Apple just released their web browser Safari in version 4.0.4 – both for Mac OS X and for Windows. Previous versions have some serious security vulnerabilities which can lead to remote code execution, crashes or to information disclosure, for example. More details can be found in Apples security advisory.

Just after the November patchday this week new reports about an issue with Microsofts SMB implementation in Windows 7 and Windows Server 2008 popped up. Rob VandenBrink of the Internet Storm Center took the publicly available exploit code, fixed a line of code – et voilà, a machine with Windows 7 or Server 2008 connecting to this faked server instantly freezes. There are no reports yet about Microsoft investigating this issue.

Update: Microsoft has released a security advisory this weekend where the company explains that it investigates the reports and is preparing a patch.

Dirk Knop
Technical Editor

The Redmond company released 6 security bulletins with according patch-sets for this November Black Tuesday. These patches close security holes mainly in Microsoft Office and in the Windows Kernel which allow for example for drive-by-downloads, privilege escalation and remote code injection and execution.

Affected are all Microsoft operating systems (including Server 2008 core installations) and nearly all Office versions – as well as the office viewers. Installing the updates fast is recommended as according to Microsofts threat matrix it is very likely that exploits for these vulnerabilities will appear very soon on the Internet.

Dirk Knop
Technical Editor

Just a few hours before Microsoft will release Updates for its software, Apple released version 10.6.2 of Mac OS X and Security Update 2009-006, respectively. This Update fixes numerous of security issues within the Mac operating system.

You can download the Update from Apples web site or just use the updater of Mac OS X. As some of the vulnerabilities allow for remote code injection and execution, the Update is recommended.

The Apple platforms will soon be targeted with more energy by cyber criminals: Just recently hackers attacked for example Apples iPhones which are jailbreak’ed – they broke into the phone through the standard password for the SSH installation. So at least change the default passwords if you used jailbreak.

Dirk Knop
Technical Editor

Already last week Opera released version 10.01 of its Web Browser. It closes some security holes. At least one of them can lead to code injection (for example to infect the computer with a Trojan). Users are advised to install the new version fast.

Meanwhile, the Mozilla Foundation has updated Firefox to version 3.5.5. The developers only mention stability fixes, this release doesn’t seem to fix security issues. Anyhow it is a good idea to install the update.

There was another security Update for Sun Java. Version 6 Update 17 fixes a lot of security vulnerabilities. Those flaws may lead to remote code execution, thus updating immediately is recommended.

What else? Adobe has released Shockwave Player 11.5.1.602 which also closes security holes in the software which allow for remote malware injection. Users of the Shockwave Player (which is different from Adobe Flash Player) should also update their software immediately.

Today also Google released an update for its Chrome browser. It fixes 2 security problems which put users at risk.

Dirk Knop
Technical Editor

For the upcoming Patch Tuesday next week, Microsoft plans to release 6 security bulletins. 3 of them handle critical rated security issues, the other 3 are rated important.

Affected are Windows Operating Systems starting from Windows 2000 up to Windows Server 2008. The “important” fixes are for Microsoft Office (also for Mac) and the Office Viewers.

Prepare to install the patches as soon as possible as usually exploits for these security vulnerabilities are released very soon after Microsoft ships the patches.

Dirk Knop
Technical Editor

The Mozilla Foundation just released Firefox 3.5.4 – the new version closes 11 security holes of which 6 are considered critical from the Mozilla developers. Those vulnerabilities can be abused by cybercriminals to inject malicious code like a Trojan into the computer. The release also fixes a few non-security related issues.

Some of the bugs also affect earlier versions of the Mozilla browsers and get fixed within Firefox 3.0.15 (though it is recommended to update to Firefox 3.5) and in SeaMonkey 2.0. Thunderbird doesn’t get mentioned in the security advisories.

As some of the vulnerabilities are quite serious security issues, users should update the software as soon as possible. The easiest way is to go to the “Help” menu and choose “Check for Updates”.

Dirk Knop
Technical Editor

Not only Microsoft released a bunch of patches to close security holes in their products, but also Adobe now ships updated software to fix several vulnerabilities in Adobe Reader and Acrobat which already get attacked with specially prepared PDF documents to take over control of vulnerable computers – Avira AntiVir protects its users and detects the currently circulating exploit PDF as Exp/Pidief.xam.

Users of Adobe Reader and Acrobat with earlier versions than the new 9.2 are advised to install the updated software immediately to protect themselves from the attacks; Adobe rates the vulnerabilities as critical. New versions of Reader are available for Windows, Mac and Unix. Further links for updates for different Acrobat versions are listed in Adobes security advisory.

Dirk Knop
Technical Editor

10 days ago first exploit code for the security vulnerability in the SMBv2 protocol appeared in the underground. Today working exploit code for the open source penetration testing framework Metasploit was released. Therewith it is possible for the cybercriminals to produce malware which infects vulnerable systems – Windows Vista, Windows Server 2008 and Windows 7 up to Release Candidate 1.

Now administrators should take countermeasures if they haven’t done so yet. Microsoft doesn’t provide a patch to solve the issue, but offers a “1-click-tool” which disables SMBv2 services on the affected systems. This can have a small performance impact. Another suggested solution by Microsoft is to block traffic to the TCP Ports 139 and 445 – which would disable Windows Network Sharing altogether.

We’re constantly monitoring the malware scene – if malware using this attack vector appears we can protect our customers very fast. Anyhow it is a good idea to implement the workaround with the Fix-it-for-me-tool.

Dirk Knop
Technical Editor

Microsoft acknowledged a security hole in its SMBv2 implementation in Windows Vista, Server 2008 and Windows 7 up to the Release Candidate. With injecting specially prepared network packets attackers obviously are able to take complete control over affected computers.

Now a security company released an exploit for this vulnerability for their exploit framework for penetration testing. It should work for Windows Vista and Server 2008. Also, the open source framework Metasploit is said to release a reliable exploit soon.

So it is just a matter of time until malware exploiting the SMBv2 vulnerability will appear in the wild. The security hole could be used by a worm for example. Microsoft has no patch ready, but advises to implement one of the following workarounds:

- Disable SMBv2 support. The Redmond company also provides a “Fix-it-for-me” tool which will do this for the user. There is also a tool for enabling SMBv2 again.

- Block access to the TCP ports 139 and 445.

While the latter completely disables network shares for windows, the first solution should only have a small performance impact. Administrators might be advised best to disable the SMBv2 support in their LANs until Microsoft releases a patch so that no worm can spread through this security hole.

We’re monitoring the malware scene very closely so we can provide updated detections for appearing worms or similar malware for this vulnerability if necessary.

Dirk Knop
Technical Editor

The Mozilla developers released Firefox 3.5.3, which fixes overall 4 security holes in the Web browser. 3 of them are considered to be critical and allow for executing code within the browser with highest privileges and to compromise the computer. Attackers could abuse these vulnerabilities to inject for example Trojans and other malware onto the victim’s computer – just with manipulated web pages.

With Firefox 3.5.3, the developers also added a nice new feature to the software: It’ll warn users if their Adobe Flash Player plug-in is outdated and must be updated. They’ll extend this feature for other plug-ins, according to the Mozilla Security Blog.

Please install the update as soon as possible. The easiest way is to go to the Help menu and click on “Check for Updates”. You can also download the whole installation package on the Firefox web site.

Dirk Knop
Technical Editor