Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Vulnerabilities & Exploits
Showing posts in English
Bhaskar Krishna | 21 Aug 2012 21:12:17 GMT

As we are all aware, Adobe released security updates for Adobe Flash Player 11.3.300.270 and earlier versions for Windows, Macintosh, and Linux. These security updates address the Adobe Flash Player CVE-2012-1535 Remote Code Execution Vulnerability that could cause the application to crash and potentially allow an attacker to take control of the compromised computer. Adobe has also stated that there are reports of the vulnerability being exploited in the wild in limited targeted attacks distributed through malicious Word documents.

We have observed these threats since August 10, 2012, and to-date we have successfully blocked more than 1,300 samples. The first sample...

Candid Wueest | 14 Aug 2012 17:42:43 GMT

Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing nine bulletins covering a total of 26 vulnerabilities. Twenty-one of this month's issues are rated ’Critical’. The Critical issues affect Windows common controls, Internet Explorer, Remote Desktop Protocol (RDP), Print Spooler service, Remote Administration Protocol (RAP), and Microsoft Exchange Server.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available
  • Run all software with the least privileges required while still maintaining functionality
  • Avoid handling files from unknown or questionable sources
  • Never visit sites of unknown or questionable integrity
  • Block external access at the network perimeter to all key systems unless specific access is required

Microsoft's summary of the August releases can be found here...

Candid Wueest | 10 Jul 2012 17:27:26 GMT

Hello and welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing nine bulletins covering a total of 16 vulnerabilities. Four of this month's issues are rated 'Critical' affecting Microsoft Data Access Components, Internet Explorer, and XML Core Services.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the July releases can be found here:
http://technet.microsoft.com/en-...

Jeet Morparia | 02 Jul 2012 17:10:54 GMT

Recently we have received several customer issues about garbage being printed on their network printers. During our investigation, we came across a new worm that causes the garbage print jobs. Symantec detects this worm as W32.Printlove. W32.Printlove uses the Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability (CVE 2010-2729) discovered in 2010 to spread across networks. We have created a video that demonstrates how it accidently prints garbage.
 

...

Candid Wueest | 12 Jun 2012 18:03:01 GMT

Hello, welcome to this month’s blog on the Microsoft patch release. This is a larger month—the vendor is releasing seven bulletins covering a total of 27 vulnerabilities.

Ten of this month's issues are rated 'Critical' affecting Remote Desktop Protocol and Internet Explorer. The remaining issues affect .NET Framework, Office, and Dynamics AX.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available
  • Run all software with the least privileges required while still maintaining functionality
  • Avoid handling files from unknown or questionable sources
  • Never visit sites of unknown or questionable integrity
  • Block external access at the network perimeter to all key systems unless specific access is required

Microsoft’s summary of the June releases can be found here:
...

Symantec Security Response | 01 Jun 2012 11:13:13 GMT

Flamer has the ability to spread from one computer to the next. However, Flamer does not automatically spread, but instead waits for instructions from the attackers. Flamer can spread using the following methods:

Symantec Security Response | 24 May 2012 12:12:33 GMT

Analysis by: Hiroshi Shinotsuka

Recent malware campaigns that used Tibet-related issues as bait have been well documented and it should come as no surprise that we have seen another Tibetan-themed attack using a malicious Word document. The emails involved in the attack are in English and were sent to a clothing company in the United States.

While they appear to come from Tibet-related organizations, the email headers revealed that they were sent from a mail server in Russia.

Recently, we discovered a file that differs to other malware in that it uses a well-known graphics card manufacturer’s legitimately signed program as an attack vector.

After opening the attached document file, a vulnerability—CVE-2012-0158...

Candid Wueest | 08 May 2012 18:14:56 GMT

Hello, welcome to this month’s blog on the Microsoft patch release. This is a larger month—the vendor is releasing 7 bulletins covering a total of 23 vulnerabilities.

Eight of this month's issues are rated ‘Critical’ and they affect Windows, .NET, Office and Silverlight. The remaining issues affect Office and Windows.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the May releases can be found here:
...

Robert Keith | 10 Apr 2012 18:16:22 GMT

Hello, welcome to this month’s blog on the Microsoft patch release. This is an average month—the vendor is releasing six bulletins covering a total of 11 vulnerabilities.

Seven of this month's issues are rated ‘Critical’ and they affect Internet Explorer, .NET, and Windows. The remaining issues affect Internet Explorer, Windows, Forefront Unified Access Gateway, and Office.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the April releases can be found here:
...

Symantec Security Response | 16 Mar 2012 15:14:44 GMT

A warning against a critical vulnerability in the Remote Desktop Protocol (RDP) was posted by Microsoft on Tuesday, March 13. A patch to close this security hole was released on the same day as part of the regular MS Patch Tuesday release: Microsoft Remote Desktop Protocol CVE-2012-0002 Remote Code Execution Vulnerability (BID 52353).

As RDP listens on a TCP port, this vulnerability can be triggered remotely and could lead to code execution. Hackers are eager to develop an exploit. Security Response can confirm that a Proof of Concept (PoC) resulting in a denial-of-service condition for MS12-020 has been published. Symantec has released IPS signature 25610 (Attack: Microsoft RDP CVE-2012-0002 3) to block attempts to...