Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Sun Java SDK and JRE Updates

Published: 2005-11-30
Last Updated: 2005-12-01 01:27:44 UTC
by Scott Fendley (Version: 1)
0 comment(s)

Sun Microsystems announced Monday some updates to their Java Software Development Kit and Java Runtime Environment to address some security issues. These security vulnerabilities could allow malicious, untrusted code to compromise a user's computer.  Sun recommends that users update to the newest version of  the SDK and JRE available at http://java.sun.com .

For more information about the security issues please take a look at:
http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102050-1
http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102017-1
http://secunia.com/advisories/17748/

Thanks to all of the readers who have notified us of this issue this evening.


Scott Fendley
Handler on Duty

Update

Apple released security advisory stating that these Java vulnerabilities were fixed quite some time ago for Mac users. Java 1.3.1 and 1.4.2 Release 2, which are patched, have been available since September 13, while J2SE 5.0 Release 3 has been available since November 15, 2005.

In case you still didn't update, visit the following links:
http://www.apple.com/support/downloads/java2se50release3.html
http://www.apple.com/support/downloads/java131and142release2.html

Keywords:
0 comment(s)

Musings on the Internet Explorer 0-day vulnerability

Published: 2005-12-01
Last Updated: 2005-12-01 02:30:59 UTC
by Scott Fendley (Version: 2)
0 comment(s)
So are any of you like me with regard to the Internet Explorer vulnerability mentioned last week http://isc.sans.org/diary.php?storyid=874? I know that I am watching and waiting to see if Microsoft is going to release an out of cycle patch, or wait for December 13th patch day.  If I were a gambler, I might actually bet on Microsoft releasing it early.

Why do I think this way?  Well.... Glad you asked.

Yesterday, Microsoft updated the advisory located at KB911302 with a couple of tidbits.  First, they made mention of both Proof of Conecept and malicious software which appear to be targeting the reported vulnerability.  Second, they also mention the Windows Live Safety Center where end users can scan and remove any malicious software and variants that may be running around now.

Throwing in that Microsoft has on occasion released out-of-cycle patches (June 2004 is a case in point in my mind), then I think it is a safe bet that Microsoft will take appropriate steps to fix the problem as quickly as possible.  In the meantime there are 2 things I can continue to suggest.

1) Be vigilant.  Know that a patch will be forthcoming hopefully within the next 2 weeks and be ready to deploy quickly.

2) If your organization can operate with one of the workarounds Microsoft has mentioned in KB911302, then I recommend mitigating your risk as much as possible.  We all have at least one person who is a little too...uhm...liberal with browsing the Internet on company time.  Think about it, that very person is probably shopping for Christmas* presents right now on less-than-secure sites.  SO....I would suggest doing those workarounds to that computer first.  :-)


* For those that celebrate other holidays in December than Christmas, this statement is not meant to be offensive in any shape or form, or otherwise slight your holiday of choice.

Update

It was just a question of when will malware authors start exploiting this Internet Explorer vulnerability.
When users visit certain web sites, a file will be dropped on their machine using this exploit. The file being dropped is currently detected as TrojanDownloader:Win32/Delf.DH. When executed, this dropper will download another trojan.

Microsoft published information about this trojan at http://www.microsoft.com/security/encyclopedia/details.aspx?name=TrojanDownloader:Win32/Delf.DH.

Thanks to Juha-Matti!
Keywords:
0 comment(s)

Firefox 1.5 Released

Published: 2005-11-30
Last Updated: 2005-11-30 16:39:35 UTC
by Scott Fendley (Version: 1)
0 comment(s)
The Mozilla Foundation has released the production release of Firefox (version 1.5).  As there are some security issues that have been addressed, I felt that I should go ahead and note it in a diary tonight.

For more information on all of the fixes and other release notes, please see: http://www.mozilla.com/firefox/releases/1.5.html

Keywords:
0 comment(s)

Apple Security Update 2005-009

Published: 2005-11-30
Last Updated: 2005-11-30 01:45:17 UTC
by Bojan Zdrnja (Version: 1)
0 comment(s)
Apple has released a new Security Update, 2005-009.  A number of products have been patched, including Apache2, apache_mod_ssl, CoreFoundation, curl, iodbcadmintool, OpenSSL, passwordserver, Safari, sudo and syslog.

Security Update 2005-009 may be obtained from the Software Update pane in System Preferences, or from Apple's Software Downloads web site:
http://www.apple.com/support/downloads/.
Keywords:
0 comment(s)
Diary Archives