ID: IRCNE2013112017
Date: 2013-11-16

According to "computerworld", security researchers have compromised Microsoft Surface RT, Nexus 4 and Samsung Galaxy S4 devices by exploiting previously unknown vulnerabilities in Internet Explorer 11 running on Windows 8.1 and Google Chrome running on Android.
The exploits were demonstrated during the Mobile Pwn2Own hacking contest that ran Wednesday and Thursday at the PacSec Applied Security Conference in Tokyo.
Researchers Abdul Aziz Hariri and Matt Molinyawe from Hewlett-Packard's Zero Day Initiative (ZDI) team, which organized the contest, demonstrated an Internet Explorer 11 exploit on a Microsoft Surface RT device running Windows 8.1.
"Exploiting a bug in IE is difficult in general because of the protections and security controls they've implemented," Hariri said. The vulnerability was exploited twice in order to leak a memory address and then gain remote code execution, "which gave us full control over the whole machine," he said.
The vulnerability was reported to Microsoft so the company can protect users, Molinyawe said.
Another researcher who uses the pseudonym Pinkie Pie compromised Nexus 4 and Samsung Galaxy S4 devices by exploiting a vulnerability in Chrome.
Achieving remote code execution through a Chrome vulnerability is considered very difficult because of the application sandbox that separates the browser's processes from the operating system.
There have been only a handful of Chrome sandbox escape exploits demonstrated over the years and most of them were presented by researchers at hacking contests. Pinkie Pie hacked Chrome's sandbox two times before in 2012 as part of Google's Pwnium contests.
The researcher's new Chrome exploit chained together an integer overflow vulnerability and a sandbox escape one.
In order for the attack to work the potential victim has to click on a link to a specifically crafted Web page sent via email, SMS or found on another website. Once the malicious page is opened in Chrome, the attack executes without any other user interaction and allows arbitrary code execution on the operating system.
As the contest rules dictate, the vulnerabilities exploited by Pinkie Pie were reported to Google so they can be fixed.
A team of security researchers from Japanese company Mitsui Bussan Secure Directions hacked into a Samsung Galaxy S4 device by exploiting vulnerabilities in unnamed applications pre-installed on the device by the manufacturer.

ID: IRCNE2013112016
Date: 2013-11-16

According to “Computerworld”, The creators of a Web-based attack tool called Angler Exploit Kit have added an exploit for a known vulnerability in Microsoft's Silverlight browser plug-in to the tool's arsenal.
Exploit kits are essentially malicious Web applications that check if visitors run outdated software on their computers and then exploit vulnerabilities in that software to install malware. They usually target popular applications that are accessible through browser plug-ins, such as Java, Flash Player and Adobe Reader.
The attacks launched by exploit kits are called drive-by download attacks and have become one of the main methods of distributing malware.
According to an independent malware researcher who uses the pseudonym Kafeine, aside from Java and Flash Player, Angler EK is now also targeting Silverlight, a runtime environment for rich Internet applications developed by Microsoft.
Angler EK appeared last month, shortly after the creator of the popular Blackhole exploit kit was arrested in Russia, and is being used by the cybercriminal gang behind the Reveton ransomware that impersonates law enforcement agencies and asks victims to pay non-existent fines.
Before switching to Angler, the Reveton gang used Cool Exploit Kit, a more high-end version of Blackhole, Kafeine said in a blog post.
Starting Thursday, Angler includes an exploit for a remote code execution vulnerability in Silverlight 5 that's known as CVE-2013-0074 and was patched by Microsoft in March, Kafeine said.
According to Timo Hirvonen, a senior researcher at antivirus company F-Secure, it's unusual for authors of exploit kits to target Silverlight. "I do not remember seeing exploit kits using Silverlight exploits before," he said via email.
It's not clear how many users have Silverlight installed on their computers, but their number is likely to be in the tens of millions.
Angler EK loads the Silverlight exploit only if the Java or Flash Player versions installed on the computer are not vulnerable, according to Hirvonen.
Silverlight users should make sure they have all the patches available for the software installed. Silverlight security patches are normally distributed through the Windows Update mechanism.

ID: IRCNE2013112015
Date: 2013-11-16

According to "zdnet", Two days after the October Patch Tuesday updates, Microsoft corrected one of the security bulletins for that month to indicate that they had not in fact patched one of the vulnerabilities listed in it. That vulnerability — CVE-2013-3871 — was, in fact, patched in the November updates, specifically as part of MS13-088: Cumulative Security Update for Internet Explorer.
The initial bulletin was MS13-080: Cumulative Security Update for Internet Explorer — note that both are Cumulative Updates. It originally listed 10 vulnerabilities, one of them CVE-2013-3871.

