From security em unicamp.br Wed Jan 9 09:44:02 2013 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 9 Jan 2013 11:44:02 +0000 Subject: [SECURITY-L] [technical-alerts@us-cert.gov: US-CERT Alert TA13-008A - Microsoft Updates for Multiple Vulnerabilities] Message-ID: <20130109114402.GA11722@unicamp.br> ----- Forwarded message from US-CERT Alerts ----- From: US-CERT Alerts Subject: US-CERT Alert TA13-008A - Microsoft Updates for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 8 Jan 2013 15:20:48 -0500 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA13-008A Microsoft Updates for Multiple Vulnerabilities Original release date: January 08, 2013 Last revised: -- Systems Affected * Microsoft Windows * Microsoft Office * Microsoft Server Software * Microsoft .NET Framework * Microsoft Developer Tools Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities. Description The Microsoft Security Bulletin Summary for January 2013 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. Solution Apply Updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for January 2013, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates. References * Microsoft Security Bulletin Summary for January 2013 * Microsoft Windows Server Update Services * Microsoft Update * Microsoft Update Overview * Turn Automatic Updating On or Off Revision History January 08, 2013: Initial release ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA13-008A Feedback VU#165564" in the subject. ____________________________________________________________________ Produced by US-CERT, a government organization. ____________________________________________________________________ This product is provided subject to this Notification: http://www.us-cert.gov/privacy/notification.html Privacy & Use policy: http://www.us-cert.gov/privacy/ This document can also be found at http://www.us-cert.gov/cas/techalerts/TA13-008A.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBUOx1f3dnhE8Qi3ZhAQKivQf/cYSo2DHr+Tz2KPgM/0xFXWKVjKAJkPsh QR0lZqbU2A+ZX2ZRU/7JJs5VbJADx5uxijEc6UUYcSrnLVc4Kp29FS6Hx0NiBTPL 6BQ+V6sBrl8h7dFRur3TxY5hWOGCvmlWtkWBgZk3xYnvsoPyt0Rx4x6oUY1HPW9C D4T6y5hpIHo7gc0jADSV1st/JhrCabbm5dlgRrwnff7G35o/6xBaA+0JnoMGC958 2dqi0gxTVSG2/4miPzIeWX51i8867cKHeBODVhePd81QfEwHp3G52oJ7FVwMclya 2u7JG4bHqCNXPzOVmKvbFHaEN8fD7nC6/IwbPNO9HhLG+1Kw4d7M/g== =v6/Q -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Fri Jan 11 10:54:42 2013 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 11 Jan 2013 12:54:42 +0000 Subject: [SECURITY-L] [cais@cais.rnp.br: CAIS-Alerta: Resumo dos Boletins de Segurana Microsoft - Janeiro/2013] Message-ID: <20130111125442.GC16121@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Resumo dos Boletins de Segurança Microsoft - Janeiro/2013 To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Wed, 9 Jan 2013 16:33:16 -0200 (BRST) -----BEGIN PGP SIGNED MESSAGE----- Prezados, A Microsoft publicou 7 boletins de segurança em 08 de janeiro de 2013 que abordam ao todo 11 vulnerabilidades em produtos da empresa. A exploração destas vulnerabilidades permitem execução remota de código, elevação de privilégios, negação de serviços entre outros. Até o momento da publicação deste alerta não foram divulgados códigos de exploração para as vulnerabilidades listadas. SEVERIDADE . Crítica - - MS13-001 - Vulnerabilidade nos componentes do Spooler de impressão do Windows podem permitir execução remota de código. - - MS13-002 - Vulnerabilidades no Microsoft XML Core Services podem permitir a execução remota de código. . Importante - - MS13-003 - Vulnerabilidades no System Center Operations Manager podem permitir a elevação de privilégio. - - MS13-004 - Vulnerabilidades no .NET Framework podem permitir elevação de privilégio. - - MS13-005 - Vulnerabilidade no driver do modo do kernel do Windows pode permitir a elevação de privilégio. - - MS13-006 - Vulnerabilidade no Microsoft Windows pode permitir burlar recurso de segurança. - - MS13-007 - Vulnerabilidade no Protocolo de Dados Abertos (OData) pode permitir a realizaçaõ de ataques de negação de serviço. . Moderada - - Nenhum boletim . Baixa - - Nenhum boletim O sistema de classificação de severidade das vulnerabilidades adotado pelo CAIS neste resumo é o da própria Microsoft. O CAIS recomenda que se aplique, minimamente, as correções para vulnerabilidades