Jump to content


Photo

Multiple AV vendor vulns - updates available


  • Please log in to reply
146 replies to this topic

#101 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 09 August 2011 - 07:25 AM

FYI...

McAfee SaaS Endpoint v5.2.2 update released
- https://secunia.com/advisories/45506/
Release Date: 2011-08-09
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: McAfee SaaS Endpoint Protection 5.x
... The vulnerabilities are reported in versions 5.2.1 and prior.
Solution: Update to version 5.2.2...

- http://www.securityt....com/id/1025890
Aug 9 2011
Vendor URL: https://kc.mcafee.co...tent&id=SB10016

:ph34r:

Edited by AplusWebMaster, 09 August 2011 - 07:34 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#102 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 15 August 2011 - 10:48 AM

FYI...

Symantec - Veritas/NetBackup advisory
* http://www.symantec....uid=20110815_00
August 15, 2011- SYM11-010
Severity: High...

- http://www.symantec....t&id=TECH165536
Updated: 2011-08-15

- http://www.securityt....com/id/1025926
- http://www.securityt....com/id/1025927
Aug 15 2011

- https://secunia.com/advisories/45576/
Release Date: 2011-08-15
Criticality level: Moderately critical
Impact: System access
Where: From local network
Solution Status: Partial Fix*...

:ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#103 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 02 September 2011 - 08:11 AM

FYI...

VB100 > RAP averages > Feb - August 2011
> http://www.virusbtn....0/rap-index.xml
___

Symantec Enterprise Vault multiple vuln - hotfix available
- https://secunia.com/advisories/45834/
Release Date: 2011-09-02
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Symantec Enterprise Vault 10.x, 8.x, 9.x
CVE Reference(s): CVE-2011-0794, CVE-2011-0808, CVE-2011-2264, CVE-2011-2267
...more information:
- https://secunia.com/advisories/44295/
- https://secunia.com/advisories/45297/
Solution: Apply hotfix.
Original Advisory: Symantec:
http://www.symantec....uid=20110901_00

:ph34r: :ph34r:

Edited by AplusWebMaster, 05 September 2011 - 09:51 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#104 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 30 September 2011 - 09:27 AM

FYI...

Symantec IM Manager multiple vulns - update available
- https://secunia.com/advisories/43157/
Release Date: 2011-09-30
Impact: Cross Site Scripting, System access
Where: From local network
... Successful exploitation of this vulnerability may allow execution of arbitrary code. The vulnerabilities are reported in version 8.4.17 and prior.
Solution: Update to version 8.4.18.
Original Advisory: Symantec:
http://www.symantec....uid=20110929_00
SYM11-012
September 29, 2011

- http://www.securityt....com/id/1026130
CVE Reference: CVE-2011-0552, CVE-2011-0553, CVE-2011-0554
Sep 30 2011

:ph34r:

Edited by AplusWebMaster, 30 September 2011 - 11:35 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#105 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 30 September 2011 - 02:24 PM

FYI...

MS flags Chrome as virus
- http://tech.slashdot...rome-as-a-virus
September 30, 2011 - "Reports poured in this morning that Microsoft's security products, namely Microsoft Security Essentials and Forefront Client Security, were flagging Google Chrome as a virus (PWS:Win32/Zbot) and removing the browser if users chose to clean and reboot their machines. Users reported that the only way to mitigate the problem was to set MSE and Forefront to 'always allow' Zbot, which is generally considered to be a bad idea... Microsoft has now pushed another update* to resolve the issue..."
* http://www.microsoft...79#summary_link
September 30th, 2011
___

- https://isc.sans.edu...l?storyid=11701
Last Updated: 2011-09-30 19:19:10 UTC

:(

Edited by AplusWebMaster, 30 September 2011 - 03:19 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#106 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 07 October 2011 - 08:33 AM

FYI...

Symantec products KeyView Parsers multiple vulns
- https://secunia.com/advisories/44273/
Release Date: 2011-10-07
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution Status: Vendor Patch ...
Original Advisory: Symantec (SYM11-013):
http://www.symantec....uid=20111006_00

- http://www.securityt....com/id/1026155
- http://www.securityt....com/id/1026156
- http://www.securityt....com/id/1026157
CVE Reference: CVE-2011-0337, CVE-2011-0338, CVE-2011-0339, CVE-2011-1213, CVE-2011-1214, CVE-2011-1215, CVE-2011-1216, CVE-2011-1218, CVE-2011-1512
Oct 7 2011

:!: :ph34r:

Edited by AplusWebMaster, 10 October 2011 - 06:28 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#107 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 14 October 2011 - 11:47 AM

FYI...

Norton blocks Facebook as 'phishing site'
- http://www.theregist...locks_facebook/
14th October 2011 - "Symantec has withdrawn an update to its Norton consumer security software that branded Facebook a phishing site on Wednesday. The snafu meant that users of Norton Internet Security were blocked from accessing the social networking site and were told a "fraudulent web page" had been blocked... Security firms update their signature definition files to detect either rogue applications or questionable websites at increasing frequency in order to keep up with malware production rates*. Plenty of effort is put into the quality assurance process across the industry but even so mistakes sometimes occur. False positives are a cross-industry problem that affects all vendors."

* http://www.av-test.o...istics/malware/

:(

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#108 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 18 October 2011 - 12:19 PM

FYI...

