[IS&T Security-FYI] SFYI Newsletter, April 3, 2009
Monique Yeaton
myeaton at MIT.EDU
Fri Apr 3 15:35:28 EDT 2009
In this issue:
1. Software Flaws & Updates
2. Botnets Not Used Just For Spam
3. Conficker Worm Fails to Wreak Havoc
-------------------------------------
1. Software Flaws & Updates
-------------------------------------
*****Microsoft PowerPoint flaw*****
Hackers are actively exploiting an "extremely critical" software
vulnerability in Microsoft PowerPoint, the company's presentation
application. Microsoft announced this Thursday, saying it has seen
limited, targeted attacks.
There's no patch yet for the bug. An attacker who successfully
exploits this vulnerability could gain the same user rights as the
local user. Users whose accounts are configured to have fewer user
rights on the system could be less affected than users who operate
with administrative user rights.
Systems affected:
* Office 2000 Service Pack 3
* Office XP SP3
* Office 2003 SP3
* Office 2004 for Mac
Office 2007 is unaffected. Microsoft advised users to not open or save
Office files that come from untrusted sources. If the file is opened,
users won't have much of an indication that it's a malicious file.
Read more here:
<http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9131040
>
and here:
<http://www.microsoft.com/technet/security/advisory/969136.mspx>
*****Firefox and SeaMonkey Update*****
Mozilla has released Firefox 3.0.8, and SeaMonkey 1.1.16 to address a
pair of critical security flaws. The browser has been updated for
Windows, Mac and Linux systems. The flaws involve XSL transformation
vulnerability and the XUL <tree> element; both could be exploited to
crash the browser and run arbitrary code on a victim's computer. The
update can be downloaded from browser's update menu or from the
Mozilla web site.
Systems affected:
* Firefox 3.0.x
* SeaMonkey 1.1.x
Read more here:
<http://www.pcworld.com/article/162139/firefox_patches_zeroday_hacking_contest_bugs.html
>
and here:
<http://www.mozilla.org/security/announce/2009/mfsa2009-12.html>
*****Proof-of-Concept Exploit Code Published for Mac OS X Kernel
Flaws*****
Systems affected:
* Mac OS X 10.5.6
Proof-of-concept exploit code has been posted online for six kernel
vulnerabilities, five of which affect Mac OS X 10.5.6, the most
current version of Apple's operating system software. One of the
flaws, a local kernel root exploit in FreeBSD 7.0/7.1 has been
patched. The five that affect Mac OS X, which uses the Mach kernel and
incorporates portions of FreeBSD Unix, remain unpatched.
Inaki Urzay, CTO of Panda Security, said the proof-of-concept code
isn't an immediate threat but that it could be in the future. "The
vulnerabilities demonstrate the code can take control of a machine,
either via creating a privilege escalation modifying the users or
launching DoS local attacks against the PC," he said in an e-mail to
InformationWeek. "The proof of concept code has the ability to create
a new system volume, call to some OS functions, change the user ID,
and so on, without administrative privileges."
Read more here:
<http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181
>
---------------------------------------------
2. Botnets Not Used Just For Spam
---------------------------------------------
Last week I posted an article about what a botnet is. The article
explained that botnets are often used for sending out spam. However,
as a reader of this newsletter pointed out, that is not the only thing
botnets are used for. As he writes:
"As a long-time IRC administrator, I have to say that these botnets
are used for much more than just sending spam. Although that is the
major revenue source which encourages most modern botnets, they can
and have also been used to source massive distributed denial of
service attacks
against IRC and other network services, including a fairly high
profile attempted attack on the White House's web site a number of
years back..."
---------------------------------------------------
3. Conficker Worm Fails to Wreak Havoc
---------------------------------------------------
The good news is that Conficker did not cause the kind of havoc the
media speculated it would, and that the U.S. and Canada came away
relatively unaffected. Most of the infected machines are in Asia and
Europe. The bad news is that Conficker is still alive and well.
According to the CTO of Bach Khoa Internetwork Security (BKIS), an
antivirus vendor in Vietnam, "there are 1,384,100 computers harboring
the worm [worldwide]."
Read more at these sites:
<http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9131038
>
<http://www.pcmag.com/article2/0,2817,2344342,00.asp?kc=PCRSS05079TX1K0000992
>
<http://news.cnet.com/8301-1009_3-10210934-83.html?part=rss&subj=news&tag=2547-1_3-0-20
>
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security
---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you
for your password.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090403/e630b77c/attachment.htm
More information about the ist-security-fyi
mailing list