-
Symantec AV multiple vulns - update available
FYI...
Symantec AV multiple vulns - update available
- http://secunia.com/advisories/43099/
Release Date: 2011-01-27
Criticality level: Moderately critical
Impact: DoS, System access
Where: From local network
Solution Status: Vendor Patch
Software: Symantec AntiVirus Corporate Edition 10.x, System Center 10.x
CVE Reference(s): CVE-2010-0110, CVE-2010-0111
... Intel AMS2 component when processing certain messages can be exploited to run arbitrary commands | cause a buffer overflow | create arbitrary events | cause a DoS ...
Solution: Update to version 10.1 MR10.
Original Advisory:
- http://www.symantec.com/business/sec...id=20110126_00
- http://www.symantec.com/business/sec...id=20110126_01
- http://www.securitytracker.com/id/1024996
Jan 27 2011
- http://www.securitytracker.com/id/1024997
Jan 28 2011
:fear:
-
Clam AV vuln - update v0.97 available
FYI...
Clam AV vuln - update v0.97 available
- http://secunia.com/advisories/43392/
Release Date: 2011-02-21
Criticality level: Moderately critical
Impact: DoS, System access
Where: From remote
... The vulnerability is reported in versions prior to 0.97.
Solution: Update to version 0.97...
- http://www.clamav.net/lang/en/download/sources/
"... Latest stable release: ClamAV 0.97... Please read the upgrade instructions before upgrading..."
* http://wiki.clamav.net/Main/UpgradeInstructions"
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-1003
Last revised: 02/24/2011
- http://www.securitytracker.com/id/1025100
Feb 21 2011
:fear:
-
CA multiple ActiveX vulns - update available ...
FYI...
CA ActiveX vuln - update available
* http://secunia.com/advisories/43377/
Release Date: 2011-02-24
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch ...
Original Advisory: ZDI / CA (CA20110223-01):
http://www.zerodayinitiative.com/advisories/ZDI-11-093/
CA ActiveX vuln - update available
- http://secunia.com/advisories/43490/
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
Solution: Set the kill-bit for the affected ActiveX control. Reportedly, the vendor will issue fix information soon.
For more information: SA43377*
- http://www.securitytracker.com/id/1025120
Updated: Feb 26 2011
___
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-1036
Last revised: 03/11/2011
CVSS v2 Base Score: 8.8 (HIGH)
:fear:
-
F-Secure multiple vulns - update available
FYI...
F-Secure multiple vulns - update available
- http://secunia.com/advisories/43049/
Release Date: 2011-02-24
Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information
Where: From remote...
Software: F-Secure Policy Manager 8.x, F-Secure Policy Manager 9.x
... The weakness and the vulnerability are confirmed in version 9.00.30231 and also reported in versions 8.00 and 8.1x.
Solution: Apply patches.
Original Advisory: F-Secure (FSC-2011-2):
http://www.f-secure.com/en_EMEA/supp...sc-2011-2.html
- http://www.securitytracker.com/id/1025124
Feb 24 2011
___
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-1102
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-1103
Last revised: 03/11/2011
"... before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux..."
:fear:
-
McAfee Firewall Reporter vuln - fix...
FYI...
McAfee Firewall Reporter vuln - fix
- https://kc.mcafee.com/corporate/inde...ent&id=SB10015
Security Bulletins ID: SB10015
Last Modified: April 11, 2011
This update fixes a bug that leverages an issue in the authentication sequence to allow unauthorized users access to the system...
> Remediation..."
(See the URL above.)
- http://www.securitytracker.com/id/1025314
Apr 11 2011
Version: prior to 5.1.0.13...
- http://secunia.com/advisories/44110/
Criticality level: Moderately critical
___
- http://www.theregister.co.uk/2011/04...lter_screw_up/
6 April 2011 - "McAfee has apologised for a Sesame Street-style mix-up over the weekend that temporarily prevented any customers with addresses that start with the letter A from receiving email. The glitch... bounced emails sent to supported inboxes that began with an A or a non-alphanumeric special character (eg, @£$). In a statement, McAfee blamed a rogue script for the mix-up, which has now been resolved..."
:sad:
-
Avast! false positive - virus defs 110411-1 ...
FYI...
Avast! false positive - virus defs 110411-1 ...
