Microsoft Starts 2010 Slowly – A Single Bulletin Containing One Vulnerability
Wolfgang Kandek, 13/01/2010, posted in "Analysis"
As the CTO for Qualys, Wolfgang Kandek is responsible for product direction and all operational aspects of the QualysGuard platform and its infrastructure. Wolfgang has over 20 years of ...more info
As the CTO for Qualys, Wolfgang Kandek is responsible for product direction and all operational aspects of the QualysGuard platform and its infrastructure. Wolfgang has over 20 years of experience in developing and managing information systems. His focus has been on Unix-based server architectures and application delivery through the Internet. Prior to joining Qualys, Wolfgang was Director of Network Operations at the Online Music streaming company myplay.com and at iSyndicate, an Internet media syndication company. Earlier in his career, Wolfgang held a variety of technical positions at EDS, MCI and IBM. Wolfgang earned a Masters and a Bachelors degree in Computer Science from the Technical University of Darmstadt, Germany. ...less info
Microsoft starts 2010 slowly – a single bulletin containing one vulnerability in the embedded OpenType Font (EOT) engine.
Due to the memory model in Windows 2000 the vulnerability is critical on that version of the Windows Operating System, all others receive a low severity rating. The flaw can be exploited through any OpenType enabled application such as Internet Explorer, PowerPoint, Word, etc by viewing a Web page or a document. Users of Windows 2000 should upgrade as quickly as possible.
There are 2 significant releases from other vendors:
Oracle has released their quarterly Critical Patch Update today. It contains 25 fixes for 7 of their products, including application servers and database engine. The majority of the vulnerabilities are remotely exploitable without authentication and IT admins should be taking a close look at the exposure these products have in their networks. In general database engines should have no necessity to be connected to open networks, but the application servers are very likely exposed.
Adobe is also publishing their quarterly patch – and it will address a vulnerability in Adobe Reader that was documented as being actively exploited in the wild since the week before Christmas. There are workarounds are available, the official recommendation is to blacklist the JavaScript function that is being exploited.
Blacklisting is a capability introduced by Adobe in their last update to Adobe Reader v9 and v8 in October 2009 and might not be familiar to many IT admins yet. An alternative recommendation is to turn off JavaScript completely in Adobe Reader – JavaScript has played a major role in the exploitation of Adobe Reader in 2009, so this a good preventive and defensive measure. As this setting disables functionality potentially needed by users, IT admins need to evaluate their individual situations.
This release is also introducing the new Adobe updater process, which will according to Brad Arkin’s Tweet come preconfigured for automatic, silent updates à la Google Chrome. Intevydis, a security research company in Russia has announced last week that they will publish server-based 0-day vulnerabilities for the next 3 weeks. The first two are live and have POC code for Sun Directory Server 7.0 and Tivoli Directory Server 6.2.
Subscribe via RSS or via email