ClamAV v0.97.3 released
- https://secunia.com/advisories/46455/
Release Date: 2011-10-18
Criticality level: Moderately critical
Impact: DoS, System access
Where: From remote
... vulnerability is reported in version 0.97.2. Prior versions may also be affected.
Solution: Update to version 0.97.3.
> http://www.clamav.net/lang/en/

- http://blog.clamav.n...n-released.html
October 17, 2011

- http://www.securityt....com/id/1026217
Oct 19 2011
Version: prior to 0.97.3

:!:

Edited by AplusWebMaster, 20 October 2011 - 06:38 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#109 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 20 October 2011 - 07:02 AM

FYI...

Mac trojan disables XProtect updates
- http://www.f-secure....s/00002256.html
October 19, 2011 - "... Recent analysis has revealed to us that Trojan-Downloader:OSX/Flashback.C disables the automatic updater component of XProtect, Apple's built-in OS X anti-malware application... wipes out certain files, thus, preventing XProtect from automatically receiving future updates. Attempting to disable system defenses is a very common tactic for malware — and built-in defenses are naturally going to be the first target on any computing platform..."

:ph34r: :blink:

Edited by AplusWebMaster, 20 October 2011 - 07:02 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#110 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 22 December 2011 - 04:11 PM

FYI...

F-Secure 8 EOL...
- http://www.f-secure....s/00002284.html
December 21, 2011 - "... our legacy software is approaching its end-of-life (EOL)... antivirus updates for F-Secure 8-series software will end on January 1st, 2012..."

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#111 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 20 January 2012 - 02:12 PM

FYI...

McAfee SaaS Endpoint Protection - update
- https://secunia.com/advisories/47520/
Last Update: 2012-01-19
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerability is reported in version 5.2.0.603. Other versions may also be affected.
Solution: ...

- https://kc.mcafee.co...iewlocale=en_US
Security Bulletins ID: SB10018
Last Modified: January 20, 2012
Affected Software: McAfee SaaS Endpoint Protection 5.2.3 and earlier
Description: This update fixes an issue in the Rumor technology utilized by McAfee’s SaaS Endpoint Protection. Rumor is a Peer-to-Peer technology used to allow several machines on a closed network to quickly distribute updates from a single network connection. The result of the misuse of the Rumor service is that an attacker could use an affected machine as a proxy. This can result in spam being sent as the machine acts similar to an “open relay”.
Remediation: Ensure that your systems are online and available to recieve updates. Patches and other updates for SaaS Endpoint are automatically sent through a phased roll-out from the McAfee Network Operations Center (NOC). This patch is being sent on an expedited schedule and should be delivered to all endpoint systems before January 30, 2012..."

- http://h-online.com/-1418006
20 January 2012
___

- http://www.theinquir...otal-protection
Jan 19 2012

:!: :ph34r:

Edited by AplusWebMaster, 21 January 2012 - 12:21 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#112 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 15 February 2012 - 05:10 AM

FYI...

MS AV flags Google.com as Malware...
- https://krebsonsecur...com-as-malware/
Feb0 14, 2012 9:29 pm - "Computers running Microsoft‘s antivirus and security software may be flagging google.com — the world’s most-visited Web site — as malicious, apparently due to a faulty Valentine’s Day security update shipped by Microsoft. Microsoft's antivirus software flagged google.com as bad. Not long after Microsoft released software security updates on Tuesday, the company’s Technet support forums lit up with complaints about Internet Explorer sounding the malware alarm when users visited google.com. The alerts appear to be the result of a “false positive” detection shipped to users of Microsoft’s antivirus and security products, most notably its Forefront technology and free “Security Essentials” antivirus software..."
>> http://answers.micro...b5-eeafdfdab469
"... def. version 1.119.1988.0... Google is no longer detected as a virus. .."
Latest MSE definition updates
- https://www.microsof...s/HowToMSE.aspx
Latest antivirus definition version: 1.119.1998.0
Released: Feb 15, 2012 05:30 AM UTC

:( :scratchhead:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#113 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 28 February 2012 - 09:40 AM

FYI...

ASLR to be mandatory - Firefox extensions
- http://h-online.com/-1443131
27 Feb 2012 - "A patch that was recently introduced to the Firefox repository is designed to make the browser more secure by forcing certain binary extensions to use ASLR (Address Space Layout Randomisation) under Windows. The Mozilla developers say that the change, which will prevent XPCOM (Cross Platform Component Object Module) component DLLs without ASLR from loading, should be included in Firefox 13 "if no unexpected problems arise". This could, for example, affect products from anti-virus firms Symantec and McAfee. As recently as last year, these products were noted installing DLLs (Dynamic Link Libraries) that were compiled without ASLR in the browser, enabling malware to predict with relative ease the memory addresses that are used for heap and stack areas by the DLLs. ASLR is designed to randomise all memory addresses, so that the program components in question will be placed in different locations each time they start..."

:blink: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#114 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 16 April 2012 - 05:41 PM

FYI...

McAfee DAT trouble ...
- https://isc.sans.edu...l?storyid=13003
Last Updated: 2012-04-16 21:11:18 UTC - "... McAfee has confirmed that incremental DAT 6682 may trigger message scan failures and a system crash in GroupShield Exchange (MSME), GroupShield Domino, and McAfee Email Gateway 7 (MEG). McAfee recommends that customers do NOT upload DAT 6682.
More information will be available on the McAfee KnowledgeBase* ..."

Issue with DAT 6682 and McAfee email products
* https://kc.mcafee.co...tent&id=KB70380
Last Modified: April 17, 2012

:(

Edited by AplusWebMaster, 17 April 2012 - 05:19 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#115 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 23 April 2012 - 01:16 PM

FYI...