Related Link:
Microsoft patches 19 flaws, including IE zero day

ID: IRCNE2013112013
Date: 2013-11-16

According to “Computerworld”, Google released emergency security updates for Chrome in order to patch critical vulnerabilities demonstrated Thursday by a security researcher at the Mobile Pwn2Own hacking competition.
The vulnerabilities were exploited by a security researcher who uses the pseudonym Pinkie Pie to achieve arbitrary code execution on a Nexus 4 and a Samsung Galaxy S4 device, earning him a prize of $50,000 in the contest.
Following Pinkie Pie's demonstration, the vulnerabilities were reported to Google, which took less than a day to fix them and push out new patches.
Even though the researcher demonstrated his exploit on Chrome for Android, Google also fixed the vulnerabilities in Chrome for Windows, Mac and Linux, as well as in Chrome Frame plug-in for Internet Explorer.
Google describes the vulnerabilities only as "multiple memory corruption issues," but the Pwn2Own contest organizers said Pinkie Pie's attack exploited an integer overflow and a separate vulnerability that allowed for a full sandbox escape.
Google Chrome's application sandbox separates the browser's processes from the operating system, making it difficult to achieve arbitrary code execution. Pinkie Pie demonstrated Chrome sandbox escape exploits before in 2012, as part of Google's own Pwnium contests.
Google released version 31.0.1650.57 of Chrome for Windows, Mac and Linux; Chrome Frame 31.0.1650.57 and Chrome for Android version 31.0.1650.59 to address the vulnerabilities.

ID: IRCNE2013112012
Date: 2013-11-16

According to "zdnet", today Adobe issued updates for the Flash Player on Windows, Mac and Linux. Adobe AIR and the AIR SDK and Compiler are also being updated. At the same time the company issued a security hotfix for ColdFusion, their web application platform.
Adobe says that these updates are unrelated to the recent theft of ColdFusion source code.
Flash Player version 11.9.900.117 and earlier for Windows and Macintosh and version 11.2.202.310 and earlier for Linux are affected by the two vulnerabilities being fixed. The flaws on Windows and Mac are rated Critical, for allowing remote code execution, but Adobe is not aware of them being exploited in the wild.
The new versions on Windows and Mac are 11.9.900.152 and 11.7.700.252. The new Linux version is 11.2.202.327 and the new version of AIR is 3.9.0.1210. New versions of the Flash Player and AIR may be downloaded from the Adobe web site. Users of Google Chrome will get updates from Google. Users of Windows 8 will get Internet Explorer updates directly from Microsoft.
Adobe has also release a security hotfix for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux. The hotfix addresses two vulnerabilities: one is a cross-site scripting vulnerability, the other could allow unauthorized remote read access.

ID: IRCNE2013112011
Date: 2013-11-16

According to "zdnet", Today Microsoft issued 8 updates fixing vulnerabilities in Microsoft Windows, Internet Explorer and Office. Among them is on that has recently been reported as exploited in the wild.
The bulletins describing the updates:

• MS13-088: Cumulative Security Update for Internet Explorer (2888505) (Critical)
• 10 vulnerabilities in Internet Explorer are fixed in this update. Eight are memory corruption vulnerabilities and two are information disclosure vulnerabilities.
• MS13-089: Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331) (Critical)
• Remote code execution could result from a user opening a specially-crafted Windows Write file in Wordpad.
• MS13-090: Cumulative Security Update of ActiveX Kill Bits (2900986) (Critical)
• This is the zero-day vulnerability that was reported being exploited in the wild. It exists in the InformationCardSigninHelper Class ActiveX control. The update sets the kill bit for this control so that it can no longer be executed using Internet Explorer.
• MS13-091: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093) (Important)
• Three vulnerabilities in Microsoft Office, one of which affects all versions of the product, are patched. All are rated Important.
• MS13-092: Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986) (Important)
• Hyper-V in Windows 8 x64-based (Pro and Enterprise editions only) and Windows Server 2012, including Server Core, are vulnerable to privilege escalation or denial of service.
• MS13-093: Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783) (Important)
• A user who could log on to the system locally could view, but not modify kernel memory.
• MS13-094: Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514) (Important)
• successful exploit code for this vulnerability does not exist and is unlikely to appear.
• MS13-095: Vulnerability in Digital Signatures Could Allow Denial of Service (2868626) (Important)

All versions of Windows are vulnerable to denial of service (what we used to call a lockup or program crash) when reading a specially-crafted X.509 digital certificate.
As usual, there is a new version of the Windows Malicious Software Removal Tool. There is also an Update for Root Certificates for Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP (KB931125).

