Severity: Medium

19 October, 2007

Summary:

Late yesterday, the Mozilla Foundation released an update to fix ten security vulnerabilities in Firefox 2.0.0.7, for Windows, Linux, and Macintosh. If one of your Firefox users visits a malicious web page, an attacker could exploit the worst of these vulnerabilities to execute code on your user’s computer, with your user’s privileges, possibly gaining complete control of the computer. If you run Firefox on any platform, you should download and deploy version 2.0.0.8 at your earliest convenience.

Exposure:

Yesterday, the Mozilla Foundation released Firefox 2.0.0.8, fixing ten security vulnerabilities in the popular web browser. We summarize the three most critical vulnerabilities below:

• Two memory corruption vulnerabilities. Firefox suffers from two unspecified crash bugs, which corrupt memory. Mozilla presumes that with enough effort some of these memory corruption flaws could be exploited to run arbitrary code. To exploit these flaws, an attacker would first have to trick one of your users into visiting a specially crafted web page. If your user took the bait, the attacker could execute code on that user’s machine, with that user’s privileges. If your

by Corey Nachreiner, CISSP, Network Security Analyst, WatchGuard Technologies

[Editor’s Note: This article supplements the list of attacks shown in Part 2 of the video series, Malware Analysis: Botnets. “Malware Analysis: Botnets, Part 2″ shows a small subset of botnet attacks in action. This article fills out that subset with more attacks commonly found in a bot herder’s arsenal. LiveSecurity subscribers can find the videos, free of charge, on our Video Tutorials page. –Scott]

You’ll often hear botnets described as a “hacker’s Swiss army knife.” Just as a Swiss army knife can come with a crazy variety of blades, scissors, and screwdrivers, bots come with numerous exploits and commands that allow bot herders to launch many different types of attacks.

Since coding up a bot client takes time and skill, most attackers buy bot code in the online underground. Popular malicious bots include Phatbot, Agobot, and the one shown in our video, Rxbot. These bot clients use modular code, so if a bot herder doesn’t love the array of commands his bot offers, he simply adds new ones. For

Severity: High

9 October, 2007

Summary:

Today, Microsoft released three security bulletins describing vulnerabilities that affect Windows and components shipping with it. A remote attacker could exploit the worst of these flaws to execute code on your Windows PC, potentially gaining complete control of it. For a table briefly summarizing which vulnerabilities affect which versions of Windows, see Microsoft’s Security Bulletin Summary for October and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.

Exposure:

Microsoft’s three security bulletins detail vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. The summary below lists the vulnerabilities from highest to lowest severity.

MS07-055 : Kodak Image Viewer Remote Code Execution Vulnerability

The Kodak Image Viewer ships with Windows and allows you to view digital images. Unfortunately, the Kodak Image Viewer suffers from an unspecified “code execution vulnerability” involving the way it parses specially

Severity: High

9 October , 2007

Summary:

Today, Microsoft released a security bulletin describing three vulnerabilities in Internet Explorer. By tricking one of your users into visiting a maliciously crafted web page or into opening a maliciously crafted HTML email, an attacker could exploit five of these new vulnerabilities to execute code on your user’s computer, with your user’s privileges. In the worst case, the attacker could gain complete control of the victim computer. If you use Internet Explorer in your network, you should download, test, and deploy the appropriate Internet Explorer patches immediately. The patches fix the newly announced vulnerabilities, in addition to all previous ones.

Exposure:

In a security bulletin released today as part of their monthly patch update, Microsoft describes three vulnerabilities in Internet Explorer (IE) versions 5.01, 6.0, and 7.0.

The worst of these three vulnerabilities has to do with a flaw in the way IE handles a certain error involving file downloads. Triggering this error in a particular way causes memory corruption. By luring one of your users into visiting a malicious web page

Severity: High

9 October, 2007

Summary:

Today, Microsoft released two security bulletins describing vulnerabilities affecting different Microsoft Office packages including Word (for Windows and Mac), Office SharePoint Server 2007, and Windows SharePoint Services 3.0. By enticing one of your users into opening a maliciously formed Office file, an attacker could exploit the worst of these flaws to execute code on your user’s computer, with your user’s privileges, potentially gaining control of that computer. If you use Office, Word, or SharePoint in your network, you should download, test, and deploy the appropriate patches immediately.

Exposure:

Microsoft’s two security bulletins describe vulnerabilities found in Word, Office SharePoint Server 2007, and Windows SharePoint Services 3.0. The summary below lists the vulnerabilities from highest to lowest severity.

MS07-060: Word Memory Corruption Vulnerability

Microsoft Word for Windows and Mac suffers from an unspecified memory corruption vulnerability. By enticing one of your users into downloading and opening a maliciously crafted Office document, an attacker can exploit this vulnerability to execute code on that user’s computer, with that user’s level of privileges and permissions. If your user has local administrative privilege,

About three weeks ago, word of an Adobe security flaw began to do the rounds.  It has taken Adobe three weeks to finally get around to announcing the problem.  The vulnerability allows a hacker to take control of a Windows XP system if it has IE7 installed.  Considering the amount of people that run IE7, it is probably quite a lot of systems.

The vulnerability exists in Adobe Reader 8.1 (and previous versions) Acrobat Standard, Professional and Elements 8.1 (and previous versions) and Acrobat 3D.  It is the reader vulnerability that makes this a particularly serious threat as the number of people using Acrobat is somewhat limited.  What machine doesn’t have a copy of Adobe Reader installed? It is free and PDF is the format of choice for a lot of written material online.

Adobe has released a temporary solution.  It involves making modifications to the Windows Registry, which tends to frighten away all but the power users.  The good news is that a real fix is on the way and should be here before the end of October.  Expect to