From security em unicamp.br Wed Aug 15 09:56:09 2012 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 15 Aug 2012 12:56:09 +0000 Subject: [SECURITY-L] US-CERT Alert TA12-227A - Microsoft Updates for Multiple Vulnerabilities Message-ID: <20120815125609.GD3902@unicamp.br> ----- Forwarded message from US-CERT Alerts ----- From: US-CERT Alerts Subject: US-CERT Alert TA12-227A - Microsoft Updates for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 14 Aug 2012 15:18:19 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System Technical Cyber Security Alert TA12-227A Microsoft Updates for Multiple Vulnerabilities Original release date: August 14, 2012 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Internet Explorer * Microsoft Office * Microsoft Developer Tools * Microsoft Server Software * Microsoft SQL Server * Microsoft Exchange Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities. Description The Microsoft Security Bulletin Summary for August 2012 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for August 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates. References * Microsoft Security Bulletin Summary for August 2012 - * Microsoft Windows Server Update Services - * Microsoft Update - * Microsoft Update Overview - * Turn Automatic Updating On or Off - Revision History August 14, 2012: Initial release ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA12-227A Feedback VU#215643" in the subject. ____________________________________________________________________ Produced by US-CERT, a government organization. ____________________________________________________________________ This product is provided subject to this Notification: http://www.us-cert.gov/privacy/notification.html Privacy & Use policy: http://www.us-cert.gov/privacy/ This document can also be found at http://www.us-cert.gov/cas/techalerts/TA12-227A.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBUCqY43dnhE8Qi3ZhAQJ6VQf/QuRhG+OlF/2F2fKWjvVM5jKuHxko3irj Mg2xQW1ij7wkqvOCJQfDWanzXrbQte0lc6rkVKsNCBZiJ8gc1FTWDyvVuzJELYnN ZlK32Vd4f2kYFFsOPvaa5iudM9vE0VXBSpbc6QTPk4sBFJT985eiQ/+hiuaR4Bvh CzYlbQxLzkT2JsOcZ+Hg8QkRuGyp9hlmlm48KR9viUVASA1QWX87k4pwuZj6tHJx Zf1GAz0SGq/tES2G2QJpaUb6it4qhDgfQxekpf3s5AI+uNcbP3PEQwIYEVmJEbmM 2H4zZwWZAg4zqZNqLDXLMr+4PG+XMG+Or7ME9pWcgvMcFIAkRq+CpA== =Tit6 -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Aug 15 14:40:05 2012 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 15 Aug 2012 17:40:05 +0000 Subject: [SECURITY-L] [cais@cais.rnp.br: CAIS-Alerta: Resumo dos Boletins de Segurana Microsoft - Agosto/2012] Message-ID: <20120815174005.GA25565@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Resumo dos Boletins de Segurança Microsoft - Agosto/2012 To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Wed, 15 Aug 2012 14:13:13 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, A Microsoft publicou 9 boletins de segurança em 14 de Agosto que abordam ao todo 15 vulnerabilidades em produtos da empresa. A exploração destas vulnerabilidades permitem execução remota de código e elevação de privilégio. Até o momento da publicação deste alerta não há indícios de exploração ativa de nenhuma das vulnerabilidades citadas abaixo. SEVERIDADE . Crítica - - MS12-052 - Atualização cumulativa de segurança para Microsoft Internet Explorer - - MS12-053 - Vulnerabilidade no recurso Remote Desktop pode permitir a execução remota de código - - MS12-054 - Vulnerabilidade no Componente de Rede Windows pode permitir a execução remota de código - - MS12-060 - Vulnerabilidade nos Controles Comuns do Windows pode permitir a execução remota de código - - MS12-058 - Vulnerabilidade no recurso de visualização de documentos WebReady