Security Flaws & Fixes - W/E - 070717
Audit Finds DHS Workers Left Sensitive Data Out in the Open (07/03/2017)
An audit of Homeland Security (DHS) offices by KPMG found that several workstations at the agency had materials containing passwords or information considered sensitive left unattended and unsecured after business hours, which is a violation of DHS policy. The auditor conducted walkthroughs after hours at DHS and analyzed 69 workstations, finding three of them in violation.
An audit of Homeland Security (DHS) offices by KPMG found that several workstations at the agency had materials containing passwords or information considered sensitive left unattended and unsecured after business hours, which is a violation of DHS policy. The auditor conducted walkthroughs after hours at DHS and analyzed 69 workstations, finding three of them in violation.
Bugs in Lenovo Vibe P1 Have Received Fixes (07/03/2017)
FireEye's Mandiant team discovered vulnerabilities in Lenovo's Vibe P1 Android-based mobile device that allow local privilege escalation to the user "root." The Lenovo advisory that includes the affected devices and software versions can be found on Motorola's Web site since Lenovo has since acquired it. Motorola has indicated that these vulnerabilities have since been patched. The bugs were reported in May 2016.
FireEye's Mandiant team discovered vulnerabilities in Lenovo's Vibe P1 Android-based mobile device that allow local privilege escalation to the user "root." The Lenovo advisory that includes the affected devices and software versions can be found on Motorola's Web site since Lenovo has since acquired it. Motorola has indicated that these vulnerabilities have since been patched. The bugs were reported in May 2016.
Cisco Issues Multiple Security Advisories (07/05/2017)
Cisco has released a number of advisories to address vulnerabilities across multiple product lines. Three of the advisories provide information regarding critical vulnerabilities.
Cisco has released a number of advisories to address vulnerabilities across multiple product lines. Three of the advisories provide information regarding critical vulnerabilities.
Fixes Coming for Schneider Electric's U.motion Builder (07/03/2017)
U.motion Builder from Schneider Electric contains multiple vulnerabilities. The vendor has said that a firmware update to fix these issues will be released in August. ICS-CERT has published an alert that offers some mitigation techniques until then.
U.motion Builder from Schneider Electric contains multiple vulnerabilities. The vendor has said that a firmware update to fix these issues will be released in August. ICS-CERT has published an alert that offers some mitigation techniques until then.
Joomla! Receives Security Update (07/05/2017)
Joomla! has been updated to version 3.7.3 in the wake of security vulnerabilities. The new version contains more than 230 bug fixes and improvements.
Joomla! has been updated to version 3.7.3 in the wake of security vulnerabilities. The new version contains more than 230 bug fixes and improvements.
Researchers Discover Libgcrypt Side-Channel Attacks Leak RSA Private Keys (07/05/2017)
Researchers from universities in the US, Australia, and the Netherlands have determined that software libraries such as Libgcrypt, used by GNU Privacy Guard, can be targeted by side-channel attacks that allow the recovery of RSA private keys. This security issue occurs because Libgcrypt uses a sliding windows method for exponentiation. The researchers said in their paper, "...we demonstrate a complete break of RSA-1024 as implemented in Libgcrypt. Our attack makes essential use of the fact that Libgcrypt uses the left-to-right method for computing the sliding-window expansion. We show for the first time that the direction of the encoding matters: the pattern of squarings and multiplications in left-to-right sliding windows leaks significantly more information about the exponent than right-to-left."
Researchers from universities in the US, Australia, and the Netherlands have determined that software libraries such as Libgcrypt, used by GNU Privacy Guard, can be targeted by side-channel attacks that allow the recovery of RSA private keys. This security issue occurs because Libgcrypt uses a sliding windows method for exponentiation. The researchers said in their paper, "...we demonstrate a complete break of RSA-1024 as implemented in Libgcrypt. Our attack makes essential use of the fact that Libgcrypt uses the left-to-right method for computing the sliding-window expansion. We show for the first time that the direction of the encoding matters: the pattern of squarings and multiplications in left-to-right sliding windows leaks significantly more information about the exponent than right-to-left."
