From security em unicamp.br Wed Apr 11 09:31:51 2012 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 11 Apr 2012 09:31:51 -0300 Subject: [SECURITY-L] [technical-alerts@us-cert.gov: US-CERT Alert TA12-101A -- Microsoft Updates for Multiple Vulnerabilities] Message-ID: <20120411123151.GC93513@unicamp.br> ----- Forwarded message from US-CERT Alerts ----- From: US-CERT Alerts Subject: US-CERT Alert TA12-101A -- Microsoft Updates for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 10 Apr 2012 15:21:14 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System Technical Cyber Security Alert TA12-101A Microsoft Updates for Multiple Vulnerabilities Original release date: April 10, 2012 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Internet Explorer * Microsoft .NET Framework * Microsoft Office * Microsoft Server Software * Microsoft SQL Server * Microsoft Developer Tools * Microsoft Forefront United Access Gateway Overview There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft Server Software, Microsoft SQL Server, Microsoft Developer Tools, and Microsoft Forefront United Access Gateway. Microsoft has released updates to address these vulnerabilities. Description The Microsoft Security Bulletin Summary for April 2012 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for April 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates. References * Microsoft Security Bulletin Summary for April 2012 - * Microsoft Windows Server Update Services - * Microsoft Update - * Microsoft Update Overview - * Turn Automatic Updating On or Off - Revision History April 10, 2012: Initial release ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA12-101A Feedback VU#507275" in the subject. ____________________________________________________________________ Produced by US-CERT, a government organization. ____________________________________________________________________ This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify This document can also be found at http://www.us-cert.gov/cas/techalerts/TA12-101A.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBT4R9vT/GkGVXE7GMAQJ9Kwf+KD4RrpgeT6CAAgILeIFesdYAGWvVBkS2 2HvmfVPJzwddWuPq66BHM+gfHHSIQ7l2zySp7U/pmAzAJ4xmsxg0Jog+R4IfOcDG qRUprowI1Uf6hdSZbsQz2Z3KJgcs3DrT7WxgTmbFVk7ezlkFUO1dn+hcAlmWSRzU nKjZBFOswTQqhrOIHit8BxKewt5vD4qwx37Rm2d8QrVaqohf40ih15ArK+VonU4b MB29KEtcNDKoaCRVBiKj1rgiGuLCVhYoz7aPq3ey4zTnFtqkU4zZR4hv+FaUJ4kO 2UCQzfsnMp3JDY+K68E+AchH0PtYOi2T5Dp3gtqdleaxr+tWOdShRg== =Iv8O -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Apr 11 09:32:59 2012 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 11 Apr 2012 09:32:59 -0300 Subject: [SECURITY-L] [technical-alerts@us-cert.gov: US-CERT Alert TA12-101B -- Adobe Reader and Acrobat Security Updates and Architectural Improvements] Message-ID: <20120411123259.GD93513@unicamp.br> ----- Forwarded message from US-CERT Alerts ----- From: US-CERT Alerts Subject: US-CERT Alert TA12-101B -- Adobe Reader and Acrobat Security Updates and Architectural Improvements To: technical-alerts em us-cert.gov Date: Tue, 10 Apr 2012 19:03:50 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System Technical Cyber Security Alert TA12-101B Adobe Reader and Acrobat Security Updates and Architectural Improvements Original release date: April 10, 2012 Last revised: -- Source: US-CERT Systems Affected * Adobe Reader X (10.1.2) and earlier 10.x versions for Windows and Macintosh * Adobe Reader 9.5 and earlier 9.x versions for Windows, Macintosh, and UNIX * Adobe Acrobat X (10.1.2) and earlier 10.x versions for Windows and Macintosh * Adobe Acrobat 9.5 and earlier 9.x versions for Windows and Macintosh Overview Adobe has released Security Bulletin APSB12-08, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat. As part of this update, Adobe Reader and Acrobat 9.x will use the system-wide Flash Player browser plug-in instead of the Authplay component. In addition, Reader and Acrobat now disable the rendering of 3D content by default. Description Adobe Security Bulletin APSB12-08 describes a number of vulnerabilities affecting Adobe Reader and Acrobat. These vulnerabilities affect Adobe Reader and Acrobat versions 9.x through 9.5, and Reader X and Acrobat X versions prior to 10.1.3. The Adobe ASSET blog