EMC DDoS vuln ...
- http://www.securityt....com/id/1026956
Date: Apr 20 2012
CVE Reference:
- http://web.nvd.nist....d=CVE-2012-0406 - 7.8 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0407 - 5.0
Impact: Denial of service via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): Server and Collector 5.5, 5.5 SP1, 5.6, 5.6 SP1, 5.7, 5.7 SP1, 5.8, 5.8 SP1
Description: Two vulnerabilities were reported in EMC Data Protection Advisor. A remote user can cause denial of service conditions...
Impact: A remote user can consume excessive CPU resources or cause a process crash on the target system.
Solution: The vendor has issued a fix (Security Hotfix DPA-14718)...
- http://www.emc.com/c...onse-center.htm
1-866-438-3622

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#116 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 09 May 2012 - 06:24 AM

FYI...

Symantec False Positive for signature Bloodhound.Exploit.459
- https://isc.sans.edu...l?storyid=13162
Last Updated: 2012-05-08 17:30:11 UTC - "... false-positive alerts on .xls files..."

> http://www.symantec....t&id=TECH188271
Updated: 2012-05-10 - "... Rapid Release definitions are now available which resolve this behavior... Certified definitions Sequence Number: 134131 Extended Version: 5/8/2012 rev. 18..."

:!: :ph34r:

Edited by AplusWebMaster, 10 May 2012 - 05:06 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#117 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 15 May 2012 - 05:05 PM

FYI...

Avira update blocks Windows apps
- http://news.cnet.com...s-applications/
May 15, 2012

> https://www.avira.co...cation-blocking
"Issue details: On May 14 and 15, 2012, following the release of Service Pack 0 (SP0) for Avira Version 2012, the ProActiv feature blocked legitimate Windows applications on customers’ PCs.
Affected products: Avira Pro Security, Avira Internet Security 2012, Avira Antivirus Premium 2012
We deeply regret any difficulties this has caused you. Thank you for your patience and understanding.
If you still encounter the issue: In the unlikely event that applications continue to be blocked by ProActiv, please update your software as follows:
Open the Avira Control Center.
Click on Update › Start product update.
No further steps are required.

To Disable ProActiv in the future:
Open the Avira Control Center.
Press the "F8" button to open the Avira Configuration window.
Enable the Expert Mode in the upper left corner.
Open the following options in the PC Protection menu: "Realtime Protection › ProActiv".
Disable the ProActiv component.
Close the Avira Configuration window by clicking the OK button.
Restart your computer.
For step-by-step instructions, please see our knowledge base article*."

* https://www.avira.co...etail/kbid/1257
___

- http://h-online.com/-1576614
16 May 2012 - "... the problem does not affect Avira Free Antivirus or users who run a 64-bit version of Windows..."

:techsupport: :ph34r:

Edited by AplusWebMaster, 16 May 2012 - 11:21 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#118 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 23 May 2012 - 12:44 PM

FYI...

Symantec Endpoint Protection...
- https://secunia.com/advisories/49248/
Release Date: 2012-05-23
Criticality level: Moderately critical
Impact: Manipulation of data, System access
Where: From local network
CVE Reference(s):
- http://web.nvd.nist....d=CVE-2012-0289 - 7.2 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0294 - 5.8
- http://web.nvd.nist....d=CVE-2012-0295 - 9.3 (HIGH)
... vulnerability is reported in versions 12.1 prior to 12.1 RU1-MP1.
Solution: Update to version 12.1 RU1-MP1...
Original Advisory: SYM12-008:
http://www.symantec....uid=20120522_01

- https://secunia.com/advisories/49221/
Release Date: 2012-05-23
CVE Reference(s):
- http://web.nvd.nist....d=CVE-2012-1821 - 5.0
... vulnerability only affects applications running with Network Threat Protection module on Windows Server 2003 SP2 and prior... see the vendor's advisory for a list of affected versions.
Solution: Update to version 11.0 RU7 MP2.
Original Advisory: SYM12-007:
http://www.symantec....uid=20120522_00

:ph34r: :ph34r:

Edited by AplusWebMaster, 25 May 2012 - 06:44 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#119 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 27 June 2012 - 09:49 AM

FYI...

Symantec message filter - multiple vulns
- https://secunia.com/advisories/49727/
Release Date: 2012-06-27
Impact: Hijacking, Cross Site Scripting, Exposure of sensitive information
Where: From remote...
CVE Reference(s): CVE-2012-0300, CVE-2012-0301, CVE-2012-0302, CVE-2012-0303
Original Advisory:
- http://www.symantec....uid=20120626_00

Symantec Message Filter version 6.3.0 Patch 231
* http://www.symantec....t&id=TECH191487
Updated: 2012-06-27

:ph34r: :!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#120 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 13 July 2012 - 12:25 PM

FYI...

Symantec/XP users BSOD ...
- http://www.symantec....docs/TECH192811
Updated: 2012-07-16 - "Problem: On July 11th, 2012 at approximately 22:30 PST, Symantec started receiving reports of customers experiencing blue screens after applying Proactive Threat Protection definition version July 11, 2012 rev 11. Machines may continue to blue screen after they reboot. This problem appears to occur only on Windows XP machines running SEP 12.1.
Error: Blue screen (BSOD) with code 0x000000CB after installing July 11, 2012 rev. 11 definitions.
Environment: SEP 12.1 Systems on Windows XP 32 bit and 64 bit
Cause: Symantec has reproduced the problem and is now trying to identify the root cause. We have posted updated signatures which resolve the issue to the public LiveUpdate production servers.
Solution: Symantec has posted updated signatures which resolve the issue to the public LiveUpdate production servers. To work around the issue please follow these steps on the impacted machines. For Enterprise customers, make sure you have updated to the latest virus definitions on the Symantec Endpoint Protection Manager(SEPM)..."
(More detail at the Symantec URL above.)