- https://blog.avast.com/2011/04/11/fa...defs-110411-1/
April 11 2011 - "Virus definition update 110411-1 contained an error that resulted in a good number of innocent sites being flagged as infected. Generally, all sites with a script in a specific format were affected... We sincerely apologize for the inconvenience..."
- http://news.cnet.com/8301-1009_3-20053085-83.html
April 12, 2011 - "... the update was downloaded by around 5 million users, mostly on the Western Hemisphere..."
"Some of the sites affected by this Avast false positive include Wikipedia, Yahoo, PCWorld, and Youtube..."
(Hat tip to cnm @ spywareinfoforum.com)*
* http://www.spywareinfoforum.com/inde...ost__p__744891
:fear:
-
CA ActiveX controls vuln ...
FYI...
CA ActiveX controls vuln...
- http://secunia.com/advisories/43681/
Release Date: 2011-04-21
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference: CVE-2011-1719
Solution: Apply APARs.
Original Advisory: CA:
https://support.ca.com/irj/portal/an...-B2AF457B5364}
___
- http://www.securitytracker.com/id/1025423
CVE Reference: CVE-2011-1718
Apr 21 2011
- http://www.securitytracker.com/id/1025424
CVE Reference: CVE-2011-1719
Apr 21 2011
:fear::fear:
-
McAfee - False Positive in DAT 6329...
FYI...
McAfee - False Positive in DAT 6329...
- http://isc.sans.edu/diary.html?storyid=10783
Last Updated: 2011-04-28 12:26:24 UTC - McAfee Labs have issued an alert that McAfee VirusScan DAT file 6329 is returning a false positive for spsgui.exe. This is impacting SAP telephone connectivity functionality. McAfee... work around for the issue documented in KB71739:
https://kc.mcafee.com/corporate/inde...ent&id=KB71739
:sad:
-
Avira AV v10 SP2 released
FYI...
Avira AV v10 SP2 released
- http://techblog.avira.com/2011/06/28...ntivir-v10/en/
June 28, 2011 - "... Service Pack 2 to all AntiVir v10 products today: Personal, Premium, Premium Security Suite, Professional and Server. Avira’s Service Pack 2 update will be made available as product update to all customers, paid and free in English and German. The other languages will follow in the next few weeks. Please make sure you have enabled Product Updates by choosing the first option in Configuration -> Update->Product Update...
... fixed many issues which our users reported
... improved the protection overall by enhancing the heuristic detection and the repair functionality
... enabled the protection of the product itself and that of the entire operating system by enabling automatically the advanced process protection which prevents malware to terminate the Avira processes and to change the registry keys of the system.
... antirootkits protection was enhanced in order to be able to detect new methods of hiding malware...
You must restart your system after SP2 is installed in order to use the new drivers. Please save your work to prevent any loss of data.
Please read here about how to prepare for the reboot if you are in a company: http://www.avira.com/en/support-for-...etail?kbid=841
... and check this document for the default values http://www.avira.com/files/support/F...P2_Prof_EN.pdf ...
... The SP2 brings also an optional toolbar to the users of the AntiVir Personal Free. If the user installs it, uses the toolbar and clicks on the links provided, Avira gets some money from the provider of the toolbar, the well-known search provider Ask .com... For more information about data collected, please read the Ask’s privacy policy available here:
http://sp.ask.com/en/docs/about/privacy.shtml
Most visible innovations in the SP2: http://www.avira.com/en/support-for-...tail/faqid/854
Release Information of SP2 at a glance: http://www.avira.com/en/support-for-...tail/faqid/840.
Detailed information of the changes performed in the products by the SP2:
http://www.avira.com/files/support/F...V10_SP2_EN.pdf
How to install the new Avira Toolbar after updating to SP2:
http://www.avira.com/en/support-for-...tail/faqid/861
How to install the new Avira Toolbar later via setup:
http://www.avira.com/en/support-for-...tail/faqid/862
How to -remove- the Avira Toolbar:
http://www.avira.com/en/support-for-...tail?faqid=863
Update: Some of our users experienced that the online protection is inactive after the SP2 update. Please see here* how to fix it.
* http://www.avira.com/en/support-for-...etail/kbid/566
___
- http://www.h-online.com/security/new...s-1271030.html
30 June 2011
:fear:
-
CA Gateway v8.1 Security advisory...
FYI...
CA Gateway v8.1 Security advisory...
