Multiple AV vendor vulns / updates / issues

[AplusWebMaster]

FYI...

MS AV def. performance issues...
Update signature definitions to resolve performance issues in definitions starting with 1.141.2400.0
- https://blogs.technet.com/b/mmpc/arc...edirected=true
27 Dec 2012 - "Some users of Microsoft antimalware products have reported a performance issue with signature definition versions starting with 1.141.2400.0 (12/21/2012 1920 UTC). The current definition files, since 1.141.2639.0 (12/27/2012 0625 UTC), resolve this issue. If you have a signature set in the affected range, please update to the current definition files*."
* http://www.microsoft.com/security/po...tions/adl.aspx

[AplusWebMaster]

FYI...

MSE Update problems
- http://h-online.com/-1791005
24 Jan 2013 - "On Saturday, Microsoft Security Essentials (MSE), Microsoft's free anti-virus software package, stopped automatically updating its malware signatures on some systems. Users are also reporting that clicking on the "Update" button on the program window likewise fails to deliver the anticipated results. The problem appears to have been present on affected systems since 19 January. Microsoft has -not- officially commented on the issue. The problem can apparently be resolved by downloading the malware signatures from Microsoft's Malware Protection Center*. The signatures consists of a 70 MB program which must be run with administrator privileges. When downloading, users need to make sure they get the right executable – different packages are required for the 32- and 64-bit versions of MSE. In addition, users should also install updated network access control rules, available separately from Microsoft**."
* https://www.microsoft.com/security/p...?wa=wsignin1.0

** https://www.microsoft.com/security/p.../howtomse.aspx

[AplusWebMaster]

FYI...

Kaspersky update hoses Internet access for XP users
- http://news.cnet.com/8301-1009_3-575...dows-xp-users/
Feb 5, 2013 - "Windows XP users who run certain Kaspersky antivirus software may find themselves offline after downloading a new update... the update causes Windows XP computers to lose their connection to the Internet. IT administrators who use Kaspersky Endpoint Security at their organizations chimed into the Kaspersky forum yesterday and today complaining of connectivity problems. One person who manages around 12,000 computers with KES installed noted a slew of calls to the help desk from users knocked offline. Some IT admins said they were able to restore Internet access by shutting down the monitoring of certain ports or disabling the product's Web Anti-Virus component. But those were deemed temporary solutions at best. Kaspersky did eventually acknowledge the problem, announcing a fix* to the buggy update and offering a resolution..."
* "... Kaspersky Lab has fixed the issue that was causing the Web Anti-Virus component in some products to block Internet access. The error was caused by a database update that was released on Monday, February 4th, at 11:52 a.m., EST. At 5:31 p.m. the same day, the problem was fixed by a database update being uploaded to public servers..."

- http://forum.kaspersky.com/index.php...post&p=1978848

- http://h-online.com/-1799641
7 Feb 2013

[AplusWebMaster]

FYI...

AVG false positive on XP System32\wintrust.dll
- http://h-online.com/-1823171
14 March 2013 - "On Thursday morning, the protection programs of AVG incorrectly identified the Windows system file wintrust.dll as a trojan of type "Generic32.FJU". Under certain circumstances, the virus hunting software has also labelled programs as malware if they attempted to access the supposed trojan DLL. The solution is a virus signature update. Only Windows XP systems were affected by the problem. Users who deleted the file from their system could not boot their computers any more. In this case, to help restore the system, boot it with the Rescue CD and take wintrust.dll from a still functioning system and copy that to C:\Windows\System32\. At least, according to AVG, the anti-virus software did not automatically delete or quarantine the wintrust.dll file, though other files will have to be moved back into place. The company says it fixed the problem by 12:45 on the same day with updates to virus database number 567 for AVG 9 and 2012 editions and virus database number 6174 for the current 2013 edition."
___

Kaspersky fixes IPv6 problem...
- http://h-online.com/-1822839
14 March 2013 - "Security researcher Marc Heuse discovered that the firewall in Kaspersky Internet Security 2013 has a problem with certain IPv6 packets. The researcher said that he publicly disclosed the details of the problem because Kaspersky didn't respond when he reported it. Shortly after his disclosure, Kaspersky did release a fix. A single packet is all that's required to completely cripple a Windows PC. When running tests with his IPv6 tool suite, Heuse discovered that KIS responds inappropriately to fragmented IPv6 packets that contain an overly long extension header. IPv6 support has been enabled by default since Windows Vista, therefore users would be vulnerable even without one of the still sparsely used IPv6 internet connections – for example on public Wi-Fi networks. Kaspersky has now confirmed the problem for Kaspersky Internet Security 2013, Kaspersky Pure 3.0 and Kaspersky Endpoint Security 10 for Windows. "A non-public patch [for Kaspersky Internet Security 2013] is already available from our support department on request, and an autopatch that will fix the problem automatically will be released in the near future"..."

[AplusWebMaster]

FYI...