Siemens Updates Various Products to Prevent Security Issues (07/03/2017)
Siemens released advisories for Industrial PCs, SINUMERIK Panel Control Unit (PCU), SIMOTION P320, and Viewport for Web Office Portal due to vulnerabilities. The vendor has released either updates or new firmware for risk mitigation.
Siemens released advisories for Industrial PCs, SINUMERIK Panel Control Unit (PCU), SIMOTION P320, and Viewport for Web Office Portal due to vulnerabilities. The vendor has released either updates or new firmware for risk mitigation.
SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software (07/03/2017)
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. These vulnerabilities affect all releases of Cisco IOS and IOS XE Software prior to the first fixed release and they affect all versions of SNMP - Versions 1, 2c, and 3. Cisco plans to release software updates that address these vulnerabilities at a later date. There are workarounds that address these vulnerabilities.
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. These vulnerabilities affect all releases of Cisco IOS and IOS XE Software prior to the first fixed release and they affect all versions of SNMP - Versions 1, 2c, and 3. Cisco plans to release software updates that address these vulnerabilities at a later date. There are workarounds that address these vulnerabilities.
Trustwave Points Out Zero-Day Bug in HUMAX WiFi Router (07/05/2017)
Trustwave researchers found a remote vulnerability in the HUMAX WiFi Router model HG-100R. The vulnerability can allow attackers to compromise WiFi credentials and retrieve the router console administrative password. The equipment is a default brand/version distributed by a major Internet provider in Brazil (where the vulnerability was discovered) but is also used in other parts of the world.
Trustwave researchers found a remote vulnerability in the HUMAX WiFi Router model HG-100R. The vulnerability can allow attackers to compromise WiFi credentials and retrieve the router console administrative password. The equipment is a default brand/version distributed by a major Internet provider in Brazil (where the vulnerability was discovered) but is also used in other parts of the world.
Vulnerabilities Found in Pre-Installed Dell Software (07/05/2017)
The Dell Precision Optimizer application service software, Invincea-X, and Invincea Dell Protected Workspace packages, which are pre-installed on certain Dell systems, are affected by vulnerabilities which could allow attackers to disable security mechanisms, escalate privileges, and execute arbitrary code within the context of the application user. This information comes from Cisco's Talos researchers who revealed that patches were released for some of the issues but Invincea-X and Dell Protected Workspace 6.1.3-24058 remain vulnerable to the privilege escalation bug.
The Dell Precision Optimizer application service software, Invincea-X, and Invincea Dell Protected Workspace packages, which are pre-installed on certain Dell systems, are affected by vulnerabilities which could allow attackers to disable security mechanisms, escalate privileges, and execute arbitrary code within the context of the application user. This information comes from Cisco's Talos researchers who revealed that patches were released for some of the issues but Invincea-X and Dell Protected Workspace 6.1.3-24058 remain vulnerable to the privilege escalation bug.
"GhostHook" Exploit Defeats Windows 10 PatchGuard (06/27/2017)
CyberArk researchers have developed "GhostHook," a hooking technique that can infiltrate the PatchGuard kernel in Windows 10 through the Process Trace feature in Intel processors. The end result is that rootkits can be developed for 64-bit versions of Windows. A Microsoft representative told Threatpost, "This technique requires that an attacker has already fully compromised the targeted system. We encourage our customers to practice good computing habits online, including exercising caution when clicking on links to Web pages, opening unknown files, or accepting file transfers."
CyberArk researchers have developed "GhostHook," a hooking technique that can infiltrate the PatchGuard kernel in Windows 10 through the Process Trace feature in Intel processors. The end result is that rootkits can be developed for 64-bit versions of Windows. A Microsoft representative told Threatpost, "This technique requires that an attacker has already fully compromised the targeted system. We encourage our customers to practice good computing habits online, including exercising caution when clicking on links to Web pages, opening unknown files, or accepting file transfers."