- http://h-online.com/-1284003
22 July 2011 - "CA is warning of a critical vulnerability in its Gateway Security 8.1 business security solution that allows attackers to inject malicious code into systems... The company has provided a fix* for Gateway Security. Alternatively, users can upgrade to version 9.0. Users of Total Defense Suite r12 are also advised to take action quickly as the vulnerable version of Gateway Security is part of this security package."
* https://support.ca.com/irj/portal/an...642&actionID=4
07/13/2011
CA20110720-01: Security Notice for CA Gateway Security and Total Defense
- https://support.ca.com/irj/portal/an...-027D05B6285D}
July 20, 2011
Risk Rating: High
Platform: Windows
Affected Products: CA Gateway Security 8.1, CA Total Defense r12
Non-Affected Products: CA Gateway Security 9.0 ...
___
- http://secunia.com/advisories/45332/
Release Date: 2011-07-21
Criticality level: Moderately critical
... vulnerability is reported in versions prior to 8.1.0.69...
:fear:
-
ClamAV DoS vuln - update available
FYI...
ClamAV DoS vuln - update available
- http://secunia.com/advisories/45382/
Release Date: 2011-07-26
Criticality level: Moderately critical
Impact: DoS
Where: From remote...
Solution Status: Vendor Patch
... The vulnerability is reported in versions prior to 0.97.2.
Solution: Update to version 0.97.2.
- http://www.clamav.net/lang/en/
"... ClamAV 0.97.2 fixes problems with the bytecode engine, Safebrowsing
detection, hash matcher, and other minor issues. Please see the ChangeLog file for details..."
* http://git.clamav.net/gitweb?p=clama...=clamav-0.97.2
:fear:
-
McAfee SaaS Endpoint v5.2.2 update released
FYI...
McAfee SaaS Endpoint v5.2.2 update released
- https://secunia.com/advisories/45506/
Release Date: 2011-08-09
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: McAfee SaaS Endpoint Protection 5.x
... vulnerabilities are reported in versions 5.2.1 and prior.
Solution: Update to version 5.2.2...
- http://www.securitytracker.com/id/1025890
Aug 9 2011
Vendor URL: https://kc.mcafee.com/corporate/inde...ent&id=SB10016
:fear:
-
Symantec - Veritas/NetBackup advisory...
FYI...
Symantec - Veritas/NetBackup advisory
* http://www.symantec.com/business/sec...id=20110815_00
August 15, 2011- SYM11-010
Severity: High...
- http://www.symantec.com/business/sup...&id=TECH165536
Updated: 2011-08-15
- http://www.securitytracker.com/id/1025926
- http://www.securitytracker.com/id/1025927
Aug 15 2011
- https://secunia.com/advisories/45576/
Release Date: 2011-08-15
Criticality level: Moderately critical
Impact: System access
Where: From local network
Solution Status: Partial Fix*...
:fear::fear:
-
Symantec Enterprise Vault multiple vuln - hotfix available
FYI...
VB100 > RAP averages > Feb - August 2011
> http://www.virusbtn.com/vb100/rap-index.xml
___
Symantec Enterprise Vault multiple vuln - hotfix available
- https://secunia.com/advisories/45834/
Release Date: 2011-09-02
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Symantec Enterprise Vault 10.x, 8.x, 9.x
CVE Reference(s): CVE-2011-0794, CVE-2011-0808, CVE-2011-2264, CVE-2011-2267
...more information:
- https://secunia.com/advisories/44295/
- https://secunia.com/advisories/45297/
Solution: Apply hotfix.
Original Advisory: Symantec:
http://www.symantec.com/business/sec...id=20110901_00
:fear::fear:
-
Symantec IM Manager multiple vulns - update available
FYI...
Symantec IM Manager multiple vulns - update available
- https://secunia.com/advisories/43157/
Release Date: 2011-09-30
Impact: Cross Site Scripting, System access
Where: From local network
... Successful exploitation of this vulnerability may allow execution of arbitrary code. The vulnerabilities are reported in version 8.4.17 and prior.
Solution: Update to version 8.4.18.
Original Advisory: Symantec:
http://www.symantec.com/business/sec...id=20110929_00
SYM11-012
September 29, 2011
- http://www.securitytracker.com/id/1026130
CVE Reference: CVE-2011-0552, CVE-2011-0553, CVE-2011-0554
Sep 30 2011
:fear:
-
MS flags Chrome as virus
FYI...
