From security em unicamp.br Wed Dec 9 16:02:59 2009 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 9 Dec 2009 16:02:59 -0200 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA09-342A -- Microsoft Updates for Multiple Vulnerabilities Message-ID: <20091209180258.GB38784@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA09-342A -- Microsoft Updates for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 8 Dec 2009 17:05:52 -0500 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA09-342A Microsoft Updates for Multiple Vulnerabilities Original release date: Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows and Windows Server * Microsoft Internet Explorer * Microsoft Office Word, Works, and Project Overview Microsoft has released updates to address vulnerabilities in Microsoft Windows, Windows Server, Internet Explorer, and Microsoft Office. I. Description Microsoft has released multiple security bulletins for critical vulnerabilities in Microsoft Windows, Windows Server, Internet Explorer, and Microsoft Office. These bulletins are described in the Microsoft Security Bulletin Summary for December 2009. II. Impact A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for December 2009. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * Microsoft Security Bulletin Summary for December 2009 - * Windows Server Update Services (WSUS) - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA09-342A Feedback VU#115525" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History December 08, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSx7FNducaIvSvh1ZAQKrSAf8D8VDLEKQBRKIS4HDvfXLQfvtmmhvZTZ5 cO31zoBN7dJ6XlYriGWrRfcNYOgI0p/0U4JHwNpejTp7EbzQn/hfsrlGidPl+1fo RP7vfE1SFeQkPi4XXmmvn7wY+Nwe7N/7hq1WSyjB+DMyyq+9zLs5d5AgoK9FuLsi 2N8Nt3T0SvYtnf2JMKDV3ktMqac0eTcZaxKu27111U3Vfl2ztBbIvugiq6546+XN DyA6GXntz974ucGb6HE/bWYQv3ylwZuG6FEUsP/bapS0tGVbyrkWezfK7TTAjIdj YnAUTiQVTmVAoq47jfGDC9jLzUTqK1E+3DAg7rX+Rbqx4weKfq4KyQ== =4OZK -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Thu Dec 10 10:18:41 2009 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 10 Dec 2009 10:18:41 -0200 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA09-343A -- Adobe Flash Vulnerabilities Affect Flash Player and Adobe AIR Message-ID: <20091210121841.GA45656@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA09-343A -- Adobe Flash Vulnerabilities Affect Flash Player and Adobe AIR To: technical-alerts em us-cert.gov Date: Wed, 9 Dec 2009 14:08:33 -0500 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA09-343A Adobe Flash Vulnerabilities Affect Flash Player and Adobe AIR Original release date: Last revised: -- Source: US-CERT Systems Affected * Adobe Flash Player 10.0.32.18 and earlier versions * Adobe AIR 1.5.2 and earlier versions Overview Adobe has released Security Bulletin APSB09-19, which describes vulnerabilities affecting Adobe Flash Player and Adobe AIR. I. Description Adobe Security Bulletin APSB09-19 describes vulnerabilities affecting Adobe Flash Player and Adobe AIR. Flash Player version 10.0.32.18 and earlier versions as well as Adobe AIR versions 1.5.2 and earlier are affected. An attacker could exploit this vulnerability by convincing a user to visit a website that hosts a specially crafted SWF file. The Adobe Flash browser plugin is available for multiple web browsers and operating systems, any of which could be affected. II. Impact This vulnerability allows a remote attacker to execute arbitrary code as the result of a user viewing a web page. III. Solution Users are encouraged to update Flash Player 10.0.32.18 and earlier versions as well as Adobe AIR 1.5.2 and earlier versions to the latest version. These vulnerabilities can be mitigated by disabling the Flash plugin or by using the NoScript extension for Mozilla Firefox or SeaMonkey to whitelist websites that can access the Flash plugin. For more information about securely configuring web browsers, please see the Securing Your Web Browser document. IV. References * Adobe Security Bulletin APSB09-19 - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA09-343A Feedback VU#392637" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History December 09, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSx/yqtucaIvSvh1ZAQIqGwf+Ne0xmfPFETwdMHKUWtGxkHEcwFSH7p5r eG3hm+Crz/chctWpsXBBQPzDtOMkNwLfkNq+/CatxY0MAl+2GCxCo2hhtznfTM5H dYjw3Yu/Kj0lFfB6sfOJDVG42G8Etq6/b7IfSjt4eq2tUNAEhMlAwY/YXRMq9J1L QCiu0MksEUJnmCeUmyU85xJSHhBTZpQ1O6628WjMWjAioOUFXFJw6WO0xlwqHbx3 EVk+budrlmHdW9IuhGvlfvGw9gqsbb8brR/dKe8HIwFcicYwMXuYN21+qPMlY806 AC7PbrTHaZN8DqgU9RV39aHDNE9oOmsassMQsNEVwaPAA45lGvH4qQ== =+S2G -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Mon Dec 14 11:12:15 2009 From: security em unicamp.br (CSIRT - UNICAMP) Date: Mon, 14 Dec 2009 11:12:15 -0200 Subject: [SECURITY-L] CAIS-Alerta: Resumo dos Boletins