Related Link:
New IE zero-day attack reported
Microsoft warns of Office zero-day, active hacker exploits
Microsoft to issue 8 updates, 3 critical, on Patch Tuesday

ID: IRCNE2013112010
Date: 2013-11-12

According to "cnet", a new spate of vulnerabilities have been found in a D-Link router, a security researcher said Monday.
The D-Link 2760N, also known as the D-Link DSL-2760U-BN, is susceptible to several cross-site scripting (XSS) bugs through its Web interface, reported ThreatPost.
Liad Mizrachi, the researcher who discovered the bugs, said he notified D-Link about the bugs in August, September, and October, but D-Link did not respond.
The report follows a more serious backdoor bug found in the following D-Link routers: DIR-100, DIR-120, DI-524UP, DI-604S, DI-604UP, DI-604+, DI-624S, and the TM-G5240. D-Link told ThreatPost in October that it was working on a patch to the backdoor bug.

شماره: IRCNE2013112009
تاريخ:21/08/92

اوايل هفته، شركت امنيتي FireEye اعلام كرد كه يك آسيب پذيري اصلاح نشده در IE وجود دارد. در حال حاضر مهاجمان از اين آسيب پذيري در حملات Zero-day هدفمند سوء استفاده مي كنند.
روز گذشته، شركت مايكروسافت اعلام كرد كه اين آسيب پذيري در سه شنبه اصلاحيه مايكروسافت برطرف خواهد شد. در بيانيه اي اين شركت آمده است، اين آسيب پذيري كه با عنوان ID CVE-2013-3918 شناخته مي شود، ActiveX controlهاي IE را تحت تاثير قرار مي دهد اما اصلاحيه اي كه اين آسيب پذيري را برطرف مي نمايد با عنوان بولتن 3 يا MS13-090 مي باشد كه به عنوان به روز رساني ويندوز شناخته مي شود.

ID: IRCNE2013112009
Date: 2013-11-12

According to "zdnet", over the weekend, security company FireEye reported an unpatched vulnerability in Internet Explorer which was being used in a targeted zero-day attack against users of a particular web site.
Yesterday, Microsoft announced that the vulnerability will be patched Tuesday in one of their already-scheduled updates. Microsoft says the vulnerability, which has been given the ID CVE-2013-3918, affects an Internet Explorer ActiveX control, but the update that will fix it, Bulletin 3 or MS13-090, is identified as an update to Windows.

Related Link:
New IE zero-day attack reported

شماره: IRCNE2013112008
تاريخ:19/08/92

محققان شركت امنيتي Fireeye يك آسيب پذيري اصلاح نشده اي را در IE شناسايي كرده است كه بر روي يك وب سايت از آن سوء استفاده شده است. كد سوء استفاده از اين آسيب پذيري نسخه هاي انگليسي IE7 و IE8 را بر روي ويندوز XP و IE 8 بر روي ويندوز 7 را مورد هدف قرار داده است. شركت Fireeye اعلام كرد: تجزيه و تحليل ها نشان مي دهد كه اين آسيب پذيري نسخه هاي 7، 8، 9 و 10 IE را تحت تاثير قرار مي دهد.
در اين حمله از 2 آسيب پذيري استفاده شده است: اولين آسيب پذيري يك آسيب پذيري افشاي اطلاعات مي باشد كه كد سوء استفاده مذكور براي بازيابي برچسب زماني از سرآيندهاي PE از msvcrt.dll از آن استفاده مي كند. دومين آسيب پذيري يك آسيب پذيري دسترسي خارج از نوبت به حافظه است كه براي بدست آوردن كد اجرايي استفاده شده است.
بسياري از نسخه هاي msvcrt.dll در توزيع مي باشد بنابراين اين كد سوء استفاده برچسب زماني را براي سرور مهاجم ارسال مي كند و يك كد سوء استفاه خارج از نوبت خاص را براي نسخه كاربر برمي گرداند.
شركت امنيتي Fireeye همراه با شركت مايكروسافت در حال تحقيق بر روي اين حمله مي باشند. در گزارش آمده است كه كاربران مراقب باشند زيرا اين احتمال وجود دارد كه چندين كپي از چندين نسخه DLL بر روي سيستم آن ها وجود داشته باشد.