MS flags Chrome as virus
- http://tech.slashdot.org/story/11/09...ome-as-a-virus
September 30, 2011 - "Reports poured in this morning that Microsoft's security products, namely Microsoft Security Essentials and Forefront Client Security, were flagging Google Chrome as a virus (PWS:Win32/Zbot) and removing the browser if users chose to clean and reboot their machines. Users reported that the only way to mitigate the problem was to set MSE and Forefront to 'always allow' Zbot, which is generally considered to be a bad idea... Microsoft has now pushed another update* to resolve the issue..."
* http://www.microsoft.com/security/po...9#summary_link
September 30th, 2011
___
- https://isc.sans.edu/diary.html?storyid=11701
Last Updated: 2011-09-30 19:19:10 UTC
:fear:
-
Symantec products - multiple vulns
FYI...
Symantec products KeyView Parsers multiple vulns
- https://secunia.com/advisories/44273/
Release Date: 2011-10-07
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution Status: Vendor Patch ...
Original Advisory: Symantec (SYM11-013):
http://www.symantec.com/business/sec...id=20111006_00
- http://www.securitytracker.com/id/1026155
- http://www.securitytracker.com/id/1026156
- http://www.securitytracker.com/id/1026157
CVE Reference: CVE-2011-0337, CVE-2011-0338, CVE-2011-0339, CVE-2011-1213, CVE-2011-1214, CVE-2011-1215, CVE-2011-1216, CVE-2011-1218, CVE-2011-1512
Oct 7 2011
:fear:
-
Norton blocks Facebook as 'phishing site'
FYI...
Norton blocks Facebook as 'phishing site'
- http://www.theregister.co.uk/2011/10...ocks_facebook/
14th October 2011 - "Symantec has withdrawn an update to its Norton consumer security software that branded Facebook a phishing site on Wednesday. The snafu meant that users of Norton Internet Security were blocked from accessing the social networking site and were told a "fraudulent web page" had been blocked... Security firms update their signature definition files to detect either rogue applications or questionable websites at increasing frequency in order to keep up with malware production rates*. Plenty of effort is put into the quality assurance process across the industry but even so mistakes sometimes occur. False positives are a cross-industry problem that affects all vendors."
* http://www.av-test.org/en/statistics/malware/
:sad:
-
ClamAV v0.97.3 released
FYI...
ClamAV v0.97.3 released
- https://secunia.com/advisories/46455/
Release Date: 2011-10-18
Criticality level: Moderately critical
Impact: DoS, System access
Where: From remote
... vulnerability is reported in version 0.97.2. Prior versions may also be affected.
Solution: Update to version 0.97.3.
> http://www.clamav.net/lang/en/
- http://blog.clamav.net/2011/10/clama...-released.html
October 17, 2011
- http://www.securitytracker.com/id/1026217
Oct 19 2011
Version: prior to 0.97.3
:fear:
-
Mac trojan disables XProtect updates
FYI...
Mac trojan disables XProtect updates
- http://www.f-secure.com/weblog/archives/00002256.html
October 19, 2011 - "... Recent analysis has revealed to us that Trojan-Downloader:OSX/Flashback.C disables the automatic updater component of XProtect, Apple's built-in OS X anti-malware application... wipes out certain files, thus, preventing XProtect from automatically receiving future updates. Attempting to disable system defenses is a very common tactic for malware — and built-in defenses are naturally going to be the first target on any computing platform..."
:fear::fear:
-
F-Secure 8 EOL ...
FYI...
F-Secure 8 EOL...
- http://www.f-secure.com/weblog/archives/00002284.html
December 21, 2011 - "... our legacy software is approaching its end-of-life (EOL)... antivirus updates for F-Secure 8-series software will end on January 1st, 2012..."
:fear:
-
McAfee SaaS Endpoint Protection issues...
FYI...
McAfee SaaS Endpoint Protection - update
- https://secunia.com/advisories/47520/
Last Update: 2012-01-19
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerability is reported in version 5.2.0.603. Other versions may also be affected.
Solution: ...
- https://kc.mcafee.com/corporate/inde...ewlocale=en_US
Security Bulletins ID: SB10018
Last Modified: January 20, 2012
Affected Software: McAfee SaaS Endpoint Protection 5.2.3 and earlier
Description: This update fixes an issue in the Rumor technology utilized by McAfee’s SaaS Endpoint Protection. Rumor is a Peer-to-Peer technology used to allow several machines on a closed network to quickly distribute updates from a single network connection. The result of the misuse of the Rumor service is that an attacker could use an affected machine as a proxy. This can result in spam being sent as the machine acts similar to an “open relay”.
