Security: Microsoft Word Vulnerability

Multiple security companies have reported an exploit in the wild infecting users with the Dridex Trojan. When recipients open the document, the exploit – if successful – is used to carry out a series of actions that lead to the installation of Dridex botnet ID 7500 on the user’s system.

All users should always be extremely careful when opening any attachment in email and should apply the patch expected to be provided by Microsoft tonight.

Windows Vista: End of Support

Mainstream support for Vista ended in April 2012, Extended support is ending April 11, 2017 which means no further security updates or paid support. With no updates the use of Windows Vista is not advices and we recommend all personal and business computers be updated to Windows 7 or Windows 10.

Source: Microsoft

 

Phishing attacks targeting Airline Ticketholders

US-CERT is warning consumers of  email-based phishing campaigns targeting airline consumers. Consumers who have booked flights should be vigilante and ensure any email the receive is indeed legitimate. We recommend not following links from received emails and to go directly to the Airline web pages and verify any information there.

Source: US-CERT

Apple Product Critical Security Updates

Apple has released security updates for several of its products, products that received security updates include macOS Server, tvOS, watchOS, iOS, macOS, Safari, and their productivity applications; Pages, Numbers, and Keynote.

Source: Apple

Security updates released for Adobe Flash Player

Adobe has identified multiple vulnerabilities for versions of Flash Player on Windows, Mac, Linux and Chrome OS. They are listed as Critical and users should apply updates ASAP.

Source: Adobe

 

Symantec and Norton Security Products Critical Vulnerabilities

Symantec and Norton branded antivirus products contain multiple vulnerabilities. Some of these products are in widespread use throughout government and industry. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system.

CVE-2016-2207

  • Symantec Antivirus multiple remote memory corruption unpacking RAR

CVE-2016-2208

  • Symantec antivirus products use common unpackers to extract malware binaries when scanning a system. A heap overflow vulnerability in the ASPack unpacker could allow an unauthenticated remote attacker to gain root privileges on Linux or OSX platforms. The vulnerability can be triggered remotely using a malicious file (via email or link) with no user interaction.

CVE-2016-2209

  • Symantec: PowerPoint misaligned stream-cache remote stack buffer overflow

CVE-2016-2210

  • Symantec: Remote Stack Buffer Overflow in dec2lha library

CVE-2016-2211

  • Symantec: Symantec Antivirus multiple remote memory corruption unpacking MSPACK Archives

CVE-2016-3644

  • Symantec: Heap overflow modifying MIME messages

CVE-2016-3645

  • Symantec: Integer Overflow in TNEF decoder

CVE-2016 -3646

  • Symantec: missing bounds checks in dec2zip ALPkOldFormatDecompressor::UnShrink

The large number of products affected (24 products), across multiple platforms (OSX, Windows, and Linux), and the severity of these vulnerabilities (remote code execution at root or SYSTEM privilege) make this a very serious event. A remote, unauthenticated attacker may be able to run arbitrary code at root or SYSTEM privileges by taking advantage of these vulnerabilities. Some of the vulnerabilities require no user interaction and are network-aware, which could result in a wormable-event.

Users and network administrators should  patch Symantec or Norton antivirus products immediately.

Source: US-CERT

Adobe Flash Vulnerabilities

This week there are multiple Adobe Flash vulnerabilities to be aware of. Users should ensure they are at the latest version.

  • Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution.
  • Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution.
  • Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution
  • Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution
  • Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution.
  • Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution.
  • Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution.
  • Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution.
  • Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution.