[IS&T Security-FYI] SFYI Newsletter, April 3, 2009

Monique Yeaton myeaton at MIT.EDU
Fri Apr 3 15:35:28 EDT 2009 

In this issue:

1. Software Flaws & Updates
2. Botnets Not Used Just For Spam
3. Conficker Worm Fails to Wreak Havoc


-------------------------------------
1. Software Flaws & Updates
-------------------------------------

  *****Microsoft PowerPoint flaw*****

Hackers are actively exploiting an "extremely critical" software  
vulnerability in Microsoft PowerPoint, the company's presentation  
application. Microsoft announced this Thursday, saying it has seen  
limited, targeted attacks.

There's no patch yet for the bug. An attacker who successfully  
exploits this vulnerability could gain the same user rights as the  
local user. Users whose accounts are configured to have fewer user  
rights on the system could be less affected than users who operate  
with administrative user rights.

Systems affected:

  * Office 2000 Service Pack 3
  * Office XP SP3
  * Office 2003 SP3
  * Office 2004 for Mac

Office 2007 is unaffected. Microsoft advised users to not open or save  
Office files that come from untrusted sources. If the file is opened,  
users won't have much of an indication that it's a malicious file.

Read more here:
<http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9131040 
 >

and here:
<http://www.microsoft.com/technet/security/advisory/969136.mspx>

  *****Firefox and SeaMonkey Update*****

Mozilla has released Firefox 3.0.8, and SeaMonkey 1.1.16 to address a  
pair of critical security flaws. The browser has been updated for  
Windows, Mac and Linux systems. The flaws involve XSL transformation  
vulnerability and the XUL <tree> element; both could be exploited to  
crash the browser and run arbitrary code on a victim's computer. The  
update can be downloaded from browser's update menu or from the  
Mozilla web site.

Systems affected:

  * Firefox 3.0.x
  * SeaMonkey 1.1.x

Read more here:
<http://www.pcworld.com/article/162139/firefox_patches_zeroday_hacking_contest_bugs.html 
 >

and here:
<http://www.mozilla.org/security/announce/2009/mfsa2009-12.html>

  *****Proof-of-Concept Exploit Code Published for Mac OS X Kernel  
Flaws*****

Systems affected:

* Mac OS X 10.5.6

Proof-of-concept exploit code has been posted online for six kernel  
vulnerabilities, five of which affect Mac OS X 10.5.6, the most  
current version of Apple's operating system software. One of the  
flaws, a local kernel root exploit in FreeBSD 7.0/7.1 has been  
patched. The five that affect Mac OS X, which uses the Mach kernel and  
incorporates portions of FreeBSD Unix, remain unpatched.

Inaki Urzay, CTO of Panda Security, said the proof-of-concept code  
isn't an immediate threat but that it could be in the future. "The  
vulnerabilities demonstrate the code can take control of a machine,  
either via creating a privilege escalation modifying the users or  
launching DoS local attacks against the PC," he said in an e-mail to  
InformationWeek. "The proof of concept code has the ability to create  
a new system volume, call to some OS functions, change the user ID,  
and so on, without administrative privileges."

Read more here:
<http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181 
 >


---------------------------------------------
2. Botnets Not Used Just For Spam
---------------------------------------------

Last week I posted an article about what a botnet is. The article  
explained that botnets are often used for sending out spam. However,  
as a reader of this newsletter pointed out, that is not the only thing  
botnets are used for. As he writes:

"As a long-time IRC administrator, I have to say that these botnets  
are used for much more than just sending spam.  Although that is the  
major revenue source which encourages most modern botnets, they can  
and have also been used to source massive distributed denial of  
service attacks
against IRC and other network services, including a fairly high  
profile attempted attack on the White House's web site a number of  
years back..."


---------------------------------------------------
3. Conficker Worm Fails to Wreak Havoc
---------------------------------------------------

The good news is that Conficker did not cause the kind of havoc the  
media speculated it would, and that the U.S. and Canada came away  
relatively unaffected. Most of the infected machines are in Asia and  
Europe. The bad news is that Conficker is still alive and well.  
According to the CTO of Bach Khoa Internetwork Security (BKIS), an  
antivirus vendor in Vietnam, "there are 1,384,100 computers harboring  
the worm [worldwide]."

Read more at these sites:

<http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9131038 
 >

<http://www.pcmag.com/article2/0,2817,2344342,00.asp?kc=PCRSS05079TX1K0000992 
 >

<http://news.cnet.com/8301-1009_3-10210934-83.html?part=rss&subj=news&tag=2547-1_3-0-20 
 >



=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security

---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you  
for your password.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090403/e630b77c/attachment.htm

More information about the ist-security-fyi mailing list