i, version 11.5.10.2 * PeopleSoft Enterprise PeopleTools versions: 8.49 * PeopleSoft Enterprise HRMS versions: 8.9 and 9.0 * Oracle WebLogic Server 10.3 * Oracle WebLogic Server 9.0 GA, 9.1 GA, 9.2 through 9.2 MP3 * Oracle WebLogic Server 8.1 through 8.1 SP6 * Oracle WebLogic Server 7.0 through 7.0 SP7 * Oracle WebLogic Portal 8.1 through 8.1 SP6 * Oracle Data Service Integrator 10.3.0 and Oracle AquaLogic Data Services Platform (formerly BEA ALDSP) 3.2, 3.0.1, 3.0 * Oracle JRockit (formerly BEA JRockit) R27.6.2 and earlier (JDK/JRE 6, 5, 1.4.2) Overview Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service. I. Description The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability. Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database. II. Impact The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information. III. Solution Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed. IV. References * Oracle Critical Patch Update Advisory - April 2009 - * Critical Patch Updates and Security Alerts - * Map of Public Vulnerability to Advisory/Alert - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA09-105A Feedback VU#955892" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History April 15, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- ----- End forwarded message -----