Search



SpiderLabs Services
Resources

Research Stats

Categories

Security Advisories

Trustwave Press Releases

SSL Feed

08 January 2013

Goodies released with Trustwave SWG Security Update 141

As cliché as it may sound, security is done in layers and so, using our generic rules, we were able to provide 0-day protection against the recent Internet Explorer 0-day CVE-2012-4792 with our Secure Web Gateway (SWG). You can read more in our previous blog posts:
exploit analysis and payload analysis.

With today’s release of Security Update 141 for SWG we are
adding detection rule which is specific to CVE-2012-4792, named “Internet
Explorer CDwnBindInfo Object use-after-free vulnerability”. This rule will
provide another layer of defense against exploits of this vulnerability.

TURKTRUST Inc., a trusted CA, has incorrectly created two subsidiary certificates which one of them was later used to generate a fraudulent digital certificate of Google. That certificate
was then used in an active attack. As a result, SU141 is removing SWG trust of the following certificates:

  • *.google.com issued by
    *.EGO.GOV.TR
  • e-islem.kktcmerkezbankasi.org
    issued by TURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri
  • *.EGO.GOV.TR issued by
    TURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri

For further information, see Microsoft’s Security Advisory 2798897.

Security Update 141 comes with some more goodies. Here is a link to the release notes for further information.

Stay safe.

Posted by on 08 January 2013 at 10:27 in Secure Web Gateway, Security Research, SSL, Zero-Day | | Comments (0)

03 January 2013

Microsoft Advance Notification for January 2013

If you were hoping for a nice relaxing Patch Tuesday after the holidays, well, sorry to disappoint you.  Microsoft will be issuing seven new bulletins next week, two of them are rated as ‘Critical’. Both critical bulletins can result in the holy grail of remote code execution.  The other five bulletins are all rated as ‘Important’. 

Of the two critical bulletins one of them lists all currently supported versions of Windows from XP SP3 up to Server 2008 R2 as well as several versions of Office, Sharepoint and Groove Server. This is most likely an issue in one of the base libraries meaning it will have a wide impact.  The other critical bulletin only lists Windows 7 and Server 2008 as vulnerable but it still results in RCE so it shouldn’t be taken as any less serious.

The five remaining ‘Important’ bulletins result mostly in Elevation of Privilege with one Security Feature Bypass and one Denial of Service. Six of them impact different versions of Windows and Windows Server with one Elevation of Privilege hitting Microsoft System Center Operations Manager. The MS SCOM is a cloud management platform allowing you to manage multiple hypervisors.

In addition to these you have probably heard of the zero-day vulnerability that exists in Internet Explorer 6, 7 and 8 that is actively being used in targeted attacks. While the update for the zero-day won't be included in this month's bunch of updates, Microsoft has already released a Fix-It tool for it.

But that’s not all, there are also active ongoing attacks using fraudulent certificates issued by TURKTRUST inc.  The fraudulent certs were issued for *.google.com and could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties. Microsoft has already updated the Certificate Trust List. If you are using the automatic updater of revoked certificates you are all set. If not, or you are still using XP or Server 2003, you will find an update for you in Microsoft Update.

We will have full details of all seven bulletins next Tuesday when Microsoft releases the full details.

Posted by on 03 January 2013 at 14:42 in MAPP, SSL, Zero-Day | | Comments (0)