classificadas como crítica e importante. No caso de correções para vulnerabilidades classificadas como moderadas o CAIS recomenda que ao menos as recomendações de mitigação sejam seguidas. . Crítica - Vulnerabilidades cuja exploração possa permitir a propagação de um worm sem a necessidade de interação com o usuário. . Importante - Vulnerabilidades cuja exploração possa resultar no comprometimento de confidencialidade, integridade ou disponibilidade de dados de usuários ou a integridade ou disponibilidade de recursos de processamento. . Moderada - exploração é mitigada significativamente por fatores como configuração padrão, auditoria ou dificuldade de exploração. . Baixa - uma vulnerabilidade cuja exploração seja extremamente difícil ou cujo impacto seja mínimo. CORREÇÕES DISPONÍVEIS Recomenda-se atualizar os sistemas para as versões disponíveis em: . Microsoft Update https://www.update.microsoft.com/microsoftupdate/ . Microsoft Download Center http://www.microsoft.com/pt-br/download/security.aspx MAIS INFORMAÇÕES . Resumo do Boletim de Segurança da Microsoft de janeiro 2013 http://technet.microsoft.com/pt-br/security/bulletin/ms13-jan . Microsoft TechCenter de Segurança http://technet.microsoft.com/pt-br/security/ . Microsoft Security Response Center - MSRC http://www.microsoft.com/security/msrc/ . Microsoft Security Research & Defense - MSRD http://blogs.technet.com/srd/ . Central de Proteção e Segurança Microsoft http://www.microsoft.com/brasil/security/ Identificador CVE (http://cve.mitre.org ): CVE-2013-0011 CVE-2013-0006 CVE-2013-0007 CVE-2013-0009 CVE-2013-0001 CVE-2013-0002 CVE-2013-0003 CVE-2013-0004 CVE-2013-0008 CVE-2013-0013 CVE-2013-0005 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as últimas versões e correções oferecidas pelos fabricantes. Os Alertas do CAIS também são oferecidos no formato RSS/RDF e no Twitter: http://www.rnp.br/cais/alertas/rss.xml Siga @caisrnp Atenciosamente, Equipe do CAIS/RNP ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBUO238ekli63F4U8VAQGNcAP/XnylzC9K53a1sDqxvOu2H8KG/Ci8bNH+ MAyiMZKmL5HrWfEGIQtUbJZ/lDTGEnTnGnqnKZ++GmY4EzCl00w+5e0z527KkJpp IK4Pd758Nox9dk0QdZta8SiTI34jYQ2SaYzL3IXI/VjELts4vdFhyOus3AMnt6aS vsB7IEDDwwE= =Ujsb -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Fri Jan 11 14:04:37 2013 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 11 Jan 2013 16:04:37 +0000 Subject: [SECURITY-L] [technical-alerts@us-cert.gov: US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability] Message-ID: <20130111160437.GD16121@unicamp.br> ----- Forwarded message from US-CERT Alerts ----- From: US-CERT Alerts Subject: US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability To: technical-alerts em us-cert.gov Date: Thu, 10 Jan 2013 17:26:27 -0500 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA13-010A Oracle Java 7 Security Manager Bypass Vulnerability Original release date: January 10, 2013 Last revised: -- Systems Affected Any system using Oracle Java 7 (1.7, 1.7.0) including * Java Platform Standard Edition 7 (Java SE 7) * Java SE Development Kit (JDK 7) * Java SE Runtime Environment (JRE 7) All versions of Java 7 through update 10 are affected. Web browsers using the Java 7 plug-in are at high risk. Overview A vulnerability in the way Java 7 restricts the permissions of Java applets could allow an attacker to execute arbitrary commands on a vulnerable system. Description A vulnerability in the Java Security Manager allows a Java applet to grant itself permission to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a "drive-by download" attack). Any web browser using the Java 7 plug-in is affected. The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors. Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available. Further technical details are available in Vulnerability Note VU#625617. Impact By convincing a user to load a malicious Java applet or Java Network Launching Protocol (JNLP) file, an attacker could execute arbitrary code on a vulnerable system with the privileges of the Java plug-in process. Solution Disable Java in web browsers This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. To defend against this and future Java vulnerabilities, disable Java in web browsers. Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. From Setting the Security Level of the Java Client: For installations where the highest level of security is required, it is possible to entirely prevent any Java apps (signed or unsigned) from running in a browser by de-selecting Enable Java content in the browser in the Java Control Panel under the Security tab. If you are unable to update to Java 7 Update 10 please see the solution section of Vulnerability Note VU#636312 for instructions on how to disable Java on a per browser basis. References * Vulnerability Note VU#625617 * Setting the Security Level of the Java Client * The Security Manager * How to disable the Java web plug-in in Safari * How to turn off Java applets * NoScript * Securing Your Web Browser * Vulnerability Note VU#636312 Revision History January 10, 2013: Initial release ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA13-010A Feedback VU#625617" in the subject. ____________________________________________________________________ Produced by US-CERT, a government organization. ____________________________________________________________________ This product is provided subject to this Notification: http://www.us-cert.gov/privacy/notification.html Privacy & Use policy: http://www.us-cert.gov/privacy/ This document can also be found at http://www.us-cert.gov/cas/techalerts/TA13-010A.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBUO83IXdnhE8Qi3ZhAQLdxQf6A2LhLrArDieg41fxTuIViOXbgH6fZrDt 6bODaZIeTcvQfMMURbUb8MnTQEe7ogNbytb+XQaEzXE6A0YMdWp+93TxFy80wUI0 VpF0lBDwNyeAlwtzicLSQa5oa5Me0k5KPVUn9/mFJZh5Ff0cYjW1dt8dfXJUbH9/ OZ6ZJsnJchymJFlVax3Y87yZh9fPQC4n6dJ86CdLXqC9GaBihgBd1DUpborfWYoR njvrtbcX+7iy+J8fS2C8/JtnQ5M+uilvqxrdU/Z9SdmebIF5HQjafLae9OmwH7Te nxUcwwmuNqIA1Y9aN2DrStv+HnTi121DIxyaVgNOKjPnO/t5mDPKlw== =xi3d -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Jan 16 09:35:17 2013 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 16 Jan 2013 11:35:17 +0000 Subject: [SECURITY-L] [technical-alerts@us-cert.gov: US-CERT Alert TA13-015A - Microsoft Releases Update for Internet Explorer Vulnerability CVE-2012-4792] Message-ID: <20130116113517.GA81474@unicamp.br> ----- Forwarded message from US-CERT Alerts ----- From: US-CERT Alerts Subject: US-CERT Alert TA13-015A - Microsoft Releases Update for Internet Explorer Vulnerability CVE-2012-4792 To: technical-alerts em us-cert.gov Date: Tue, 15 Jan 2013 10:50:45 -0500 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA13-015A Microsoft Releases Update for Internet Explorer Vulnerability CVE-2012-4792 Original release date: January 15, 2013 Last revised: -- Systems Affected * Microsoft Internet Explorer 6 * Microsoft Internet Explorer 7 * Microsoft Internet Explorer 8 Overview Microsoft has released Security Bulletin MS13-008 to address the CButton use-after-free vulnerability (CVE-2012-4792). Description Microsoft Internet Explorer versions 6, 7, and 8 are susceptible to a use-after-free vulnerability. This vulnerability is being actively exploited in the wild. Microsoft has released Security Bulletin MS13-008 to address this vulnerability. Additional information is available in Vulnerability Note VU#154201. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. Solution US-CERT recommends that Internet Explorer users run Windows Update as soon as possible to apply the MS13-008 update. Revision History January 15, 2013: Initial release ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA13-015A Feedback VU#154201" in the subject. ____________________________________________________________________ Produced by US-CERT, a government organization. ____________________________________________________________________ This product is provided subject to this Notification: http://www.us-cert.gov/privacy/notification.html Privacy & Use policy: http://www.us-cert.gov/privacy/ This document can also be found at http://www.us-cert.gov/cas/techalerts/TA13-015A.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBUPVwH3dnhE8Qi3ZhAQKgnggAm+9MpixsXsGekcDWpXvtDwU+39cZDXC0 +VG5lvmQMOxGCQk7308azrSsDcmFjQkWvbX/szqEWizku+FWhaFEFJ/PA03nIaTF GCDiQMpXDF9bvb80/bi7mbrC4tmak6P6lNsN8cJ/3dwidgbGN6Uq+CJ0Efo27BR5 nnczBzkVS2FR0z9H9h/Fo9IwRwL5fHyMe3dnW5sbD7sAkGDZDFXMGJrdxyOB7kCd OwnhkM6DBtDp849feRu1aR3rHuJ63u8xzRQ6CDWV7x+OeqHhiiqH4lmAUB4ceUIn VluUeBL2jRcpUKSvAUYdjCdkS/gSpAfkpki498kDofU5akLAzOCKKQ== =WM9o -----END PGP SIGNATURE----- ----- End forwarded message -----