Security Log: 2008/10

Adobe Flash에 여러가지 취약점들이 발표되었다.

(1) Adobe Flash CS3 SWF Processing Buffer Overflow vulnerabilities
(2) Adobe Flash Player Multiple Security Issues

첫번째 것은 CS3 SWF의 매우 긴 SWF control prameter 처리하는 동안 발생할 수 있는 boundary error때문에 발생되는 것으로, buffer overflow를 야기 시킨다.
따라서 만약 악의적인 목적으로 작성된 SWF 파일을 일반 사용자가 열어보는 경우 바로 buffer overflow로 인해 코드 실행이 가능해 져서 시스템 접근이 가능하게 되는 등 매우 치명적인 취약점이라고 할 수 있다.
아직 패치는 나오지 않았으며, 패치가 나올 때까지 사용자들은
확실하지 않은 SWF 파일(확실히 믿음이 가지 않는)은 절대로 열어보지 않아야만 할 것이다.

CS4나 MAC 버전의 CS3에서는 이 취약점이 영향이 없다고 한다.

Security Assessment : http://security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Authoring_Heap_Overflows.pdf

두번째 취약점은 Adobe Flash Player 관련된 취약점이다.
이 취약점은 악의적인 사용자가 어떠한 보안 제약을 우회하여 어떤 특정 데이터를 조작할 수 있는 취약점으로 여러가지가 뒤섞여 있다.
만약 Flash Player 버전 9.0.124.0이나 그 이전 버전을 사용하고 있는 사용자가 있다면 취약점에 노출되었다고 할 수 있다. 가장 최신 버전인 10.0.12.36으로의 업그레이드가 필요하다.

상세한 내용은 링크를 걸어둔 Adobe Security Advisory 사이트를 참고하기 바란다.

이번 10월에도 MS에서는 우리를 실망시키지 않고-_- 참 많은 보안 패치를 내보내 주셨다.
그것도 골고루.. 아주 다양 하게~
서버에 적용해야 하는 것도 좀 있어 보이고, 일반 사용자에게 관련 있어 보이는 것들도 꽤 보인다.
상세한 취약점 내용은 조만간 분석해 봐야겠다....

Executive Summaries
The security bulletins for this month are as follows, in order of severity:

Critical (4)

Bulletin Identifier	Microsoft Security Bulletin MS08-060
Bulletin Title	Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
Executive Summary	This security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker gains access to an affected network. This vulnerability only affects Microsoft Windows 2000 servers configured to be domain controllers. If a Microsoft Windows 2000 server has not been promoted to a domain controller, it will not be listening to Lightweight Directory Access Protocol (LDAP) or LDAP over SSL (LDAPS) queries, and will not be exposed to this vulnerability.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.
Affected Software	Microsoft Windows. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS08-058
Bulletin Title	Cumulative Security Update for Internet Explorer (956390)
Executive Summary	This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerabilities could allow information disclosure or remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.
Affected Software	Microsoft Windows, Internet Explorer. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS08-059
Bulletin Title	Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft Host Integration Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted Remote Procedure Call (RPC) request to an affected system. Customers who follow best practices and configure the SNA RPC service account to have fewer user rights on the system could be less impacted than customers who configure the SNA RPC service account to have administrative user rights.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update may require a restart.
Affected Software	Microsoft Host Integration Server. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS08-057
Bulletin Title	Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
Executive Summary	This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update does not require a restart.
Affected Software	Microsoft Office. For more information, see the Affected Software and Download Locations section.

Important (6)

Bulletin Identifier	Microsoft Security Bulletin MS08-066
Bulletin Title	Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
Executive Summary	This security update resolves a privately reported vulnerability in the Microsoft Ancillary Function Driver. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Maximum Severity Rating	Important
Impact of Vulnerability	Elevation of Privilege
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.
Affected Software	Microsoft Windows. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS08-061
Bulletin Title	Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
Executive Summary	This security update resolves one publicly disclosed and two privately reported vulnerabilities in the Windows kernel. A local attacker who successfully exploited these vulnerabilities could take complete control of an affected system. The vulnerabilities could not be exploited remotely or by anonymous users.
Maximum Severity Rating	Important
Impact of Vulnerability	Elevation of Privilege
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.
Affected Software	Microsoft Windows. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS08-062
Bulletin Title	Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
Executive Summary	This update resolves a privately reported vulnerability in the Windows Internet Printing Service that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating	Important
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.
Affected Software	Microsoft Windows. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS08-063
Bulletin Title	Vulnerability in SMB Could Allow Remote Code Execution (957095)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerability could allow remote code execution on a server that is sharing files or folders. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights.
Maximum Severity Rating	Important
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.
Affected Software	Microsoft Windows. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS08-064
Bulletin Title	Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
Executive Summary	This security update resolves a privately reported vulnerability in Virtual Address Descriptor. The vulnerability could allow elevation of privilege if a user runs a specially crafted application. An authenticated attacker who successfully exploited this vulnerability could gain elevation of privilege on an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Maximum Severity Rating	Important
Impact of Vulnerability	Elevation of Privilege
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.
Affected Software	Microsoft Windows. For more information, see the Affected Software and Download Locations section.

Bulletin Identifier	Microsoft Security Bulletin MS08-065
Bulletin Title	Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)
Executive Summary	This security update resolves a privately reported vulnerability in the Message Queuing Service (MSMQ) on Microsoft Windows 2000 systems. The vulnerability could allow remote code execution on Microsoft Windows 2000 systems with the MSMQ service enabled.
Maximum Severity Rating	Important
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.
Affected Software	Microsoft Windows. For more information, see the Affected Software and Download Locations section.

Moderate (1)

Bulletin Identifier	Microsoft Security Bulletin MS08-056
Bulletin Title	Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user clicks a specially crafted CDO URL. An attacker who successfully exploited this vulnerability could inject a client-side script in the user's browser that could spoof content, disclose information, or take any action that the user could take on the affected Web site.
Maximum Severity Rating	Moderate
Impact of Vulnerability	Information Disclosure
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update does not require a restart.
Affected Software	Microsoft Office. For more information, see the Affected Software and Download Locations section.

Security Log

Blog Archive

Friday, October 24, 2008

MS Extremly Critical Security Patch Released!

Wednesday, October 22, 2008

Adove flash vulnerabilities

Wednesday, October 15, 2008

10월 MS 보안 패치 (critical 4개/총 11개)

Critical (4)

Important (6)

Moderate (1)

Labels

Reference

Global Recent Visitors Map

Followers