Hat tip to Heise:
- http://h-online.com/-1641046
13 July 2012

:!: :ph34r: :(

Edited by AplusWebMaster, 17 July 2012 - 08:24 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#121 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 20 August 2012 - 11:14 AM

FYI...

McAfee Security for MS SharePoint / MS Exchange Outside-In vulns
- https://secunia.com/advisories/50275/
Release Date: 2012-08-20
Criticality level: Highly critical
Impact: System access
Where: From remote ...
CVE Reference(s): CVE-2012-1766, CVE-2012-1767, CVE-2012-1768, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, CVE-2012-3109, CVE-2012-3110
... vulnerabilities are caused due to the software bundling a vulnerable Outside In library.
For more information see vulnerabilities #1 through #13 in: https://secunia.com/SA49936/
Solution: Apply Patch 1 and Hotfix HF788523.
Original Advisory: McAfee:
https://kc.mcafee.co...tent&id=KB75998 ...

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#122 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 24 August 2012 - 09:13 AM

FYI...

DAT 6807/6808 causing issues...
- https://kc.mcafee.co...tent&id=KB76004
Last Modified: August 23, 2012
- https://kc.mcafee.co...tent&id=KB76048
Last Modified: August 24, 2012

McAfee DAT versions 6807 or 6808 ...
- http://www.theregist...net_cutoff_bug/
23rd August 2012 16:29 GMT

> http://service.mcafe...aq/TS101446.htm

> https://btbusiness.c...s_cat/2468,2470
"... some of our customers have lost access to the internet after recent updates by McAfee. If you right-click on your McAfee icon and then select About, you will be able to see the "DAT version". If this is 6807 or 6808, you are likely to be affected. This issue has only affected certain Operating Systems but can be fixed by re-installing your security software.
Affected Operating Systems:
Windows XP
Windows Vista
Windows 7 ...
>> http://www.mcaf.ee/s3b79
Document ID: TS101446

? reinstall... see TS100342.
> http://service.mcafe...aq/TS100342.htm

:ph34r: :ph34r: :(

Edited by AplusWebMaster, 24 August 2012 - 10:16 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#123 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 19 September 2012 - 06:01 PM

FYI...

Sophos - False positives ...
- http://www.sophos.co...ase/118311.aspx
Updated: 25 Sep 2012
"Issue: Numerous binaries are falsely detected as ssh/updater-B.
Cause: An identity released by SophosLabs for use with our Live Protection system is causing False Positives against many binaries that have updating functionality.
What To Do: Customer should ensure that endpoints are update to date with the latest IDE files. This issue is resolved with javab-jd.ide which was released at Wed, 19 Sep 2012 18:48:35 +0000... (more info at the URL above.)
If you need more information or guidance, then please contact technical support*."
* http://www.sophos.co...ct-support.aspx

- http://www.sophos.co...ase/118322.aspx
Updated: 25 Sep 2012

- http://www.sophos.co...ase/118323.aspx
Updated: 25 Sep 2012

- http://www.sophos.co...ase/118315.aspx
Updated: 25 Sep 2012
___

- http://h-online.com/-1713840
20 Sep 2012

:( :!:

Edited by AplusWebMaster, 25 September 2012 - 12:14 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#124 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 01 October 2012 - 06:03 AM

FYI...

Symantec Enterprise Outside In Filters vulns - update available
- https://secunia.com/advisories/50824/
Release Date: 2012-10-01
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote...
Software: Symantec Enterprise Vault 10.x
CVE Reference(s): CVE-2012-1744, CVE-2012-1766, CVE-2012-1767, CVE-2012-1768, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, CVE-2012-3109, CVE-2012-3110
... more information: https://secunia.com/SA49936/
... vulnerabilities are reported in versions prior to 10.0.2.
Solution: Update to version 10.0.2.
Original Advisory: Symantec (SYM12-015):
http://www.symantec....uid=20120928_00
... Reference:
- http://www.kb.cert.org/vuls/id/118913
Last revised: 29 Sep 2012

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#125 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 02 October 2012 - 05:54 AM

FYI...

Trend Micro Control Manager SQL injection vuln - updates available
- http://h-online.com/-1721385
01 Oct 2012 - "... Trend Micro's platform for centralised security management is vulnerable to SQL injection attacks. According to US-CERT*, versions 5.5 and 6.0 of the Trend Micro Control Manager are vulnerable. The company has provided patches** for both affected versions. The vulnerability in question concerns a blind SQL injection attack which means the web frontend does not divulge any information from the database. According to a report by security consulting firm Spentera which includes a proof-of-concept, the vulnerable system can be made to leak information like password hashes by analysing the timing of SQL queries."
* http://www.kb.cert.org/vuls/id/950795
Last revised: 27 Sep 2012

** http://esupport.tren...us/1061043.aspx
"... Critical patches for this vulnerability are now available..."

- http://www.securityt....com/id/1027584
CVE Reference: http://web.nvd.nist....d=CVE-2012-2998 - 7.5 (HIGH)
Sep 28 2012
Impact: Disclosure of system information, Disclosure of user information, User access via network...
... vendor's advisory is available at:
- http://esupport.tren...us/1061043.aspx

:!: :ph34r:

Edited by AplusWebMaster, 02 October 2012 - 10:09 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#126 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 07 November 2012 - 05:44 AM

FYI....