Critical Skype Bug Allowed for Remote Crashes (06/28/2017)
A zero-day stack overflow bug in Skype that was discovered by researchers at Vulnerability Lab allows the software application to crash with an unexpected exception error and to overwrite the active process registers to execute malicious codes. The issue affects the MSFTEDIT.DLL dynamic link library of the windows8 (x86) operating system. Microsoft was notified of the vulnerability in May and resolved the issue with an update to version 7.37 of the Skype software on June 8.
A zero-day stack overflow bug in Skype that was discovered by researchers at Vulnerability Lab allows the software application to crash with an unexpected exception error and to overwrite the active process registers to execute malicious codes. The issue affects the MSFTEDIT.DLL dynamic link library of the windows8 (x86) operating system. Microsoft was notified of the vulnerability in May and resolved the issue with an update to version 7.37 of the Skype software on June 8.
Microsoft Addresses Elevation of Privilege Bug in Azure AD Connect (06/27/2017)
Microsoft released an advisory to announce a new version of Azure Active Directory (AD) Connect which addresses a vulnerability. The bug could allow elevation of privilege if Azure AD Connect Password writeback is misconfigured during enablement. An attacker who successfully exploited this vulnerability could reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts.
Microsoft released an advisory to announce a new version of Azure Active Directory (AD) Connect which addresses a vulnerability. The bug could allow elevation of privilege if Azure AD Connect Password writeback is misconfigured during enablement. An attacker who successfully exploited this vulnerability could reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts.
Microsoft Plugs RCE Hole in Its Malware Protection Engine (06/27/2017)
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has issued an update for this vulnerability which was discovered by Google's Tavis Ormandy.
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has issued an update for this vulnerability which was discovered by Google's Tavis Ormandy.
Siemens Advises on Vulnerabilities in SIMATIC, XHQ Product Lines (06/26/2017)
Siemens' SIMATIC CP 44x-1 RNA, all versions prior to Versions 1.4.1, are affected by an improper authentication vulnerability, according to an alert from the ICS-CERT. A new firmware version has been issued to fix the vulnerability. Also, the XHQ operations intelligence product line from Siemens is vulnerable to an improper access control bug. Siemens has released new versions of XHQ to address this vulnerability.
Siemens' SIMATIC CP 44x-1 RNA, all versions prior to Versions 1.4.1, are affected by an improper authentication vulnerability, according to an alert from the ICS-CERT. A new firmware version has been issued to fix the vulnerability. Also, the XHQ operations intelligence product line from Siemens is vulnerable to an improper access control bug. Siemens has released new versions of XHQ to address this vulnerability.
Virgin Media's Super Hub 2 Routers Are Easily Hackable, Change Passwords (06/26/2017)
Virgin Media is advising users of its Super Hub 2 routers to update their passwords because they can be hacked. A study by Which?, a consumer investigative group, determined that the Super Hub 2 routers utilized a simple password. Upwards of 800,000 routers are affected. Virgin Media said in a statement posted on its Web site, "The security of our network and of our customers is of paramount importance to us. We continually upgrade our systems and equipment to ensure that we meet all current industry standards. To the extent that technology allows this to be done, we regularly support our customers through advice and updates."
Virgin Media is advising users of its Super Hub 2 routers to update their passwords because they can be hacked. A study by Which?, a consumer investigative group, determined that the Super Hub 2 routers utilized a simple password. Upwards of 800,000 routers are affected. Virgin Media said in a statement posted on its Web site, "The security of our network and of our customers is of paramount importance to us. We continually upgrade our systems and equipment to ensure that we meet all current industry standards. To the extent that technology allows this to be done, we regularly support our customers through advice and updates."
Vulnerability in Newport XPS-Cx, XPS-Qx to Be Patched at a Later Date (06/28/2017)
Newport's XPS-Cx and XPS-Qx universal motion controllers are affected by an improper authentication vulnerability. The vendor will address the issue in the next generation XPS-Dx controller. Further information is available from an alert distributed by the ICS-CERT.
Newport's XPS-Cx and XPS-Qx universal motion controllers are affected by an improper authentication vulnerability. The vendor will address the issue in the next generation XPS-Dx controller. Further information is available from an alert distributed by the ICS-CERT.