From security em unicamp.br Wed Sep 15 09:34:32 2010 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 15 Sep 2010 09:34:32 -0300 Subject: [SECURITY-L] CAIS-Alerta: Resumo dos Boletins de Segurana Microsoft - Setembro/2010 Message-ID: <20100915123431.GA56798@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Resumo dos Boletins de Segurança Microsoft - Setembro/2010 To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Tue, 14 Sep 2010 17:47:50 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, A Microsoft publicou 9 boletins de segurança em 14 de Setembro que abordam ao todo 11 vulnerabilidades em produtos da empresa. A exploração destas vulnerabilidades permitem execução remota de código e escalação de privilégios de usuários locais conectados. No momento da publicação deste resumo há exploração ativa de duas vulnerabilidades do boletim: MS10-061 (CVE-2010-2729) e MS10-065 (CVE-2010-2730, CVE-2010-2731, CVE-2010-1899). SEVERIDADE . Crítica - MS10-061: Vulnerabilidade no serviço de gerenciamento da fila de impressão Vulnerabilidade que permite a execução remota de código - MS10-062: Vulnerabilidades no codec MPEG-4 Vulnerabilidade que permite a execução remota de código - MS10-063: Vulnerabilidade no processador de scripts unicode (Unicode Scripts Processor) Vulnerabilidade que permite a execução remota de código - MS10-064: Vulnerabilidade no Microsoft Outlook Vulnerabilidade que permite a execução remota de código . Importante - MS10-065: Vulnerabilidades no Microsoft Internet Information Services (IIS) Vulnerabilidade que permite a execução remota de código - MS10-066: Vulnerabilidade no Remote Procedure Call (RPC) Vulnerabilidade que permite a execução remota de código - MS10-067: Vulnerabilidade nos conversores de texto do Wordpad Vulnerabilidade que permite a execução remota de código - MS10-068: Vulnerabilidade no Local Security Authority Subsystem Service (LSASS) Vulnerabilidade que permite escalação de privilégios de usuários locais conectados - MS10-069: Vulnerabilidade no Windows Client/Server Runtime Subsystem Vulnerabilidade que permite escalação de privilégios de usuários locais conectados . Moderada - Nenhum boletim . Baixa - Nenhum boletim O sistema de classificação de severidade das vulnerabilidades adotado pelo CAIS neste resumo é o da própria Microsoft. O CAIS recomenda que se aplique, minimamente, as correções para vulnerabilidades classificadas como crítica e importante. No caso de correções para vulnerabilidades classificadas como moderadas o CAIS recomenda que ao menos as recomendações de mitigação sejam seguidas. . Crítica - Vulnerabilidades cuja exploração possa permitir a propagação de um worm sem a necessidade de interação com o usuário. . Importante - Vulnerabilidades cuja exploração possa resultar no comprometimento de confidencialidade, integridade ou disponibilidade de dados de usuários ou a integridade ou disponibilidade de recursos de processamento. . Moderada - exploração é mitigada significativamente por fatores como configuração padrão, auditoria ou dificuldade de exploração. . Baixa - uma vulnerabilidade cuja exploração seja extremamente difícil ou cujo impacto seja mínimo. CORREÇÕES DISPONÍVEIS Recomenda-se atualizar os sistemas para as versões disponíveis em: . Microsoft Update https://www.update.microsoft.com/microsoftupdate/ . Windows Server Update Services http://www.microsoft.com/windowsserversystem/updateservices/default.mspx MAIS INFORMAÇÕES . Microsoft Security Bulletin Summary for September 2010 http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx . SANS ISC Handler's Diary 2010-09-14 - September 2010 Microsoft Black Tuesday Summary http://isc.sans.edu/diary.html?storyid=9547 . MS10-061 - Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290) http://www.microsoft.com/technet/security/bulletin/ms10-061.mspx . MS10-062 - Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution (975558) http://www.microsoft.com/technet/security/bulletin/MS10-062.mspx . MS10-063 - Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2320113) http://www.microsoft.com/technet/security/bulletin/MS10-063.mspx . MS10-064 - Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011) http://www.microsoft.com/technet/security/bulletin/ms10-064.mspx . MS10-065 - Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960) http://www.microsoft.com/technet/security/bulletin/MS10-065.mspx . MS10-066 - Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (982802) http://www.microsoft.com/technet/security/bulletin/ms10-066.mspx . MS10-067 - Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2259922) http://www.microsoft.com/technet/security/bulletin/MS10-067.mspx . MS10-068 - Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539) http://www.microsoft.com/technet/security/bulletin/MS10-068.mspx . MS10-069 - Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546) http://www.microsoft.com/technet/security/bulletin/MS10-069.mspx . Microsoft TechCenter de Segurança http://technet.microsoft.com/pt-br/security/ . Microsoft Security Response Center - MSRC http://www.microsoft.com/security/msrc/ . Microsoft Security Research & Defense - MSRD http://blogs.technet.com/srd/ . Segurança Microsoft http://www.microsoft.com/brasil/security/ Identificador CVE (http://cve.mitre.org): CVE-2010-0818, CVE-2010-0820, CVE-2010-1891, CVE-2010-1899, CVE-2010-2728, CVE-2010-2729, CVE-2010-2730, CVE-2010-2731, CVE-2010-2738, CVE-2010-2563, CVE-2010-2567 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as últimas versões e correções oferecidas pelos fabricantes. Os Alertas do CAIS também são oferecidos no formato RSS/RDF e no Twitter: http://www.rnp.br/cais/alertas/rss.xml Siga @cais_rnp Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBTI/fe+kli63F4U8VAQFHEwP+PS8N8dV1k5W7/gEtmWskgIXtUut30jLr sIdUHrJHhvkA3OMwcr5qhqMMaUO2ThnIKP4TPZAoC/yPWhp6boVHD8eXoJc21Loq kwBOMMAXRlvXEcJAssIUhhrcBvp8qaP1oPM6XBPKkJBbQzAkswfWkVev0Z45Adj3 kqbvRoZEWyw= =toby -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Sep 15 09:35:09 2010 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 15 Sep 2010 09:35:09 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA10-257A -- Microsoft Updates for Multiple Vulnerabilities Message-ID: <20100915123505.GB56798@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA10-257A -- Microsoft Updates for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 14 Sep 2010 17:57:25 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-257A Microsoft Updates for Multiple Vulnerabilities Original release date: September 14, 2010 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Office Overview There are multiple vulnerabilities in Microsoft Windows and Microsoft Office. Microsoft has released updates to address these vulnerabilities. I. Description The Microsoft Security Bulletin Summary for September 2010 describes multiple vulnerabilities in Microsoft Windows and Microsoft Office. Microsoft has released updates to address the vulnerabilities. II. Impact A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable system or application to crash. III. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for September 2010. That bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * Microsoft Security Bulletin Summary for September 2010 - * Microsoft Windows Server Update Services - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA10-257A Feedback VU#447990" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History September 14, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTI/u6T6pPKYJORa3AQKfgQgAsBDEHMH+Dq73qHFwsGnUIBWi7DkAV64s 0tz109GDGQRXL/MkXwWfaFfDc+h4ZUgjfVv93GBjK0NI78mYOWxSS7Pd3WhD6TaH YFcDcF4IW06Er4wEjgR+y5fTvF17k3Cix0GdsVzet/I2XMd4uCnIrHyLzLgZhf5s sWtv+kLaqCKUl8zsmcpmTcKUt+V2U3VWGeICIwuZXjB8FNHWuzYN1r/togFt0tcA 16gtGSCmdJy6Er+FyXxTJvWX4uJywBTDtIZZY/xyhGp2dBWUdOfY1k+7C5Dp/tCY Rq9tOY6caxHUYmitTtABaop83jTJFnS53lQJo4UizDNQoNbRSUIVFA== =dDpT -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Tue Sep 21 10:03:07 2010 From: security em unicamp.br (CSIRT - UNICAMP) Date: Tue, 21 Sep 2010 10:03:07 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA10-263A -- Adobe Flash Vulnerabilities Message-ID: <20100921130307.GC14672@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA10-263A -- Adobe Flash Vulnerabilities To: technical-alerts em us-cert.gov Date: Mon, 20 Sep 2010 16:15:08 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-263A Adobe Flash Vulnerabilities Original release date: September 20, 2010 Last revised: -- Source: US-CERT Systems Affected * Adobe Flash Player 10.1.82.76 and earlier versions * Adobe Flash Player 10.1.92.10 for Android * Adobe Reader 9.3.4 and earlier 9.x versions Other Adobe products that support Flash may also be vulnerable. Overview According to Adobe Security Bulletin APSB10-22 there are vulnerabilities in Adobe Flash. These vulnerabilities affect Flash Player, Reader, and possibly other products that support Flash. A remote attacker could exploit these vulnerabilities to execute arbitrary code. I. Description Adobe Security Bulletin APSB10-22 describes vulnerabilities in Adobe Flash that affect Flash Player. These vulnerabilities may also affect other products that independently support Flash, such as Adobe Reader, Acrobat, Photoshop, Photoshop Lightroom, Freehand MX, and Fireworks. An attacker could exploit these vulnerabilities by convincing a user to open specially crafted Flash content. Flash content is commonly hosted on a web page, but it can also be embedded in a PDF and other documents or provided as a stand-alone file. II. Impact If a user opens specially crafted Flash content, a remote attacker may be able to execute arbitrary code. III. Solution Update Flash Adobe Security Bulletin APSB10-22 recommends updating to Flash Player 10.1.85.3 for Windows, Mac OS, Linux, and Solaris and Flash Player 10.1.95.1 for Android. However, products like Adobe Reader with embedded Flash will require their own security updates. To reduce your exposure to these and other Flash vulnerabilities, consider the following mitigation technique. Disable Flash in your web browser Uninstall Flash or restrict which sites are allowed to run Flash. To the extent possible, only run trusted Flash content on trusted domains. For more information, see Securing Your Web Browser. Additional workarounds are available in US-CERT Vulnerability Note VU#275289. IV. References * Adobe Security Bulletin APSB10-22 - * US-CERT Vulnerability Report VU#275289 - * Securing Your Web Browser - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA10-263A Feedback VU#275289" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History September 20, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTJe7/z6pPKYJORa3AQKQhAf/bL/1nVmg6x8ir8Wx4UQonT3BgQ/WpPK+ eDQwGCig1TGsabAznlWFQe23jj0Q45bE61eNdT5sQ8bl3IfxivHzCIeI3l4MVKP/ ZEsUhYSU9R6BFeD8cg7FQdTDST1CKNMLPNv+bzkOIhlynzqy31/o+T+JOu80dYgL nmdTTCsXOyx6btLItGNqpdTF568yDeayxwk9E5LqN4a4hge2GnjxRc2DWxlFIHp7 eCgCchPbXAyRrnkIJ5EevEEUWhuRsqJ2LuIRtIzKcSzQ32+mcLtA2e7QEl9eYIFu HJHpBmJIcSbymYYfS25WWPglYdrNawF/yNTjh8u5Uln6iOYYVMWEhg== =jw5R -----END PGP SIGNATURE----- ----- End forwarded message -----