do Microsoft Exchange Server pode permitir a execução remota de código . Importante - - MS12-055 - Vulnerabilidades nos drivers kernel-mode do Windows podem permitir a elevação de privilégio - - MS12-056 - Vulnerabilidades no funcionamento do JScript e VBScript podem permitir a execução remota de código - - MS12-057 - Vulnerabilidade no Microsoft Office pode permitir a execução remota de código - - MS12-059 - Vulnerabilidade no Microsoft Visio pode permitir a execução remota de código . Moderada - - Nenhum boletim . Baixa - - Nenhum boletim O sistema de classificação de severidade das vulnerabilidades adotado pelo CAIS neste resumo é o da própria Microsoft. O CAIS recomenda que se aplique, minimamente, as correções para vulnerabilidades classificadas como crítica e importante. No caso de correções para vulnerabilidades classificadas como moderadas o CAIS recomenda que ao menos as recomendações de mitigação sejam seguidas. . Crítica - Vulnerabilidades cuja exploração possa permitir a propagação de um worm sem a necessidade de interação com o usuário. . Importante - Vulnerabilidades cuja exploração possa resultar no comprometimento de confidencialidade, integridade ou disponibilidade de dados de usuários ou a integridade ou disponibilidade de recursos de processamento. . Moderada - exploração é mitigada significativamente por fatores como configuração padrão, auditoria ou dificuldade de exploração. . Baixa - uma vulnerabilidade cuja exploração seja extremamente difícil ou cujo impacto seja mínimo. CORREÇÕES DISPONÍVEIS Recomenda-se atualizar os sistemas para as versões disponíveis em: . Microsoft Update https://www.update.microsoft.com/microsoftupdate/ . Windows Server Update Services http://www.microsoft.com/windowsserversystem/updateservices/default.mspx MAIS INFORMAÇÕES . Resumo do Boletim de Segurança da Microsoft de agosto 2012 http://technet.microsoft.com/en-us/security/bulletin/ms12-aug . Microsoft TechCenter de Segurança http://technet.microsoft.com/pt-br/security/ . Microsoft Security Response Center - MSRC http://www.microsoft.com/security/msrc/ . Microsoft Security Research&Defense - MSRD http://blogs.technet.com/srd/ . Segurança Microsoft http://www.microsoft.com/brasil/security/ . ISC Diary - Microsoft August 2012 Black Tuesday Update - Overview https://isc.sans.edu/diary/Microsoft+August+2012+Black+Tuesday+Update+-+Overview/13900 Identificador CVE (http://cve.mitre.org): CVE-2012-1526 CVE-2012-2521 CVE-2012-2522 CVE-2012-2523 CVE-2012-2526 CVE-2012-1850 CVE-2012-1851 CVE-2012-1852 CVE-2012-1853 CVE-2012-2527 CVE-2012-2524 CVE-2012-1888 CVE-2012-1856 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as últimas versões e correções oferecidas pelos fabricantes. Os Alertas do CAIS também são oferecidos no formato RSS/RDF e no Twitter: http://www.rnp.br/cais/alertas/rss.xml Siga @caisrnp Atenciosamente, Equipe do CAIS/RNP ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBUCvYrOkli63F4U8VAQEB0AP+IpH7j2ec8AN+GwXivDQ81cCfYlPm4eCT RcJncX4aH20Twr7XcHTOT/xoK1Yx1cz1hcswNDdfQVfzWaY3NwmJWTFo93ol0cTN cOn3VANxer2hskSBk8MJbalndRZ570rxhzsKSEhKshjEOF76pY1UsfPUHWP+rcj5 kRj/UbRfi1Y= =uQ+U -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Tue Aug 28 08:37:16 2012 From: security em unicamp.br (CSIRT - UNICAMP) Date: Tue, 28 Aug 2012 11:37:16 +0000 Subject: [SECURITY-L] US-CERT Alert TA12-240A - Oracle Java 7 Security Manager Bypass Vulnerability Message-ID: <20120828113716.GB37990@unicamp.br> ----- Forwarded message from US-CERT Alerts ----- From: US-CERT Alerts Subject: US-CERT Alert TA12-240A - Oracle Java 7 Security Manager Bypass Vulnerability To: technical-alerts em us-cert.gov Date: Mon, 27 Aug 2012 23:37:54 