Sophos - critical security vulnerabilities
- http://h-online.com/-1744777
6 Nov 2012 - "... critical security vulnerabilities in Sophos anti-virus software. This includes the publication of a proof of concept (PoC) for a root exploit for Sophos 8.0.6 for Mac OS X, which utilises a stack buffer overflow when searching through PDF files. The vulnerability is also likely to affect Linux and Windows versions. Ormandy has published a full analysis on the SecLists.org security mailing list newsletter. A module for the Metasploit penetration testing software is now also available... the anti-virus company is not aware of any of the vulnerabilities having been exploited in the wild..."
* http://www.sophos.co...ase/118424.aspx
Updated: 06 Nov 2012 - "... Roll-out of a fix for Sophos customers will begin: 28 Nov 2012..."
___

- https://secunia.com/advisories/51156/
Release Date: 2012-11-07
Criticality level: Highly critical
Impact: Cross Site Scripting, Privilege escalation, System access
Where: From remote...
Original Advisory: Sophos:
http://www.sophos.co...ase/118424.aspx

:ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#127 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 20 November 2012 - 09:21 AM

FYI...

Sophos v9.004 released
- https://secunia.com/advisories/51339/
Release Date: 2012-11-19
Criticality level: Highly critical
Impact: Cross Site Scripting, System access
Where: From remote
Operating System: Sophos UTM 9.x
CVE Reference: https://web.nvd.nist...d=CVE-2012-5671 - 6.8
Solution: Update to version 9.004.
Original Advisory: http://www.astaro.co...up2date/UTM9004
Support for UTM100 licenses
Fix: issues with Endpoint Protection on HA/Cluster systems
Fix: WebAdmin login problems when using French as language
System will be rebooted
Configuration will be upgraded...

- http://securitytracker.com/id/1027788
Nov 20 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 9.004 ...
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the Sophos UTM web interface, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (9.004)...
> https://www.astaro.c...up2date/UTM9004

:!: :ph34r:

Edited by AplusWebMaster, 20 November 2012 - 09:21 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#128 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 11 December 2012 - 07:32 AM

FYI...

SYM12-019 - Symantec Endpoint - multiple issues
- https://secunia.com/advisories/51527/
Release Date: 2012-12-11
Criticality level: Moderately critical
Impact: System access
Where: From local network
... vulnerabilities are reported in the following versions:
* Symantec Endpoint Protection version 11.0
* Symantec Endpoint Protection version 12.0
* Symantec Endpoint Protection version 12.1
Solution: Update to a fixed version.
CVE Reference(s): CVE-2012-4348, CVE-2012-4349
Original Advisory: Symantec (SYM12-019):
http://www.symantec....uid=20121210_00
"... SEP 12.0 Small Business Edition... Updates are available through customers’ normal support/download locations..."

:ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#129 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 14 December 2012 - 11:33 AM

FYI...

SYM12-020 Symantec Enterprise Security ...
- http://www.securityt....com/id/1027874
CVE Reference: CVE-2012-4350
Dec 13 2012
Impact: Root access via local system, User access via local system
Version(s): 10.x and prior ...
Solution: The vendor has issued a fix (Security Update SU44, or 11.0).
The vendor's advisory is available at:
https://www.symantec...uid=20121213_00

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#130 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 28 December 2012 - 05:15 AM

FYI...

MS AV def. performance issues...
Update signature definitions to resolve performance issues in definitions starting with 1.141.2400.0
- https://blogs.techne...Redirected=true
27 Dec 2012 - "Some users of Microsoft antimalware products have reported a performance issue with signature definition versions starting with 1.141.2400.0 (12/21/2012 1920 UTC). The current definition files, since 1.141.2639.0 (12/27/2012 0625 UTC), resolve this issue. If you have a signature set in the affected range, please update to the current definition files*."
* http://www.microsoft...itions/adl.aspx

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#131 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 24 January 2013 - 12:53 PM

FYI...

MSE Update problems
- http://h-online.com/-1791005
24 Jan 2013 - "On Saturday, Microsoft Security Essentials (MSE), Microsoft's free anti-virus software package, stopped automatically updating its malware signatures on some systems. Users are also reporting that clicking on the "Update" button on the program window likewise fails to deliver the anticipated results. The problem appears to have been present on affected systems since 19 January. Microsoft has -not- officially commented on the issue. The problem can apparently be resolved by downloading the malware signatures from Microsoft's Malware Protection Center*. The signatures consists of a 70 MB program which must be run with administrator privileges. When downloading, users need to make sure they get the right executable – different packages are required for the 32- and 64-bit versions of MSE. In addition, users should also install updated network access control rules, available separately from Microsoft**."
* https://www.microsof...x?wa=wsignin1.0

** https://www.microsof...s/howtomse.aspx
 

:(  :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#132 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 07 February 2013 - 09:03 AM

FYI...

Kaspersky update hoses Internet access for XP users
- http://news.cnet.com...ndows-xp-users/
Feb 5, 2013 - "Windows XP users who run certain Kaspersky antivirus software may find themselves offline after downloading a new update... the update causes Windows XP computers to lose their connection to the Internet. IT administrators who use Kaspersky Endpoint Security at their organizations chimed into the Kaspersky forum yesterday and today complaining of connectivity problems. One person who manages around 12,000 computers with KES installed noted a slew of calls to the help desk from users knocked offline. Some IT admins said they were able to restore Internet access by shutting down the monitoring of certain ports or disabling the product's Web Anti-Virus component. But those were deemed temporary solutions at best. Kaspersky did eventually acknowledge the problem, announcing a fix* to the buggy update and offering a resolution..."
* "... Kaspersky Lab has fixed the issue that was causing the Web Anti-Virus component in some products to block Internet access. The error was caused by a database update that was released on Monday, February 4th, at 11:52 a.m., EST. At 5:31 p.m. the same day, the problem was fixed by a database update being uploaded to public servers..."