ClamAV v0.97.7 released
- https://secunia.com/advisories/52647/
Release Date: 2013-03-18
Criticality level: Moderately critical
Impact: Unknown
Where: From remote
... vulnerabilities are reported in version 0.97.6. Prior versions may also be affected.
Solution: Update to version 0.97.7.
Original Advisory: ClamAV:
http://blog.clamav.net/2013/03/clama...-released.html
March 15, 2013

McAfee Vulnerability Manager hotfix...
- https://secunia.com/advisories/52688/
Release Date: 2013-03-18
Impact: Cross Site Scripting
Where: From remote
... vulnerability is reported in versions 7.5.0 and 7.5.1.
Solution: Apply hotfix (please see the vendor's advisory for details*). The vendor is planning to release a MVM 7.5.2 patch at the end of March...
Original Advisory:
* https://kc.mcafee.com/corporate/inde...ent&id=KB77772
March 15, 2013

[AplusWebMaster]

FYI...

Sophos Web Appliance v3.7.8.2 released
- https://secunia.com/advisories/52814/
Release Date: 2013-04-03
Criticality level: Moderately critical
Impact: Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote
CVE Reference(s): CVE-2013-2641, CVE-2013-2642, CVE-2013-2643
... vulnerabilities are reported in versions prior to 3.7.8.2.
Solution: Update to version 3.7.8.2.
Original Advisory: Sophos:
http://www.sophos.com/en-us/support/...se/118969.aspx

- http://h-online.com/-1834672
3 April 2013

[AplusWebMaster]

FYI...

Malwarebytes def. file update wipes out thousands of computers
- http://www.theinquirer.net/inquirer/...s-of-computers
Apr 17 2013 - "... Malwarebytes has wiped out thousands of computers around the world with a faulty security update, mistaking legitimate system files as malware code. The security firm confessed to the mistake in a blog post on Tuesday, and assured firms that the update has since been pulled... The update definition made it so Malwarebytes protection software treated essential Windows .dll and .exe files as malware, stopping them from running and thus knocking IT systems and PCs offline..."
> http://blog.malwarebytes.org/news/20...-update-issue/
April 16, 2013

> http://forums.malwarebytes.org/index...owtopic=125138

[AplusWebMaster]

FYI...

McAfee ePolicy Orchestrator - multiple vulns
- https://secunia.com/advisories/53159/
Release Date: 2013-04-22
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote
Software: McAfee ePolicy Orchestrator 4.x
CVE Reference(s):
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-0169 - 2.6
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-1484 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-1485 - 5.0
... weakness and vulnerabilities are reported in versions 4.6.5 and prior.
Solution: Update to version 4.6.6 or 5.0.
Original Advisory: SB10041:
https://kc.mcafee.com/corporate/inde...ent&id=SB10041
Last Modified: April 24, 2013

- https://kc.mcafee.com/corporate/inde...ent&id=SB10042
Last Modified: April 26, 2013 - "... The remediation plan is to patch the currently supported versions of ePO 4.5 and 4.6 beginning with patch 4.6.6 and 4.5.7..."

- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-0140 - 7.9 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-0141 - 4.3

- http://www.kb.cert.org/vuls/id/209131
Last revised: 29 Apr 2013

- http://h-online.com/-1854555
2 May 2013

[AplusWebMaster]

FYI...

ClamAV v0.97.8 released
- https://secunia.com/advisories/53150/
Release Date: 2013-04-24
Criticality level: Moderately critical
Impact: Unknown
Where: From remote...
... vulnerabilities are reported in version 0.97.7. Prior versions may also be affected.
Solution: Update to version 0.97.8.
Original Advisory: ClamAV:
http://blog.clamav.net/2013/04/clama...-released.html

[AplusWebMaster]

FYI...

Symantec Web Gateway Security Issues - SYM13-008
- https://www.symantec.com/security_re...id=20130725_00
July 25, 2013
- http://www.securitytracker.com/id/1028836
CVE Reference: CVE-2013-1616, CVE-2013-1617, CVE-2013-4670, CVE-2013-4671, CVE-2013-4672, CVE-2013-4673
Jul 26 2013
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 5.1.0 and prior...
Solution: The vendor has issued a fix (5.1.1)...

McAfee ePolicy Orchestrator - updated
- https://kc.mcafee.com/corporate/inde...ent&id=KB78824
July 19, 2013
McAfee Network Threat Behavior Analysis...
- http://www.securitytracker.com/id/1028826
Jul 24 2013
Impact: Root access via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 7.1, 7.5
Solution: The vendor has issued a fix (7.1.3.21, 7.5.3.30).
The vendor's advisory is available at:
- https://kc.mcafee.com/corporate/inde...ent&id=SB10045

Exploit Tool Targets Vulnerabilities in McAfee ePolicy Orchestrator (ePO)
- https://www.us-cert.gov/ncas/alerts/TA13-193A
July 12, 2013
___

CA Service Desk Manager - flaw permits Cross-Site Scripting Attacks
- http://www.securitytracker.com/id/1028835
CVE Reference: CVE-2013-2630
July 26 2013
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): Manager 12.5, 12.6, 12.7
Description: A vulnerability was reported in CA Service Desk Manager. A remote user can conduct cross-site scripting attacks...
Solution: The vendor has issued a fix...
The vendor's advisory is available at:
- http://support.ca.com/irj/portal/ano...-3D454437AD53}
Platform: Windows, Sun, AIX, Linux
Affected Products: CA Service Desk Manager 12.5, 12.6, 12.7

- https://krebsonsecurity.com/2013/07/...-heal-thyself/
July 26, 2013