From Erik\\\\\\\\\\\\\\\'s IT-Security notes
Jump to: navigation, search

EZSecurity Bulletin for August of 2010

INTRO

The security landscape is changing, and it is the soft issues that are in motion. When I started growing passionate about IT-security many years ago, I thought it was all about the technology. I fondly remember the time people connected their systems directly to the Internet without firewalls and still seldom got hacked. I remember the first trickle of spam and the network attacks with fancy names like “smurf” and “teardrop”.

Technology matters, but I feel that the main issues of today in IT-security are politics, social connections and feelings. After many years of being subjected to a mix of rational analysis and large doses of fear mongering, society is rapidly changing around the ubiquity of “always on” communication. EU is enacting laws in a steady stream, the debate here in Sweden right now revolves around the question if some Manga cartoons are to be considered child porn and off course we have the Wikileaks discussion. The overlying question: must we strive for freedom, safety or a mix of the two?

Now is probably a good time to get interested in politics. Safety, security and privacy issues are all up in the air and what happens now will for better and worse define our society for years to come. If you live here in Sweden, don’t forget to vote!

About the bulletins: they’re quite a large bunch this month. Microsoft has released 14 bulletins. MS10-054 does have some wormability, although it seems to be tricky to exploit.

MICROSOFT SECURITY BULLETIN SUMMARY FOR JUNE OF 2010

As per usual, Microsoft release their security bulletins the second Tuesday every month. This month comes along with 14 bulletins. MS10-046 is from last week.

Recommendation: patching should be done as soon as possible, but can wait until this month’s regular patch window.

Critical
MS10-046 - Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198) 
MS10-049 - Vulnerabilities in SChannel Could Allow Remote Code Execution (980436) 
MS10-051 - Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403) 
MS10-052 - Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168) 
MS10-053 - Cumulative Security Update for Internet Explorer (2183461) 
MS10-054 - Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214) 
MS10-055 - Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665) 
MS10-056 - Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638) 
MS10-060 - Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906) 
Important
MS10-047 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852) 
MS10-048 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329) 
MS10-050 - Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997) 
MS10-057 - Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707) 
MS10-058 - Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886) 
MS10-059 - Vulnerabilities in the Tracing Feature for Services Could Allow an Elevation of Privilege (982799)


DISSECTION OF AN SQL ATTACK

I’ve written a lot about security and politics lately, but I’m a technician at heart, so I think it’s time to dig into security from a technical stand point. So today, let’s take one of the many SQL-injection attacks out there on the Internet and pick it apart.

I really cannot post the whole text in this mail, since it would cause our mail security appliances to go ballistic. So, here’s a link to the whole article. Don’t worry; the code is neutralized, so see it as a vaccination against SQL-injectitis. (Yes, I made that word up!)

http://erik.zalitis.se/sub/news.php?id=235

LINKS AND TRICKS

The official bulletins from Microsoft:
http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx

ISC Sans's monthly Microsoft-analysis is always a good read:
http://isc.sans.edu/diary.html?storyid=9361

All back-issues of this newsletter can be found here:
https://secure.ericade.net/security/index.php/SECBulletins

And on the EZSecurity blog at Tieto DF:
http://df.tieto.com/Blogs/EZSecurity/

My private blog:
http://erik.zalitis.se/

Bruce Schneier’s excellent news letter:
http://www.schneier.com/crypto-gram.html

A collection of useful security links:
https://secure.ericade.net/security/index.php/Security_links

A good site to check for known vulnerabilities for your favorite programs:
http://secunia.com/

What's the general state of the Internet?:
http://isc.sans.org/

OWASP Sweden's email list archive:
https://lists.owasp.org/pipermail/owasp-sweden/

Recommended for you developers out there:
http://www.owasp.org/index.php/Main_Page

My own, random knowledge base:
https://secure.ericade.net/security/index.php/portal:Kb

Regards
Erik Zalitis
System Specialist
CISSP
Certified Ethical Hacker
MCITP:EA
MCSE:Security 2003
MCSE:Messaging 2003
Citrix Certified Administrator for PS4.
VMware Certified Professional on VI3
ITIL Foundations
Mobile: + 46 (0)70 673 07 54