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA12-240A Oracle Java 7 Security Manager Bypass Vulnerability Original release date: August 27, 2012 Last revised: -- Systems Affected Any system using Oracle Java 7 (1.7, 1.7.0) including: * Java Platform Standard Edition 7 (Java SE 7) * Java SE Development Kit (JDK 7) * Java SE Runtime Environment (JRE 7) Web browsers using the Java 7 Plug-in are at high risk. Overview A vulnerability in the way Java 7 restricts the permissions of Java applets could allow an attacker to execute arbitrary commands on a vulnerable system. Description A vulnerability in the Java Security Manager allows a Java applet to grant itself permission to execute arbitrary operating system commands. An attacker could use social engineering techniques to entice a user to visit a link to a web site hosting a malicious applet. Any web browser using the Java 7 Plug-in is affected. Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available. Impact By convincing a user to load a malicious Java applet, an attacker could execute arbitrary operating system commands on a vulnerable system with the privileges of the Java Plug-in process. Solution Disable the Java Plug-in Disabling the Java web browser plug-in will prevent Java applets from from running. Here are instructions for several common web browsers: * Apple Safari: How to disable the Java web plug-in in Safari * Mozilla Firefox: How to turn off Java applets * Google Chrome: See the "Disable specific plug-ins" section of the Chrome Plug-ins documentation. * Microsoft Internet Explorer: Change the value of the UseJava2IExplorer registry key to 0. Depending on the versions of Windows and the Java plug-in, the key can be found in these locations: HKLM\Software\JavaSoft\Java Plug-in\{version}\UseJava2IExplorer HKLM\Software\Wow6432Node\JavaSoft\Java Plug-in\{version}\UseJava2IExplorer * The Java Control Panel (javacpl.exe) does not reliably configure the Java plug-in for Internet Explorer. Instead of editing the registry, it is possible to run javacpl.exe as Administrator, navigate to the Advanced tab, Default Java for browsers, and use the space bar to de-select the Microsoft Internet Explorer option. Use NoScript NoScript is a browser extension for Mozilla Firefox browsers that provides options to block Java applets. References * Vulnerability Note VU#636312 * Zero-Day Season is Not Over Yet * Let's start the week with a new Java 0-day in Metasploit * http://pastie.org/4594319 * The Security Manager * Java 7 0-Day vulnerability information and mitigation. * How to disable the Java web plug-in in Safari * How to turn off Java applets * NoScript Revision History August 27, 2012: Initial release ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA12-240A Feedback VU#636312" in the subject. ____________________________________________________________________ Produced by US-CERT, a government organization. ____________________________________________________________________ This product is provided subject to this Notification: http://www.us-cert.gov/privacy/notification.html Privacy & Use policy: http://www.us-cert.gov/privacy/ This document can also be found at http://www.us-cert.gov/cas/techalerts/TA12-240A.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBUDwzD3dnhE8Qi3ZhAQIhCwgAoB6PY2SMOBk9HEm0kNLm0aYD+YNJ/JjE 76KMWFPbtKd6I4hgMsjgIj6Y9a9fObk3tI+WAZ9cUrtw7I0/rnFJ33hEa24EdAZi FrC+8WYJulBssl2t/+GXW+jnWymgv3wm8B75A5ykXp6K/Xg0LDH7Xpe1tgPI7ojJ 9Wut8xfoKknzm3s6mEuVrZUpN8cGJzDi4E1CqGdQPUEcBBSnwIpbNVTdfsSLlaEX st2VpWpC2Nd/WrcakJoQhC2ehvi3osEEXL6AAX88G7ixUg9E+aS2G+JiUQ2/DDKD zD8dq/LaX7aZldPgbbLsuJHWnN2/gmWnjUMYnFjHbSpCcLGphnfQiQ== =3Q1B -----END PGP SIGNATURE----- ----- End forwarded message -----