Bardissi Enterprises Blog

No exploit for OS X…as of yet 

Severity: Medium

26 November, 2007

Summary:

Over the long U.S. holiday weekend, a Polish security researcher publicly released exploit code for a zero-day vulnerability that affects Quicktime 7.3 and 7.2 for Windows. By enticing one of your users to a specially crafted web page, or tricking the user into opening a malicious Quicktime file, an attacker could exploit this flaw to execute code on that user’s computer, potentially gaining complete control of it. If you allow Quicktime or iTunes in your network (or suspect that users have installed them), have users either implement the workarounds described in this alert, or remove the applications until Apple releases a patch.

Exposure:

Last Friday, a security researcher named Krystian Kloskowski released Proof-of-Concept (PoC) code that exploits a zero day security vulnerability in the latest versions of Apple Quicktime (7.3 and 7.2) for Windows. The PoC exploits a new buffer overflow vulnerability involving the code that Quicktime uses to handle the Real Time Streaming Protocol (RTSP). This vulnerability is similar to another RTSP-related Quicktime flaw we described in January. By enticing one of your users into visiting a specially crafted web page or RTSP stream, or tricking them into opening a malicious Quicktime media file, an attacker could exploit this flaw to execute code on your user’s computer. A successful attacker inherits the privileges of the victim, so, depending upon what privileges you extend to your users, the attacker could potentially exploit this flaw to gain complete control of the victim computer.

New Product, New Name; Now Vista Compatible

WatchGuard is pleased to announce the immediate availability of a successor to our Mobile User VPN client, WatchGuard Mobile VPN with IPSec. This new VPN client includes new features and compatibility with Microsoft Windows Vista, and is also compatible with existing Firebox X Edge, Core, and Peak models, as well as Firebox SOHO 6 and Firebox III models. No upgrade to your Firebox appliance software is needed.

Here are more details about WatchGuard Mobile VPN with IPSec.

Operating System Compatibility: The new client is compatible with all versions of Microsoft Windows Vista (32 and 64 bit), Windows XP (32 bit only), and Windows 2000.

Firebox Compatibility: The new client is configured in exactly the same way as the previous Mobile User VPN (MUVPN) client, so no changes are required on your Firebox to begin using the new client. You also do not need to hand out new configuration profiles (commonly known by their file extension,.wgx) to your users. Only the Mobile VPN client software (and the name) have changed. Please note that this client is designed to connect only to WatchGuard devices. (If you have an urgent need for a Vista-compatible client that connects to non-WatchGuard devices, please contact Technical Support.)

Severity: Medium

16 November, 2007

Summary:

Today, a Chinese researcher released an advisory warning of a serious, zero day vulnerability affecting Windows Access 2003 (and most likely, earlier versions). By enticing one of your users into opening a malicious MDB file, an attacker can exploit this flaw to execute code on that user’s computer, potentially gaining complete control of the victim’s machine. If you use Microsoft Office 2003 with Access, you should implement the workarounds described in the Solution Path section of this alert until Microsoft releases a patch.

Exposure:

A Chinese security researcher calling himself Cocoruder released a security advisory today, describing a new, unpatched buffer overflow vulnerability in the Microsoft Jet Engine component (msjet40.dll) that Access uses to parse MDB files. By enticing one of your users into opening a maliciously crafted MDB file, an attacker can exploit this flaw to execute code on that user’s computer, with that user’s privileges. If the victim has local administrative privileges, the attacker could leverage this flaw to gain total control of the victim’s computer.

Severity: High

13 November, 2007

Summary:

Today, Microsoft released two security bulletins describing vulnerabilities that affect Windows. A remote attacker could exploit the worst of these flaws to execute code on your Windows XP or Windows Server 2003 computers, potentially gaining complete control of them. For a table briefly summarizing which vulnerabilities affect which versions of Windows, see Microsoft’s Security Bulletin Summary for November and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.

Exposure:

Microsoft’s two security bulletins detail vulnerabilities found in components of Windows. Each vulnerability affects different versions of Windows to a different extent. The summary below lists the sole Critical vulnerability first.

MS07-061: URI Handling Code Execution Vulnerability

Severity: High

5 November, 2007

Summary:

Apple just released an update that fixes seven vulnerabilities in Quicktime for Windows and OS X. By enticing one of your users into running a maliciously crafted Quicktime file, an attacker could exploit any one of these vulnerabilities to execute code on your user’s computer, possibly gaining control of it. If you allow Quicktime or iTunes in your network (or suspect that users have installed them), you should have users either remove the applications or install Apple’s Quicktime 7.3 update as soon as possible..

Exposure:

Today, Apple released an alert fixing seven previously unpatched security vulnerabilities in their popular media player application, Quicktime. Current versions of iTunes also ship with Quicktime. If your users have iTunes, they most likely have Quicktime. These applications run on Windows and Macintosh computers, and both platforms are susceptible to exploitation of these security flaws. Apple’s alert specifies Vista and XP SP2 as the vulnerable versions of Windows.