provides additional details on new security architecture changes to Adobe Reader and Acrobat. Adobe Reader and Acrobat 9.5.1 will use the Adobe Flash Player plug-in version installed on the users system rather than the Authplay component that ships with Adobe Reader and Acrobat. This change helps limit the number of out-of-date, vulnerable Flash runtimes available to an attacker. Adobe Reader and Acrobat 9.5.1 also now disable rendering of 3D content by default because the 3D rendering components have a history of vulnerabilities. US-CERT recommends that Flash users upgrade to the latest version of Adobe Flash Player and turn on automatic updates. An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. This can happen automatically as the result of viewing a webpage. Impact These vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF file. Solution Update Reader Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB12-08 and update vulnerable versions of Adobe Reader and Acrobat. In addition to updating, please consider the following mitigations. Disable JavaScript in Adobe Reader and Acrobat Disabling JavaScript may prevent some exploits from resulting in code execution. You can disable Acrobat JavaScript using the Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable Acrobat JavaScript). Adobe provides a framework to blacklist specific JavaScipt APIs. If JavaScript must be enabled, this framework may be useful when specific APIs are known to be vulnerable or used in attacks. Prevent Internet Explorer from automatically opening PDF files The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to a safer option that prompts the user by importing the following as a .REG file: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\AcroExch.Document.7] "EditFlags"=hex:00,00,00,00 Disable the display of PDF files in the web browser Preventing PDF files from opening inside a web browser will partially mitigate this vulnerability. Applying this workaround may also mitigate future vulnerabilities. To prevent PDF files from automatically being opened in a web browser, do the following: 1. Open Adobe Acrobat Reader. 2. Open the Edit menu. 3. Choose the Preferences option. 4. Choose the Internet section. 5. Uncheck the "Display PDF in browser" checkbox. Do not access PDF files from untrusted sources Do not open unfamiliar or unexpected PDF files, particularly those hosted on websites or delivered as email attachments. Please see Cyber Security Tip ST04-010. References * Security update available for Adobe Reader and Acrobat - * Adobe Reader and Acrobat JavaScript Blacklist Framework - * Background on Security Bulletin APSB12-08 - * Adobe Flash Player - * Adobe Flash vulnerability affects Flash Player and other Adobe products - * Vulnerability Notes with advice to disable 3D rendering - Revision History April 10, 2012: Initial release ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA12-101B Feedback VU#124663" in the subject. ____________________________________________________________________ Produced by US-CERT, a government organization. ____________________________________________________________________ This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify This document can also be found at http://www.us-cert.gov/cas/techalerts/TA12-101B.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBT4St0z/GkGVXE7GMAQK56gf+N4gfsTH8ssv6GzNqliZtpkgx5MI/Vo71 bx/DERpK2AtQaNk3genyZ1vShMjfKUk7GmVQCeDvcTxhc+yNSSi3hSGyX7FQbl9E 6p9mMLRD9OwJ63xq3fGmydNsgQnUTsjjRxkxC1DdojtlJL3HRsYYBXxguKQaPI1p UiPoMDu5W7LJ/9f+zrMbc4Hf15366YY7XGMmFL68OpwbxOT3aRrfLC/v6FErqHli UUg79tEm8FpemBrIzusqePviNYkci2M3K5fByp9opGrttPhTZAL8ddYJKfCSm+Xg lFs5dAwD0SCI3SQxG5B8RhGgLLCz87O+ifE1Q2UjFAvB6XWQifYDwA== =5dGp -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Mon Apr 16 09:07:35 2012 From: security em unicamp.br (CSIRT - UNICAMP) Date: Mon, 16 Apr 2012 09:07:35 -0300 Subject: [SECURITY-L] CAIS-Alerta: Resumo dos Boletins de Segurana Microsoft - Abril/2012 Message-ID: <20120416120735.GA33845@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Resumo dos Boletins de Segurança Microsoft - Abril/2012 To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Fri, 13 Apr 2012 13:44:55 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, A