Remediation: Ensure that your systems are online and available to recieve updates. Patches and other updates for SaaS Endpoint are automatically sent through a phased roll-out from the McAfee Network Operations Center (NOC). This patch is being sent on an expedited schedule and should be delivered to all endpoint systems before January 30, 2012..."
- http://h-online.com/-1418006
20 January 2012
___
- http://www.theinquirer.net/inquirer/...tal-protection
Jan 19 2012
:fear:
-
MS AV flags Google.com as Malware...
FYI...
MS AV flags Google.com as Malware...
- https://krebsonsecurity.com/2012/02/...om-as-malware/
Feb0 14, 2012 9:29 pm - "Computers running Microsoft‘s antivirus and security software may be flagging google.com — the world’s most-visited Web site — as malicious, apparently due to a faulty Valentine’s Day security update shipped by Microsoft. Microsoft's antivirus software flagged google.com as bad. Not long after Microsoft released software security updates on Tuesday, the company’s Technet support forums lit up with complaints about Internet Explorer sounding the malware alarm when users visited google.com. The alerts appear to be the result of a “false positive” detection shipped to users of Microsoft’s antivirus and security products, most notably its Forefront technology and free “Security Essentials” antivirus software..."
>> http://answers.microsoft.com/en-us/p...5-eeafdfdab469
"... def. version 1.119.1988.0... Google is no longer detected as a virus. .."
Latest MSE definition updates
- https://www.microsoft.com/Security/p.../HowToMSE.aspx
Latest antivirus definition version: 1.119.1998.0
Released: Feb 15, 2012 05:30 AM UTC
:lip::fear::scratch:
-
ASLR to be mandatory - Firefox extensions
FYI...
ASLR to be mandatory - Firefox extensions
- http://h-online.com/-1443131
27 Feb 2012 - "A patch that was recently introduced to the Firefox repository is designed to make the browser more secure by forcing certain binary extensions to use ASLR (Address Space Layout Randomisation) under Windows. The Mozilla developers say that the change, which will prevent XPCOM (Cross Platform Component Object Module) component DLLs without ASLR from loading, should be included in Firefox 13 "if no unexpected problems arise". This could, for example, affect products from anti-virus firms Symantec and McAfee. As recently as last year, these products were noted installing DLLs (Dynamic Link Libraries) that were compiled without ASLR in the browser, enabling malware to predict with relative ease the memory addresses that are used for heap and stack areas by the DLLs. ASLR is designed to randomise all memory addresses, so that the program components in question will be placed in different locations each time they start..."
:fear: :confused:
-
McAfee DAT trouble
FYI...
McAfee DAT trouble ...
- https://isc.sans.edu/diary.html?storyid=13003
Last Updated: 2012-04-16 21:11:18 UTC - "... McAfee has confirmed that incremental DAT 6682 may trigger message scan failures and a system crash in GroupShield Exchange (MSME), GroupShield Domino, and McAfee Email Gateway 7 (MEG). McAfee recommends that customers do NOT upload DAT 6682.
More information will be available on the McAfee KnowledgeBase* ..."
Issue with DAT 6682 and McAfee email products
* https://kc.mcafee.com/corporate/inde...ent&id=KB70380
Last Modified: April 24, 2012
:sad:
-
EMC DDoS vuln ...
FYI...
EMC DDoS vuln ...
- http://www.securitytracker.com/id/1026956
Date: Apr 20 2012
CVE Reference:
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0406 - 7.8 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0407 - 5.0
Impact: Denial of service via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): Server and Collector 5.5, 5.5 SP1, 5.6, 5.6 SP1, 5.7, 5.7 SP1, 5.8, 5.8 SP1
Description: Two vulnerabilities were reported in EMC Data Protection Advisor. A remote user can cause denial of service conditions...
Impact: A remote user can consume excessive CPU resources or cause a process crash on the target system.
Solution: The vendor has issued a fix (Security Hotfix DPA-14718)...
- http://www.emc.com/contact-us/contac...nse-center.htm
1-866-438-3622
:fear:
-
Symantec False Positive - .xls files
FYI...