- http://forum.kaspers...dpost&p=1978848

- http://h-online.com/-1799641
7 Feb 2013

:(  :ph34r:


Edited by AplusWebMaster, 07 February 2013 - 10:40 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#133 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 14 March 2013 - 09:55 PM

FYI...

AVG false positive on XP System32\wintrust.dll
- http://h-online.com/-1823171
14 March 2013 - "On Thursday morning, the protection programs of AVG incorrectly identified the Windows system file wintrust.dll as a trojan of type "Generic32.FJU". Under certain circumstances, the virus hunting software has also labelled programs as malware if they attempted to access the supposed trojan DLL. The solution is a virus signature update. Only Windows XP systems were affected by the problem. Users who deleted the file from their system could not boot their computers any more. In this case, to help restore the system, boot it with the Rescue CD and take wintrust.dll from a still functioning system and copy that to C:\Windows\System32\. At least, according to AVG, the anti-virus software did not automatically delete or quarantine the wintrust.dll file, though other files will have to be moved back into place. The company says it fixed the problem by 12:45 on the same day with updates to virus database number 567 for AVG 9 and 2012 editions and virus database number 6174 for the current 2013 edition."
___

Kaspersky fixes IPv6 problem...
- http://h-online.com/-1822839
14 March 2013 - "Security researcher Marc Heuse discovered that the firewall in Kaspersky Internet Security 2013 has a problem with certain IPv6 packets. The researcher said that he publicly disclosed the details of the problem because Kaspersky didn't respond when he reported it. Shortly after his disclosure, Kaspersky did release a fix. A single packet is all that's required to completely cripple a Windows PC. When running tests with his IPv6 tool suite, Heuse discovered that KIS responds inappropriately to fragmented IPv6 packets that contain an overly long extension header. IPv6 support has been enabled by default since Windows Vista, therefore users would be vulnerable even without one of the still sparsely used IPv6 internet connections – for example on public Wi-Fi networks. Kaspersky has now confirmed the problem for Kaspersky Internet Security 2013, Kaspersky Pure 3.0 and Kaspersky Endpoint Security 10 for Windows. "A non-public patch [for Kaspersky Internet Security 2013] is already available from our support department on request, and an autopatch that will fix the problem automatically will be released in the near future"..."
 

:ph34r: :( :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#134 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 18 March 2013 - 01:43 PM

FYI...

ClamAV v0.97.7 released
- https://secunia.com/advisories/52647/
Release Date: 2013-03-18
Criticality level: Moderately critical
Impact: Unknown
Where: From remote
... vulnerabilities are reported in version 0.97.6. Prior versions may also be affected.
Solution: Update to version 0.97.7.
Original Advisory: ClamAV:
http://blog.clamav.n...n-released.html
March 15, 2013

McAfee Vulnerability Manager hotfix...
- https://secunia.com/advisories/52688/
Release Date: 2013-03-18
Impact: Cross Site Scripting
Where: From remote  
...  vulnerability is reported in versions 7.5.0 and 7.5.1.
Solution: Apply hotfix (please see the vendor's advisory for details*). The vendor is planning to release a MVM 7.5.2 patch at the end of March...
Original Advisory:
* https://kc.mcafee.co...tent&id=KB77772
March 15, 2013
 

:ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#135 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 03 April 2013 - 09:04 AM

FYI...

Sophos Web Appliance v3.7.8.2 released
- https://secunia.com/advisories/52814/
Release Date: 2013-04-03
Criticality level: Moderately critical
Impact: Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote
CVE Reference(s): CVE-2013-2641, CVE-2013-2642, CVE-2013-2643
... vulnerabilities are reported in versions prior to 3.7.8.2.
Solution: Update to version 3.7.8.2.
Original Advisory: Sophos:
http://www.sophos.co...ase/118969.aspx

- http://h-online.com/-1834672
3 April 2013
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 03 April 2013 - 02:02 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#136 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 18 April 2013 - 06:28 AM

FYI...

Malwarebytes def. file update wipes out thousands of computers
- http://www.theinquir...ds-of-computers
Apr 17 2013 - "... Malwarebytes has wiped out thousands of computers around the world with a faulty security update, mistaking legitimate system files as malware code. The security firm confessed to the mistake in a blog post on Tuesday, and assured firms that the update has since been pulled... The update definition made it so Malwarebytes protection software treated essential Windows .dll and .exe files as malware, stopping them from running and thus knocking IT systems and PCs offline..."
> http://blog.malwareb...e-update-issue/
April 16, 2013

> http://forums.malwar...howtopic=125138
 

:(  :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#137 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 22 April 2013 - 09:42 AM

FYI...

McAfee ePolicy Orchestrator - multiple vulns
- https://secunia.com/advisories/53159/
Release Date: 2013-04-22
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote
Software: McAfee ePolicy Orchestrator 4.x
CVE Reference(s):
- https://web.nvd.nist...d=CVE-2013-0169 - 2.6
- https://web.nvd.nist...d=CVE-2013-1484 - 10.0 (HIGH)
- https://web.nvd.nist...d=CVE-2013-1485 - 5.0
... weakness and vulnerabilities are reported in versions 4.6.5 and prior.
Solution: Update to version 4.6.6 or 5.0.
Original Advisory: SB10041:
https://kc.mcafee.co...tent&id=SB10041
Last Modified: April 24, 2013

- https://kc.mcafee.co...tent&id=SB10042
Last Modified: April 26, 2013 - "... The remediation plan is to patch the currently supported versions of ePO 4.5 and 4.6 beginning with patch 4.6.6 and 4.5.7..."