Microsoft publicou 6 boletins de segurança em 10 de abril que abordam ao todo 9 vulnerabilidades em produtos da empresa. A exploração destas vulnerabilidades permitem execução remota de código e divulgação não autorizada de informação. SEVERIDADE . Crítica - MS12-023 - Atualização de segurança cumulativa para o Internet Explorer - MS12-024 - Vulnerabilidade no Windows pode permitir a execução remota de código - MS12-025 - Vulnerabilidade no .NET Framework pode permitir execução remota de código - MS12-027 - Vulnerabilidades nos controles comuns do Windows podem permitir a execução remota de código . Importante - MS12-026 - Vulnerabilidades no Forefront Unified Access Gateway (UAG) podem permitir divulgação não autorizada de informações - MS12-028 - Vulnerabilidade no Microsoft Office pode permitir a execução remota de código . Moderada - Nenhum boletim . Baixa - Nenhum boletim O sistema de classificação de severidade das vulnerabilidades adotado pelo CAIS neste resumo é o da própria Microsoft. O CAIS recomenda que se aplique, minimamente, as correções para vulnerabilidades classificadas como crítica e importante. No caso de correções para vulnerabilidades classificadas como moderadas o CAIS recomenda que ao menos as recomendações de mitigação sejam seguidas. . Crítica - Vulnerabilidades cuja exploração possa permitir a propagação de um worm sem a necessidade de interação com o usuário. . Importante - Vulnerabilidades cuja exploração possa resultar no comprometimento de confidencialidade, integridade ou disponibilidade de dados de usuários ou a integridade ou disponibilidade de recursos de processamento. . Moderada - exploração é mitigada significativamente por fatores como configuração padrão, auditoria ou dificuldade de exploração. . Baixa - uma vulnerabilidade cuja exploração seja extremamente difícil ou cujo impacto seja mínimo. CORREÇÕES DISPONÍVEIS Recomenda-se atualizar os sistemas para as versões disponíveis em: . Microsoft Update https://www.update.microsoft.com/microsoftupdate/ . Windows Server Update Services http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx MAIS INFORMAÇÕES . Resumo do Boletim de Segurança da Microsoft de abril 2012 http://technet.microsoft.com/en-us/security/bulletin/ms12-apr . Microsoft TechCenter de Segurança http://technet.microsoft.com/pt-br/security/ . Microsoft Security Response Center - MSRC http://www.microsoft.com/security/msrc/ . Microsoft Security Research&Defense - MSRD http://blogs.technet.com/srd/ . Segurança Microsoft http://www.microsoft.com/brasil/security/ . MS12-023 - Atualização de segurança cumulativa para o Internet Explorer http://technet.microsoft.com/en-us/security/bulletin/ms12-023 . MS12-024 - Vulnerabilidade no Windows pode permitir a execução remota de código http://technet.microsoft.com/en-us/security/bulletin/ms12-024 . MS12-025 - Vulnerabilidade no .NET Framework pode permitir execução remota de código http://technet.microsoft.com/en-us/security/bulletin/ms12-025 . MS12-027 - Vulnerabilidades nos controles comuns do Windows podem permitir a execução remota de código http://technet.microsoft.com/en-us/security/bulletin/ms12-027 . MS12-026 - Vulnerabilidades no Forefront Unified Access Gateway (UAG) podem permitir divulgação não autorizada de informações http://technet.microsoft.com/en-us/security/bulletin/ms12-026 . MS12-028 - Vulnerabilidade no Microsoft Office pode permitir a execução remota de código http://technet.microsoft.com/en-us/security/bulletin/ms12-028 Identificador CVE (http://cve.mitre.org): CVE-2012-0169, CVE-2012-0170, CVE-2012-0172, CVE-2012-0171, CVE-2012-0151, CVE-2012-0163, CVE-2012-0147, CVE-2012-0158, CVE-2012-0177 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as últimas versões e correções oferecidas pelos fabricantes. Os Alertas do CAIS também são oferecidos no formato RSS/RDF e no Twitter: http://www.rnp.br/cais/alertas/rss.xml Siga @caisrnp Atenciosamente, Equipe do CAIS/RNP ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBT4hYDOkli63F4U8VAQG0EgP+MbYbGADhhMupgUX5/OFW/30PQvFdRmLv uwcJEiPqJRCpwKp4ML5cdN6puWGiyZf4UMEAq8VP+ruHv7kUEIJJ3Pg/n/O8VuY3 /FcEnxPxEHWN9m2R95sl4tUeyk0N6Mt82RKm2v1CoNFpuYxcfcoppEuc3Wh1fZOj Ng1z0SrwrGM= =JBnC -----END PGP SIGNATURE----- ----- End forwarded message -----