Symantec False Positive for signature Bloodhound.Exploit.459
- https://isc.sans.edu/diary.html?storyid=13162
Last Updated: 2012-05-08 17:30:11 UTC - "... false-positive alerts on .xls files..."
> http://www.symantec.com/business/sup...&id=TECH188271
Updated: 2012-05-10 - "... Rapid Release definitions are now available which resolve this behavior... Certified definitions Sequence Number: 134131 Extended Version: 5/8/2012 rev. 18..."
:fear::fear:
-
Avira update blocks Windows apps
FYI...
Avira update blocks Windows apps
- http://news.cnet.com/8301-1009_3-574...-applications/
May 15, 2012
> https://www.avira.com/en/proactiv-application-blocking
"Issue details: On May 14 and 15, 2012, following the release of Service Pack 0 (SP0) for Avira Version 2012, the ProActiv feature blocked legitimate Windows applications on customers’ PCs.
Affected products: Avira Pro Security, Avira Internet Security 2012, Avira Antivirus Premium 2012
We deeply regret any difficulties this has caused you. Thank you for your patience and understanding.
If you still encounter the issue: In the unlikely event that applications continue to be blocked by ProActiv, please update your software as follows:
Open the Avira Control Center.
Click on Update › Start product update.
No further steps are required.
To Disable ProActiv in the future:
Open the Avira Control Center.
Press the "F8" button to open the Avira Configuration window.
Enable the Expert Mode in the upper left corner.
Open the following options in the PC Protection menu: "Realtime Protection › ProActiv".
Disable the ProActiv component.
Close the Avira Configuration window by clicking the OK button.
Restart your computer.
For step-by-step instructions, please see our knowledge base article*."
* https://www.avira.com/en/support-for...tail/kbid/1257
:sad: :fear:
-
Symantec Endpoint Protection ...
FYI...
Symantec Endpoint Protection...
- https://secunia.com/advisories/49248/
Release Date: 2012-05-23
Criticality level: Moderately critical
Impact: Manipulation of data, System access
Where: From local network
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0289 - 7.2 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0294 - 5.8
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0295 - 9.3 (HIGH)
... vulnerability is reported in versions 12.1 prior to 12.1 RU1-MP1.
Solution: Update to version 12.1 RU1-MP1...
Original Advisory: SYM12-008:
http://www.symantec.com/security_res...id=20120522_01
- https://secunia.com/advisories/49221/
Release Date: 2012-05-23
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1821 - 5.0
... vulnerability only affects applications running with Network Threat Protection module on Windows Server 2003 SP2 and prior... see the vendor's advisory for a list of affected versions.
Solution: Update to version 11.0 RU7 MP2.
Original Advisory: SYM12-007:
http://www.symantec.com/security_res...id=20120522_00
:fear::fear:
-
Symantec message filter - multiple vulns
FYI...
Symantec message filter - multiple vulns
- https://secunia.com/advisories/49727/
Release Date: 2012-06-27
Impact: Hijacking, Cross Site Scripting, Exposure of sensitive information
Where: From remote...
CVE Reference(s): CVE-2012-0300, CVE-2012-0301, CVE-2012-0302, CVE-2012-0303
Original Advisory:
- http://www.symantec.com/security_res...id=20120626_00
Symantec Message Filter version 6.3.0 Patch 231
* http://www.symantec.com/business/sup...&id=TECH191487
Updated: 2012-06-27
:fear::fear:
-
Symantec/XP users BSOD ...
FYI...
Symantec/XP users BSOD ...
- http://www.symantec.com/docs/TECH192811
Updated: 2012-07-16 - "Problem: On July 11th, 2012 at approximately 22:30 PST, Symantec started receiving reports of customers experiencing blue screens after applying Proactive Threat Protection definition version July 11, 2012 rev 11. Machines may continue to blue screen after they reboot. This problem appears to occur only on Windows XP machines running SEP 12.1.
Error: Blue screen (BSOD) with code 0x000000CB after installing July 11, 2012 rev. 11 definitions.
Environment: SEP 12.1 Systems on Windows XP 32 bit and 64 bit
Cause: Symantec has reproduced the problem and is now trying to identify the root cause. We have posted updated signatures which resolve the issue to the public LiveUpdate production servers.