de Segurana Microsoft - Dezembro 2009 Message-ID: <20091214131214.GA68527@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Resumo dos Boletins de Segurança Microsoft - Dezembro 2009 To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Thu, 10 Dec 2009 15:57:12 -0200 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, A Microsoft publicou 6 boletins de segurança em 8 de Dezembro, que abordam ao todo 12 vulnerabilidades em produtos da empresa. A exploração destas vulnerabilidades permite desde a execução remota de código até a negação de serviço (DoS). No momento da publicação deste resumo há informações sobre a códigos maliciosos (exploits) disponíveis publicamente que exploram as vulnerabilidades dos boletins MS09-072 (Internet Explorer). SEVERIDADE . Crítica - MS09-071: Vulnerabilidades no Internet Authentication Service Vulnerabilidades que permitem a execução remota de código - MS09-072: Vulnerabilidades no Internet Explorer Atualização acumulativa - MS09-074: Vulnerabilidade no Microsoft Office Project Vulnerabilidade que permite a execução remota de código . Importante - MS09-069: Vulnerabilidade no Local Security Authority Subsystem Service Vulnerabilidade que permite que se cause negação de serviço (DoS) - MS09-070: Vulnerabilidades no Active Directory Federation Services Vulnerabilidades que permitem a execução remota de código - MS09-073: Vulnerabilidade no WordPad e Office Text Converters Vulnerabilidade que permite a execução remota de código . Moderada - Nenhum boletim . Baixa - Nenhum boletim O sistema de classificação de severidade das vulnerabilidades adotado pelo CAIS neste resumo é o da própria Microsoft. O CAIS recomenda que se aplique, minimamente, as correções para vulnerabilidades classificadas como crítica e importante. No caso de correções para vulnerabilidades classificadas como moderadas o CAIS recomenda que ao menos as recomendações de mitigação sejam seguidas. . Crítica - Vulnerabilidades cuja exploração possa permitir a propagação de um worm sem a necessidade de interação com o usuário. . Importante - Vulnerabilidades cuja exploração possa resultar no comprometimento de confidencialidade, integridade ou disponibilidade de dados de usuários ou a integridade ou disponibilidade de recursos de processamento. . Moderada - exploração é mitigada significativamente por fatores como configuração padrão, auditoria ou dificuldade de exploração. . Baixa - uma vulnerabilidade cuja exploração seja extremamente difícil ou cujo impacto seja mínimo. CORREÇÕES DISPONÍVEIS Recomenda-se atualizar os sistemas para as versões disponíveis em: . Microsoft Update https://www.update.microsoft.com/microsoftupdate/ . Windows Server Update Services http://www.microsoft.com/windowsserversystem/updateservices/default.mspx MAIS INFORMAÇÕES . Microsoft Security Bulletin Summary for December 2009 http://www.microsoft.com/technet/security/Bulletin/MS09-dec.mspx . SANS ISC Handler's Diary 2009-12-08: December 2009 Black Tuesday Overview http://isc.sans.org/diary.html?storyid=7711 . MS09-069: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392) http://www.microsoft.com/technet/security/Bulletin/MS09-069.mspx . MS09-070: Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726) http://www.microsoft.com/technet/security/Bulletin/MS09-070.mspx . MS09-071: Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318) http://www.microsoft.com/technet/security/Bulletin/MS09-071.mspx . MS09-072: Cumulative Security Update for Internet Explorer (976325) http://www.microsoft.com/technet/security/Bulletin/MS09-072.mspx . MS09-073: Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539) http://www.microsoft.com/technet/security/Bulletin/MS09-073.mspx . MS09-074: Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183) http://www.microsoft.com/technet/security/Bulletin/MS09-074.mspx . Microsoft TechCenter de Segurança http://technet.microsoft.com/pt-br/security/ . Microsoft Security Response Center - MSRC http://www.microsoft.com/security/msrc/ . Microsoft Security Research & Defense - MSRD http://blogs.technet.com/srd/ . Segurança Microsoft http://www.microsoft.com/brasil/security/ Identificador CVE (http://cve.mitre.org): CVE-2009-0102, CVE-2009-2493, CVE-2009-2505, CVE-2009-2506, CVE-2009-2508, CVE-2009-2509, CVE-2009-3671, CVE-2009-3672, CVE-2009-3673, CVE-2009-3674, CVE-2009-3675, CVE-2009-3677 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as últimas versões e correções oferecidas pelos fabricantes. Os Alertas do CAIS também são oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBSyE2hOkli63F4U8VAQFsoAQAlh1a+0PM829l7nsA1Vo5nLegRCgSSfxJ KZ0h/5KpdP2N73ftC5EWVIHNjSIqqz/HLUDy3tEdwpo314kRthxAmDLN/OGpXI5L Bgbe0UJKaykJBLdlhs1bgKUdhboyyK6HzhS8NQBO8Bc7IgRnNHpfxEyBAT5q/PZU ESzfJ2isu0s= =olAh -----END PGP SIGNATURE----- ----- End forwarded message -----