- https://web.nvd.nist...d=CVE-2013-0140 - 7.9 (HIGH)
- https://web.nvd.nist...d=CVE-2013-0141 - 4.3

- http://www.kb.cert.org/vuls/id/209131
Last revised: 29 Apr 2013

- http://h-online.com/-1854555
2 May 2013
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 02 May 2013 - 06:55 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#138 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 26 July 2013 - 03:40 PM

FYI...

Symantec Web Gateway Security Issues - SYM13-008
- https://www.symantec...uid=20130725_00
July 25, 2013
- http://www.securityt....com/id/1028836
CVE Reference: CVE-2013-1616, CVE-2013-1617, CVE-2013-4670, CVE-2013-4671, CVE-2013-4672, CVE-2013-4673
Jul 26 2013
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.1.0 and prior...
Solution: The vendor has issued a fix (5.1.1)...

McAfee ePolicy Orchestrator - updated
- https://kc.mcafee.co...tent&id=KB78824
July 19, 2013
McAfee Network Threat Behavior Analysis...
- http://www.securityt....com/id/1028826
Jul 24 2013
Impact: Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.1, 7.5
Solution: The vendor has issued a fix (7.1.3.21, 7.5.3.30).
The vendor's advisory is available at:
- https://kc.mcafee.co...tent&id=SB10045

Exploit Tool Targets Vulnerabilities in McAfee ePolicy Orchestrator (ePO)
- https://www.us-cert....lerts/TA13-193A
July 12, 2013
___

CA Service Desk Manager - flaw permits Cross-Site Scripting Attacks
- http://www.securityt....com/id/1028835
CVE Reference: CVE-2013-2630
July 26 2013
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Manager 12.5, 12.6, 12.7
Description: A vulnerability was reported in CA Service Desk Manager. A remote user can conduct cross-site scripting attacks...
Solution: The vendor has issued a fix...
The vendor's advisory is available at:
- http://support.ca.co...6-3D454437AD53}
Platform: Windows, Sun, AIX, Linux
Affected Products: CA Service Desk Manager 12.5, 12.6, 12.7

- https://krebsonsecur...m-heal-thyself/
July 26, 2013
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 02 August 2013 - 08:27 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#139 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 01 August 2013 - 04:37 AM

FYI...

McAfee Artemis/GTI File Reputation False Positive
- https://isc.sans.edu...l?storyid=16264
Last Updated: 2013-07-31 23:06:26 UTC - "... readers reporting false postive issues with McAffees GTI and Artemis products. According to a knowledgebase article on McAfee's site, it appears that the file reputation system is producing bad results due to a server issue [1]..."

[1] https://kc.mcafee.co...tent&id=KB78993
Artemis false positive detections from Global Threat Intelligence
Last Modified: August 01, 2013 - "... updated as additional information becomes available. Please check back for more information.
Problem: McAfee has determined that Artemis/GTI File Reputation is producing some false-positive detections due to a server issue.
IMPORTANT: This is not an issue with the current McAfee DAT files.
Cause: This issue was caused by specific Global Threat Intelligence servers.
Solution: McAfee is investigating this issue. This article will be updated as additional information becomes available...
IMPORTANT: If you have files that were incorrectly detected, do not restart your systems. This could cause the files to be unrecoverable.
See the following workarounds for instructions to recover from this issue..."

- https://isc.sans.edu... Positive/16264
"... A remediation tool is now available. Customers with quarantined files should access KB78993 ( https://kc.mcafee.co...tent&id=KB78993 ) to download the remediation tool and recover the quarantined files."
 

:( :ph34r: :ph34r:


Edited by AplusWebMaster, 01 August 2013 - 05:20 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#140 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 10 September 2013 - 07:15 AM

FYI...

Sophos Web Appliance - updates
- http://www.sophos.co...ase/119773.aspx
Updated: 9 Sep 2013 - "... resolved with the 3.7.9.1 and 3.8.1.1 releases of the Sophos Web Appliance software..."

- https://isc.sans.edu...l?storyid=16526
Last Updated: 2013-09-09 12:55:06 UTC

- http://www.coresecur...vulnerabilities
2013-09-06

- http://www.securityt....com/id/1028984
CVE Reference:
- https://web.nvd.nist...d=CVE-2013-4983
- https://web.nvd.nist...d=CVE-2013-4984
Sep 6 2013
Impact: Execution of arbitrary code via network, Root access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.7.9 and prior, 3.8.0 and 3.8.1 ...
Solution: The vendor has issued a fix (3.7.9.1, 3.8.1.1).

- http://www.theregist...appliance_vuln/
9 Sep 2013
 

:ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#141 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 25 October 2013 - 01:09 PM

FYI...

Kaspersky false positive ...
- https://isc.sans.edu...l?storyid=16904
Last Updated: 2013-10-25 17:41:34 UTC - "... Kaspersky AV has identified tcpip.sys as malware on his Windows 7 32bit hosts - the file is flagged as "HEUR:Trojan.Win32.Generic". Fortunately, Microsoft's Windows File Protection feature ( https://support.micr...t.com/kb/222193 ) prevented it from quarantining this critical file... Kaspersky has verified... that this is resolved in their latest update. If you're seeing this issue, get your AV to "phone home" for the fix!"
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 25 October 2013 - 01:14 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#142 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 20 June 2014 - 05:17 PM

FYI...

