Just a sample of the Echomail archive
[ << oldest | < older | list | newer > | newest >> ]
| Message 271 |
| Ben Ritchey to All |
| US-CERT alert |
| 15 Jul 15 01:15:55 |
NCCIC / US-CERT
National Cyber Awareness System:
TA15-195A: Adobe Flash and Microsoft Windows Vulnerabilities
07/14/2015 07:13 PM EDT
Original release date: July 14, 2015
Systems Affected
Microsoft Windows systems with Adobe Flash Player installed.
Overview
Used in conjunction, recently disclosed vulnerabilities in Adobe Flash and
Microsoft Windows may allow a remote attacker to execute arbitrary code with
system privileges. Since attackers continue to target and find new
vulnerabilities in popular, Internet-facing software, updating is not
sufficient, and it is important to use exploit mitigation and other defensive
techniques.
Description
The following vulnerabilities illustrate the need for ongoing mitigation
techniques and prioritization of updates for highly targeted software:
Adobe Flash use-after-free and memory corruption vulnerabilities
(CVE-2015-5119, CVE-2015-5122, CVE-2015-5123) Adobe Flash Player contains
critical vulnerabilities within the ActionScript 3 ByteArray, opaqueBackground
and BitmapData classes. Exploitation of these vulnerabilities could allow a
remote attacker to execute arbitrary code on a vulnerable system.
Microsoft Windows Adobe Type Manager privilege escalation vulnerability
(CVE-2015-2387)
The Adobe Type Manager module contains a memory corruption vulnerability,
which can allow an attacker to obtain system privileges on an affected Windows
system. The Adobe Type Manager is a Microsoft Windows component present in
every version since NT 4.0. The primary impact of exploiting this
vulnerability is local privilege escalation.
Vulnerability Chaining
By convincing a user to visit a website or open a file containing specially
crafted Flash content, an attacker could combine any one of the three Adobe
Flash vulnerabilities with the Microsoft Windows vulnerability to take full
control of an affected system.
A common attack vector for exploiting a Flash vulnerability is to entice a
user to load Flash content in a web browser, and most web browsers have Flash
installed and enabled. A second attack vector for Flash vulnerabilities is
through a file (such as an email attachment) that embeds Flash content.
Another technique leverages Object Linking and Embedding (OLE) capabilities in
Microsoft Office documents to automatically download Flash content from a
remote server.
An attacker who is able to execute arbitrary code through the Flash
vulnerability could exploit the Adobe Type Manager vulnerability to gain
elevated system privileges. The Adobe Type Manager vulnerability allows the
attacker to bypass sandbox defenses (such as those found in Adobe Reader and
Google Chrome) and low integrity protections (such as Protected Mode Internet
Explorer and Protected View for Microsoft Office).
Impact
The Adobe Flash vulnerabilities can allow a remote attacker to execute
arbitrary code. Exploitation of the Adobe Type Manager vulnerability could
then allow the attacker to execute code with system https://www.
icrosoft.com/en-us/download/details.aspx?id=46366privileges.
Solution
Since attackers regularly target widely deployed, Internet-accessible software
such as Adobe Flash and Microsoft Windows, it is important to prioritize
updates for these products to defend against known vulnerabilities.
Since attackers regularly discover new vulnerabilities for which updates do
not exist, it is important to enable exploit mitigation and other defensive
techniques.
Apply Security Updates
The Adobe Flash vulnerabilities (CVE-2015-5119, CVE-2015-5122, CVE-2015-5123)
are addressed in Adobe Security Bulletins APSB15-16 and APSB15-18. Users are
encouraged to review the Bulletins and apply the necessary updates.
The Microsoft Windows Adobe Type Manager vulnerability (CVE-2015-2387) is
addressed in Microsoft security Bulletin MS15-077. Users are encouraged to
review the Bulletin and apply the necessary updates.
Additional information regarding the vulnerabilities can be found in
Vulnerability Notes VU#561288, VU#338736, VU#918568, and VU#103336.
Limit Flash Content
Do not run untrusted Flash content. Most web browsers have Flash enabled by
default, however, it may be possible to enable click-to-play features. For
information see http://www.howtogeek.com/188059/how-to-enable-cl
ck-to-play-plugins-in-every-we b-browser/
Use the Microsoft Enhanced Mitigation Experience Toolkit (EMET)
EMET can be used to help prevent exploitation of the Flash vulnerabilities. In
particular, Attack Surface Reduction (ASR) can be configured to help restrict
Microsoft Office and Internet Explorer from loading the Flash ActiveX control.
See the following link for additional information: http://www.mi
rosoft.com/en-us/download/details.aspx?id=46366
References
[1] http://www.kb.cert.org/vuls/id/561288
[2] http://www.kb.cert.org/vuls/id/103336
[3] http://www.kb.cert.org/vuls/id/338736
[4] http://www.kb.cert.org/vuls/id/918568
[5] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5119
[6] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5119
[7] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5123
[8] http://helpx.adobe.com/security/products/flash-player/apsb15-16.html
[9] https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
[10] http://www.howtogeek.com/188059/how-to-enable-click-to-play
plugins-in-every-we b-browser
[11] https://www.microsoft.com/en-us/download/details.aspx?id=46366
Revision History
July 14, 2015: Initial Release
----------------------------------------------------------------
-------------- -
This product is provided subject to this Notification and this Privacy & Use
policy.
----------------------------------------------------------------
-------------- -
A copy of this publication is available at www.us-cert.gov. If you need help
or have questions, please send an email to info@us-cert.gov. Do not reply to
this message since this email was sent from a notification-only address that
is not monitored. To ensure you receive future US-CERT products, please add
US-CERT@ncas.us-cert.gov to your address book.
OTHER RESOURCES:
Contact Us | Security Publications | Alerts and Tips | Related Resources
STAY CONNECTED:
Sign up for email updates
SUBSCRIBER SERVICES:
Manage Preferences | Unsubscribe | Help
----------------------------------------------------------------
-------------- -
This email was sent to Fido4cmech@lusfiber.net using GovDelivery, on behalf
of: United States Computer Emergency Readiness Team (US-CERT) 245 Murray Lane
SW Bldg 410 Washington, DC 20598 (888) 282-0870 Powered by GovDelivery
--
Guardien Fide :^)
Ben aka cMech Web: http://cmech.dynip.com
Email: fido4cmech(at)lusfiber.net
Home page: http://cmech.dynip.com/homepage/
WildCat! Board 24/7 +1-337-984-4794 any BAUD 8,N,1
--- GoldED+/W32-MSVC
* Origin: FIDONet - The Positronium Repository (1:393/68)
|
[ << oldest | < older | list | newer > | newest >> ]