Solution: Symantec has posted updated signatures which resolve the issue to the public LiveUpdate production servers. To work around the issue please follow these steps on the impacted machines. For Enterprise customers, make sure you have updated to the latest virus definitions on the Symantec Endpoint Protection Manager(SEPM)..."
(More detail at the Symantec URL above.)
Hat tip to Heise:
- http://h-online.com/-1641046
13 July 2012
:fear::spider::fear:
-
McAfee Security for MS SharePoint / MS Exchange Outside-In vulns
FYI...
McAfee Security for MS SharePoint / MS Exchange Outside-In vulns
- https://secunia.com/advisories/50275/
Release Date: 2012-08-20
Criticality level: Highly critical
Impact: System access
Where: From remote ...
CVE Reference(s): CVE-2012-1766, CVE-2012-1767, CVE-2012-1768, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, CVE-2012-3109, CVE-2012-3110
... vulnerabilities are caused due to the software bundling a vulnerable Outside In library.
For more information see vulnerabilities #1 through #13 in: https://secunia.com/SA49936/
Solution: Apply Patch 1 and Hotfix HF788523.
Original Advisory: McAfee:
https://kc.mcafee.com/corporate/inde...ent&id=KB75998 ...
:fear:
-
McAfee DAT versions 6807 or 6808 ...
FYI...
DAT 6807/6808 causing issues...
- https://kc.mcafee.com/corporate/inde...ent&id=KB76004
Last Modified: August 23, 2012
- https://kc.mcafee.com/corporate/inde...ent&id=KB76048
Last Modified: August 24, 2012
McAfee DAT versions 6807 or 6808 ...
- http://www.theregister.co.uk/2012/08...et_cutoff_bug/
23rd August 2012 16:29 GMT
> http://service.mcafee.com/faq/TS101446.htm
> https://btbusiness.custhelp.com/app/..._cat/2468,2470
"... some of our customers have lost access to the internet after recent updates by McAfee. If you right-click on your McAfee icon and then select About, you will be able to see the "DAT version". If this is 6807 or 6808, you are likely to be affected. This issue has only affected certain Operating Systems but can be fixed by re-installing your security software.
Affected Operating Systems:
Windows XP
Windows Vista
Windows 7 ...
>> http://www.mcaf.ee/s3b79
Document ID: TS101446
? reinstall... see TS100342.
> http://service.mcafee.com/faq/TS100342.htm
:fear::fear::sad:
-
Sophos - False positives ...
FYI...
Sophos - False positives ...
- http://www.sophos.com/en-us/support/...se/118311.aspx
Updated: 25 Sep 2012
"Issue: Numerous binaries are falsely detected as ssh/updater-B.
Cause: An identity released by SophosLabs for use with our Live Protection system is causing False Positives against many binaries that have updating functionality.
What To Do: Customer should ensure that endpoints are update to date with the latest IDE files. This issue is resolved with javab-jd.ide which was released at Wed, 19 Sep 2012 18:48:35 +0000... (more info at the URL above.)
If you need more information or guidance, then please contact technical support*."
* http://www.sophos.com/en-us/support/...t-support.aspx
- http://www.sophos.com/en-us/support/...se/118322.aspx
Updated: 25 Sep 2012
- http://www.sophos.com/en-us/support/...se/118323.aspx
Updated: 25 Sep 2012
- http://www.sophos.com/en-us/support/...se/118315.aspx
Updated: 25 Sep 2012
___
- http://h-online.com/-1713840
20 Sep 2012
:fear: :sad:
-
Symantec Enterprise Outside In Filters vulns - update available
FYI...
Symantec Enterprise Outside In Filters vulns - update available
- https://secunia.com/advisories/50824/
Release Date: 2012-10-01
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote...
Software: Symantec Enterprise Vault 10.x
CVE Reference(s): CVE-2012-1744, CVE-2012-1766, CVE-2012-1767, CVE-2012-1768, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, CVE-2012-3109, CVE-2012-3110
... more information: https://secunia.com/SA49936/
... vulnerabilities are reported in versions prior to 10.0.2.
Solution: Update to version 10.0.2.
Original Advisory: Symantec (SYM12-015):
http://www.symantec.com/security_res...id=20120928_00
... Reference:
- http://www.kb.cert.org/vuls/id/118913
Last revised: 29 Sep 2012
:fear::fear:
-
Trend Micro Control Manager SQL injection vuln - updates available
FYI...
