Video Screencast Help
Security Response
Showing posts tagged with Vulnerabilities & Exploits
Showing posts in English
Jeet Morparia | 02 Jul 2012 17:10:54 GMT

Recently we have received several customer issues about garbage being printed on their network printers. During our investigation, we came across a new worm that causes the garbage print jobs. Symantec detects this worm as W32.Printlove. W32.Printlove uses the Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability (CVE 2010-2729) discovered in 2010 to spread across networks. We have created a video that demonstrates how it accidently prints garbage.
 

...

Candid Wueest | 12 Jun 2012 18:03:01 GMT

Hello, welcome to this month’s blog on the Microsoft patch release. This is a larger month—the vendor is releasing seven bulletins covering a total of 27 vulnerabilities.

Ten of this month's issues are rated 'Critical' affecting Remote Desktop Protocol and Internet Explorer. The remaining issues affect .NET Framework, Office, and Dynamics AX.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available
  • Run all software with the least privileges required while still maintaining functionality
  • Avoid handling files from unknown or questionable sources
  • Never visit sites of unknown or questionable integrity
  • Block external access at the network perimeter to all key systems unless specific access is required

Microsoft’s summary of the June releases can be found here:
...

Symantec Security Response | 01 Jun 2012 11:13:13 GMT

Flamer has the ability to spread from one computer to the next. However, Flamer does not automatically spread, but instead waits for instructions from the attackers. Flamer can spread using the following methods:

Symantec Security Response | 24 May 2012 12:12:33 GMT

Analysis by: Hiroshi Shinotsuka

Recent malware campaigns that used Tibet-related issues as bait have been well documented and it should come as no surprise that we have seen another Tibetan-themed attack using a malicious Word document. The emails involved in the attack are in English and were sent to a clothing company in the United States.

While they appear to come from Tibet-related organizations, the email headers revealed that they were sent from a mail server in Russia.

Recently, we discovered a file that differs to other malware in that it uses a well-known graphics card manufacturer’s legitimately signed program as an attack vector.

After opening the attached document file, a vulnerability—CVE-2012-0158...

Candid Wueest | 08 May 2012 18:14:56 GMT

Hello, welcome to this month’s blog on the Microsoft patch release. This is a larger month—the vendor is releasing 7 bulletins covering a total of 23 vulnerabilities.

Eight of this month's issues are rated ‘Critical’ and they affect Windows, .NET, Office and Silverlight. The remaining issues affect Office and Windows.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the May releases can be found here:
...

Robert Keith | 10 Apr 2012 18:16:22 GMT

Hello, welcome to this month’s blog on the Microsoft patch release. This is an average month—the vendor is releasing six bulletins covering a total of 11 vulnerabilities.

Seven of this month's issues are rated ‘Critical’ and they affect Internet Explorer, .NET, and Windows. The remaining issues affect Internet Explorer, Windows, Forefront Unified Access Gateway, and Office.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the April releases can be found here:
...

Symantec Security Response | 16 Mar 2012 15:14:44 GMT

A warning against a critical vulnerability in the Remote Desktop Protocol (RDP) was posted by Microsoft on Tuesday, March 13. A patch to close this security hole was released on the same day as part of the regular MS Patch Tuesday release: Microsoft Remote Desktop Protocol CVE-2012-0002 Remote Code Execution Vulnerability (BID 52353).

As RDP listens on a TCP port, this vulnerability can be triggered remotely and could lead to code execution. Hackers are eager to develop an exploit. Security Response can confirm that a Proof of Concept (PoC) resulting in a denial-of-service condition for MS12-020 has been published. Symantec has released IPS signature 25610 (Attack: Microsoft RDP CVE-2012-0002 3) to block attempts to...

Robert Keith | 13 Mar 2012 19:08:03 GMT

Hello, welcome to this month’s blog on the Microsoft patch release. This is a smaller month—the vendor is releasing six bulletins covering a total of seven vulnerabilities.

Only one of this month's issues is rated ‘Critical’ and it affects the Remote Desktop Protocol. The remaining issues affect the Windows kernel, DNS Server, Expression, Visual Studio, and Windows.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the March releases can be found here:
...

Robert Keith | 14 Feb 2012 19:40:31 GMT

Hello, welcome to this month’s blog on the Microsoft patch release. This is a larger month—the vendor is releasing 9 bulletins covering a total of 21 vulnerabilities.

Six of this month's issues are rated ‘Critical’ and they affect Internet Explorer, .NET, Windows, and GDI. The remaining issues affect Internet Explorer, Windows, Visio, and SharePoint.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the February releases can be found here:
...

Shunichi Imano | 27 Jan 2012 13:06:53 GMT

Symantec Security Response is aware of in-the-wild malware exploiting the Microsoft Windows Media Player 'winmm.dll' MIDI File Parsing Remote Buffer Overflow Vulnerability (BID 51292). Microsoft has already issued a patch against this vulnerability in the monthly patch release this January. Applying the patch is strongly recommended.

There are several components involved in this live attack:

  • a.exe
  • baby.mid
  • i.js
  • mp.html

Symantec products detect mp.html and i.js as Trojan.Malscript. The vulnerable baby.mid file is detected as Trojan Horse and the end-result file, a.exe, is...