[2315] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, August 2, 2010
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Aug 2 13:10:08 2010
From: Monique Yeaton <myeaton@mit.edu>
Date: Mon, 2 Aug 2010 13:09:12 -0400
Message-Id: <BB3EF834-84FB-4145-A4DA-BF716CD904FC@mit.edu>
To: ist-security-fyi@mit.edu
Mime-Version: 1.0 (Apple Message framework v1081)
Cc: "itss@MIT.EDU" <itss@mit.edu>
Content-Type: multipart/mixed; boundary="===============1533441938=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============1533441938==
Content-Type: multipart/alternative; boundary=Apple-Mail-58--333441522
--Apple-Mail-58--333441522
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
In this issue:
1. Fix To Be Released for Zero-Day Flaw in Windows Shell
2. Safari Updates AutoFill Flaw
3. McAfee and Microsoft Incompatibilities
=
--------------------------------------------------------------------------=
1. Fix To Be Released for Zero-Day Flaw in Windows Shell
=
--------------------------------------------------------------------------=
Microsoft is planning to release an out-of-band security update to =
address the vulnerability discussed in Security Advisory 2286198 on =
Monday, August 2, 2010 at or around 10 AM PDT.=20
Microsoft is able to confirm that, in the past few days, there was an =
increase in attempts to exploit the vulnerability. Users running any of =
the supported Windows platforms should install the update, which will =
require a restart. The update has not yet been approved for deployment =
via MIT WAUS.
Announcement of the release by Microsoft:
=
<http://blogs.technet.com/b/msrc/archive/2010/07/29/out-of-band-release-to=
-address-microsoft-security-advisory-2286198.aspx>
Security advisory 2286198: =
<http://www.microsoft.com/technet/security/advisory/2286198.mspx>
---------------------------------------
2. Safari Updates AutoFill Flaw
---------------------------------------
Last week Apple issued updates for Safari 4 and 5 just one day before a =
scheduled presentation on one of the flaws at the Black Hat conference. =
The updates fix 15 vulnerabilities, some of which could be exploited to =
allow arbitrary code execution or information disclosure. Thirteen of =
the 15 patched flaws could be exploited in drive-by attacks, meaning no =
user interaction is required. The flaw slated for presentation is an =
AutoFill vulnerability that could be exploited to disclose information. =
Jeremiah Grossman said the same vulnerability affects Internet Explorer.
The story in the news:=20
=
<http://www.scmagazineus.com/safari-update-fixes-auto-fill-flaw-ahead-of-b=
lack-hat-talk/article/175727/>
----------------------------------------------------
3. McAfee and Microsoft Incompatibilities
----------------------------------------------------
The current McAfee anti-virus (AV) product available for Windows =
(VirusScan Enterprise 8.7i) does not support Microsoft Office 2010, in =
particular Microsoft Outlook 2010.=20
As per the McAfee knowledgebase article of July 21, 2010:
Microsoft Office 2010 products, and Microsoft Outlook 2010 in =
particular, are currently not supported by VirusScan Enterprise (VSE) =
8.7i. This means that any VSE issues related to Office 2010 applications =
are not supported. VSE 8.8 will support Microsoft 2010 products. VSE 8.8 =
is scheduled for release by the end of 2010.
What does this mean for anyone already using Office 2010 or planning to =
use it in the near future?
If you are running Office 2010 and VSE 8.7i, the AV software will NOT =
detect and scour viruses in Outlook including emails in HTML text and =
attachments
The AV software will NOT defend against threats that target Microsoft =
Office 2010 applications and services.
For this reason, IS&T does not recommend installing Microsoft Office =
2010 on production machines and to wait until McAfee has completed its =
testing of the product and releases VSE 8.8.