Trend Micro Control Manager SQL injection vuln - updates available
- http://h-online.com/-1721385
01 Oct 2012 - "... Trend Micro's platform for centralised security management is vulnerable to SQL injection attacks. According to US-CERT*, versions 5.5 and 6.0 of the Trend Micro Control Manager are vulnerable. The company has provided patches** for both affected versions. The vulnerability in question concerns a blind SQL injection attack which means the web frontend does not divulge any information from the database. According to a report by security consulting firm Spentera which includes a proof-of-concept, the vulnerable system can be made to leak information like password hashes by analysing the timing of SQL queries."
* http://www.kb.cert.org/vuls/id/950795
Last revised: 27 Sep 2012
** http://esupport.trendmicro.com/solut...s/1061043.aspx
"... Critical patches for this vulnerability are now available..."
- http://www.securitytracker.com/id/1027584
CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-2998 - 7.5 (HIGH)
Sep 28 2012
Impact: Disclosure of system information, Disclosure of user information, User access via network...
... vendor's advisory is available at:
- http://esupport.trendmicro.com/solut...s/1061043.aspx
:fear::fear:
-
Sophos - critical security vulnerabilities
FYI....
Sophos - critical security vulnerabilities
- http://h-online.com/-1744777
6 Nov 2012 - "... critical security vulnerabilities in Sophos anti-virus software. This includes the publication of a proof of concept (PoC) for a root exploit for Sophos 8.0.6 for Mac OS X, which utilises a stack buffer overflow when searching through PDF files. The vulnerability is also likely to affect Linux and Windows versions. Ormandy has published a full analysis on the SecLists.org security mailing list newsletter. A module for the Metasploit penetration testing software is now also available... the anti-virus company is not aware of any of the vulnerabilities having been exploited in the wild..."
* http://www.sophos.com/en-us/support/...se/118424.aspx
Updated: 07 Nov 2012 - "... roll-out of fixes to Sophos customers will begin on November 28th 2012..."
___
- https://secunia.com/advisories/51156/
Release Date: 2012-11-07
Criticality level: Highly critical
Impact: Cross Site Scripting, Privilege escalation, System access
Where: From remote...
Original Advisory: Sophos:
http://www.sophos.com/en-us/support/...se/118424.aspx
:fear::fear:
-
Sophos v9.004 released
FYI...
Sophos v9.004 released
- https://secunia.com/advisories/51339/
Release Date: 2012-11-19
Criticality level: Highly critical
Impact: Cross Site Scripting, System access
Where: From remote
Operating System: Sophos UTM 9.x
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-5671 - 6.8
Solution: Update to version 9.004.
Original Advisory: http://www.astaro.com/blog/up2date/UTM9004
Support for UTM100 licenses
Fix: issues with Endpoint Protection on HA/Cluster systems
Fix: WebAdmin login problems when using French as language
System will be rebooted
Configuration will be upgraded...
- http://securitytracker.com/id/1027788
Nov 20 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 9.004 ...
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the Sophos UTM web interface, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (9.004)...
> https://www.astaro.com/blog/up2date/UTM9004
:fear::fear:
-
SYM12-019 - Symantec Endpoint - multiple issues...
FYI...
SYM12-019 - Symantec Endpoint - multiple issues
- https://secunia.com/advisories/51527/
Release Date: 2012-12-11
Criticality level: Moderately critical
Impact: System access
Where: From local network
... vulnerabilities are reported in the following versions:
* Symantec Endpoint Protection version 11.0
* Symantec Endpoint Protection version 12.0
* Symantec Endpoint Protection version 12.1
Solution: Update to a fixed version.
CVE Reference(s): CVE-2012-4348, CVE-2012-4349
Original Advisory: Symantec (SYM12-019):
http://www.symantec.com/security_res...id=20121210_00
"... SEP 12.0 Small Business Edition... Updates are available through customers’ normal support/download locations..."
:fear::fear:
-
SYM12-020 Symantec Enterprise Security ...
FYI...
SYM12-020 Symantec Enterprise Security ...
- http://www.securitytracker.com/id/1027874
CVE Reference: CVE-2012-4350
Dec 13 2012
Impact: Root access via local system, User access via local system
Version(s): 10.x and prior ...
Solution: The vendor has issued a fix (Security Update SU44, or 11.0).
The vendor's advisory is available at:
https://www.symantec.com/security_re...id=20121213_00
:fear: