Академический Документы
Профессиональный Документы
Культура Документы
Agenda
About eEye Microsofts September Security Bulletins Security Landscape Other InfoSec News Secure and Comply with eEye Q&A
About eEye
Our Company
Founded in 1998 Growing and profitable Leaders in security & compliance
Our Strengths
World renowned research team Trusted security advisors Recognized product leadership Unparalleled services & support
Our Difference
Fast, flexible deployment Integrated end-to-end solution Commitment to our customers Securing companies of all sizes from SMBs to Enterprise
Security research drives unrivaled capabilities of eEye solutions eEye regularly consults with top government agencies, congressional committees and industry analysts eEye is focused on supporting the changing compliance landscape eEye is at the forefront of Unified Vulnerability Management
eEye AMP
Any Means Possible Penetration Testing Gain true insight into network insecurities Capture-The-Flag Scenarios
Having a great R&D team issuing advisories and being on the front lines of discovering security issues is assuring and was a primary decision factor in choosing eEye when migrating from ISS.
Robert Timko Information Security Director
9 total bulletins; 11 Issues Fixed Vulnerability in Print Spooler Service Could Allow Remote Code Execution
(2347290) Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution (975558) Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2320113) Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011) Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960) Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (982802) Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2259922) Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539) Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546)
1 vulnerability fixed in bulletin Print Spooler Service Impersonation Vulnerability - CVE-2010-2729 (Previously
0day )
Criticality: Critical Used by Malware to exploit network machine A variant of Stuxnet uses this vulnerability to exploit machines with a shared
network printer Windows XP is especially vulnerable Certain printers even with password sharing enabled are still vulnerable Not a buffer overflow Memory Protection mechanisms will be useless against this attack.
Mitigation Disable printer sharing Enable password sharing on devices not vulnerable (KB2347290)
2010 eEye Confidential & Proprietary
eEye Digital Security
1 vulnerability fixed in bulletin MPEG-4 Codec Vulnerability - CVE-2010-0818 Criticality: High Another perfect attack vector in a multimedia world Drive by browser attack vector will be the most used Dont forget the local attack / network shared drive attack vectors Attack can come from ASF, WMV, or WMA files Mitigation Remove the following CLSIDs from the registry:
82CCD3E0-F71A-11D0-9FE5-00609778EA66 2a11bae2-fe6e-4249-864b-9e9ed6e8dbc2
Attackers are looking at this vulnerability very carefully Mitigation Use CACLS to restrict execution access to USP10.DLL. Prevent embedded fonts from being parsed within Internet Explorer and other
applications
Install Blink Personal/Professional to mitigate against this right out of the box
2010 eEye Confidential & Proprietary
eEye Digital Security
1 vulnerability fixed in bulletin Heap Based Buffer Overflow in Outlook Vulnerability - CVE-2010-2728 Criticality: Critical Attackers will use this to compromise machines Outlook makes an ideal target for remote attackers looking to exploit corporations
and businesses
Attacker sends an email, victim views the email in HTML/Rich Text mode, victim is
compromised
Outlook XP is especially vulnerable Mitigation Set Outlook to view emails in plain-text mode by default. Install Blink Personal/Professional
1 vulnerability fixed in bulletin RPC Memory Corruption Vulnerability - CVE-2010-2567 Criticality: Important Not as bad as it originally seem Client-side RPC attack, the attacker has to convince a client to connect to their
malicious server
However this could be done using numerous route poisoning/hijacking methods Attackers will much more likely use 061 or 068 Mitigation Block all ports associated with RPC on the internal firewall. Install Blink Personal / Professional
1 vulnerability fixed in bulletin WordPad Word 97 Text Converter Memory Corruption Vulnerability - CVE-20102563
Criticality: Moderate Unlikely Attack Vector Theres much bigger fish to fry than WordPad Machines with Microsoft Office installed would require additional social engineering
to exploit
Attackers are not likely going to develop exploits for this theres much better
exploits out (PDF)
Mitigation Disable WordPad's access to the Word 97 text converter. Install Blink Personal or Professional to mitigate
0days are out) Once on the compromised machine the attacker would then wait for the user to authenticate to the domain (this can be forced or through patience) Attacker will then send a malicious LSASS request to your Active Directory Server Game Over
Mitigation Systems running on a domain should be patch immediately. Install Blink Professional to buy you some time before patching
2010 eEye Confidential & Proprietary
eEye Digital Security
Likely only used by attackers in very targeted scenarios The least of your worries this month Mitigation No practical mitigations exist, apply the patch at your earliest convenience
CTO/CSO/CxO News
HP buys 3PAR, Fortify and ArcSight
IT Admin News
Adobe Reader 0day In The Wild Adobe Flash 0day In The Wild ( http://isitsafetouseadobereader.info/ ;) ) Here you have malware
Researcher News
DLL Hijacking iTunes Ping Scam Sony Playstation 3 Hacked Blu-Ray DRM Master Keys Leaked MOAB 0days
2010 eEye Confidential & Proprietary
eEye Digital Security
17
http://blog.eeye.com
http://www.facebook.com/eEyeDigitalSecurity
http://www.twitter.com/eEye
http://www.YouTube.com/eEyeDigitalSecurity
18
Visit www.eeye.com
19
20