The McAfee knowledgebase article: =
<https://kc.mcafee.com/corporate/index?page=3Dcontent&id=3DKB69027>
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
Find current and older issues of Security FYI Newsletter: =
<http://kb.mit.edu/confluence/x/ehBB>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--Apple-Mail-58--333441522
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">In =
this issue:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">1. Fix To Be Released for =
Zero-Day Flaw in Windows Shell</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">2. Safari Updates AutoFill =
Flaw</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">3. McAfee and Microsoft Incompatibilities</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; =
">------------------------------------------------------------------------=
--</div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">1. Fix To Be Released for Zero-Day Flaw in Windows Shell</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">------------------------------------------------------------------------=
--</div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Microsoft is planning to release an =
out-of-band security update to address the vulnerability discussed in <a =
href=3D"http://www.microsoft.com/technet/security/advisory/2286198.mspx">S=
ecurity Advisory 2286198</a> on Monday, August 2, 2010 at or around 10 =
AM PDT. </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Microsoft is able to confirm =
that, in the past few days, there was an increase in attempts to exploit =
the vulnerability. Users running any of the supported Windows platforms =
should install the update, which will require a restart. The update has =
not yet been approved for deployment via MIT WAUS.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Announcement of the release by =
Microsoft:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; "><<a =
href=3D"http://blogs.technet.com/b/msrc/archive/2010/07/29/out-of-band-rel=
ease-to-address-microsoft-security-advisory-2286198.aspx">http://blogs.tec=
hnet.com/b/msrc/archive/2010/07/29/out-of-band-release-to-address-microsof=
t-security-advisory-2286198.aspx</a>></div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">Security advisory 2286198: <<a =
href=3D"http://www.microsoft.com/technet/security/advisory/2286198.mspx">h=
ttp://www.microsoft.com/technet/security/advisory/2286198.mspx</a>></di=
v><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">---------------------------------------</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">2. Safari Updates AutoFill =
Flaw</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">---------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Last week Apple issued updates for =
Safari 4 and 5 just one day before a scheduled presentation on one of =
the flaws at the Black Hat conference. The updates fix 15 =
vulnerabilities, some of which could be exploited to allow arbitrary =
code execution or information disclosure. Thirteen of the 15 =
patched flaws could be exploited in drive-by attacks, meaning no user =
interaction is required. The flaw slated for presentation is an =
AutoFill vulnerability that could be exploited to disclose information. =
Jeremiah Grossman said the same vulnerability affects Internet =
Explorer.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">The story in the =
news: </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; "><<a =
href=3D"http://www.scmagazineus.com/safari-update-fixes-auto-fill-flaw-ahe=
ad-of-black-hat-talk/article/175727/">http://www.scmagazineus.com/safari-u=
pdate-fixes-auto-fill-flaw-ahead-of-black-hat-talk/article/175727/</a>>=
</div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">----------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">3. =
McAfee and Microsoft Incompatibilities</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">----------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">The current McAfee anti-virus (AV) =
product available for Windows (VirusScan Enterprise 8.7i) does not =
support Microsoft Office 2010, in particular Microsoft Outlook =
2010. </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">As per the McAfee =
knowledgebase article of July 21, 2010:</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">Microsoft Office 2010 products, and Microsoft =
Outlook 2010 in particular, are currently not supported by VirusScan =
Enterprise (VSE) 8.7i. This means that any VSE issues related to Office =
2010 applications are not supported. VSE 8.8 will support Microsoft 2010 =
products. VSE 8.8 is scheduled for release by the end =
of 2010.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">What does this mean for anyone =
already using Office 2010 or planning to use it in the near =
future?</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">If you =
are running Office 2010 and VSE 8.7i, the AV software will NOT =
detect and scour viruses in Outlook including emails in HTML text and =
attachments</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">The AV =
software will NOT defend against threats that target Microsoft Office =
2010 applications and services.</li>
</ul><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">For this reason, IS&T does not =
recommend installing Microsoft Office 2010 on production machines and to =
wait until McAfee has completed its testing of the product and releases =
VSE 8.8.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">The McAfee knowledgebase =
article: <<a =
href=3D"https://kc.mcafee.com/corporate/index?page=3Dcontent&id=3DKB69=
027">https://kc.mcafee.com/corporate/index?page=3Dcontent&id=3DKB69027=
</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; "><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; "><br></div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Find current and older issues =
of Security FYI Newsletter: <<a =
href=3D"http://kb.mit.edu/confluence/x/ehBB"><span =
style=3D"text-decoration: underline ; color: =
#2f69b5">http://kb.mit.edu/confluence/x/ehBB</span></a>></div></div><di=
v style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; "><br></div><div><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: medium; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; =
white-space: normal; widows: 2; word-spacing: 0px; =
-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><div><div><div>Monique Yeaton</div><div>IT Security =
Awareness Consultant</div><div>MIT Information Services & Technology =
(IS&T)</div><div>(617) 253-2715</div><div><a =
href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>=
<div><br></div><br></div></div><br></div></span><br =
class=3D"Apple-interchange-newline"></span><br =
class=3D"Apple-interchange-newline">
</div>
<br></body></html>=
--Apple-Mail-58--333441522--
--===============1533441938==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1533441938==--