SYM14-011 - Symantec Encryption Desktop for OS X World-Writable Files Insecure File Handling
- http://www.symantec....uid=20140620_00
June 20, 2014 - "Overview: Symantec’s Encryption Desktop for OS X installs some temporary files with world-writable attributes during installation.  In a multi-user environment, a malicious user could manipulate these world-writable files to read and write files or create files with another user’s permissions..
Symantec Response: Symantec engineers verified these finding and have released an update in Symantec Encryption Desktop 10.3.2 maintenance pack 2 for OS X addressing the issue.
Update information: Customers may obtain Symantec Desktop Encryption maintenance updates through their normal Symantec support locations...
Best Practices: As part of normal best practices, Symantec strongly recommends:
- Restrict access to administration or management systems to privileged users.
- Disable remote access if not required or restrict it to trusted/authorized systems only.
- Where possible, limit exposure of application and web interfaces to trusted/internal networks only.
- Keep all operating systems and applications updated with the latest vendor patches.
- Follow a multi-layered approach to security. Run both firewall and anti-malware applications, at a minimum, to provide multiple points of detection and protection to both inbound and outbound threats.
- Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in detection of attacks or malicious activity related to exploitation of latent vulnerabilities..."
 

:ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#143 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 26 June 2014 - 07:24 AM

FYI...

Sophos AV Input Validation Flaw ...
- http://www.securityt....com/id/1030467
CVE Reference: https://cve.mitre.or...e=CVE-2014-2385
Jun 25 2014
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 9.5.1 ...
Solution: The vendor has issued a fix (9.6.1).
Vendor URL: http://www.sophos.co...base/11846.aspx
 

:ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#144 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 26 June 2014 - 07:51 AM

FYI...

SYM14-012 - Symantec Data Insight Management Console HTML Injection and Cross-Site Scripting
- http://www.symantec....uid=20140625_00
June 25, 2014 - "Overview: The management console for Symantec Data Insight does not sufficiently validate/sanitize arbitrary input in two separate fields within the management GUI. This could potentially allow unauthorized command execution or potential malicious redirection.
Overview: The management console for Symantec Data Insight does not sufficiently validate/sanitize arbitrary input in two separate fields within the management GUI. This could potentially allow unauthorized command execution or potential malicious redirection...
Symantec Response: Symantec product engineers verified these issues and have released updates to resolve them. Customers should update to Symantec Data Insight 4.5..."
CVEs: CVE-2014-3432, CVE-2014-3433

- http://www.securityt....com/id/1030472
Jun 26 2014
Version(s): 3.x, 4.x prior to 4.5
___

Threat Report: May 2014
- http://www.symantec....hreatreport.jsp
"Key Findings:
- A large data breach occurred in May, resulting in the potential exposure of over 145 million identities. Over -577- million identities have been exposed in the last 12 months.
- Ransomware continues to decline as the year progresses, down to 17 percent of the peak levels seen back in November 2013.
- Spam, phishing, and virus rates are up in May, after having each dropped in April."

> http://www.symantec....-lightbox-5.png
 

:ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#145 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 04 August 2014 - 07:09 PM

FYI...

SYM14-013 Symantec Endpoint 0-day vuln ...
- http://www.symantec....t&id=TECH223338
2014-07-29 | Updated: 2014-08-04 - "... Solution: Symantec product engineers have verified these issues and have released critical updates to resolve them. Currently Symantec is not aware of exploitation of or adverse impact on our customers due to this issue. The issue, as reported, affects the Application and Device Control component of Symantec Endpoint Protection. This vulnerability is not accessible remotely and only affects SEP clients actually running Application and Device Control. If the vulnerability is exploited by accessing the computer directly, it could result in a client crash, denial of service, or, if successful, escalate to admin privileges and gain control of the computer. This vulnerability affects all versions of Symantec Endpoint Protection clients 11.x and 12.x running Application and Device Control...
- Mitigation: Symantec Endpoint Protection 12.1 Release Update 4 Maintenance Patch 1b (RU4 MP1b) is available currently in English on Symantec FileConnect. See Obtaining the latest version of Symantec Endpoint Protection or Symantec Network Access Control for additional instruction on downloading this release. All supported languages will be released to FileConnect as soon as they are available. This Knowledge Base article will be updated as further information becomes available. Please subscribe to this document to receive update notifications automatically. This version updates the Symantec Endpoint Protection clients to 12.1.4112.4156 to address this issue. There are no updates to the Symantec Endpoint Protection Manager included with this release. This Symantec Endpoint Protection client update is a complete release and accepts migrations from any previous release of the Symantec Endpoint Protection 11.0 and 12.1 product line. Symantec Endpoint Protection 12.1 for Small Business is not affected, so there are no updates to the product for this issue...
(More detail at the symantec URL above.)

- http://www.symantec....uid=20140804_00
Aug 4, 2014

- http://www.kb.cert.org/vuls/id/252068
4 Aug 2014

- https://web.nvd.nist...d=CVE-2014-3434
___

- https://www.computer...oint_Protection
Aug 6, 2014 - "Symantec has released a patch for privilege escalation flaws in its Endpoint Protection product, and the company which found the issues released the exploit code on Tuesday..."
___

Certificate error occurs when attempting to install or upgrade Symantec Endpoint Protection
- http://www.symantec....t&id=TECH218029
Updated: 2014-08-06
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 08 August 2014 - 11:32 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#146 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 07 October 2014 - 10:25 AM

FYI...

McAfee Security Bulletin - Bash Shellshock Code Injection Exploit Updates
- https://kc.mcafee.co...tent&id=SB10085
Last Modified: 10/6/2014
CVE Number: CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
US CERT Number: CERT/CC VU#252743
Red Hat Advisory RHBA-2013:1096-1
Exploit Database EDB-ID: 34766
Severity Rating: High
Base/Overall CVSS Score: 10.0 / 9.0 (All CVEs listed above)
Recommendations: Deploy the remediation signatures/rules first. Update product patches/hotfixes as they become available.
McAfee Product Vulnerability Status: Investigation into all McAfee products is ongoing. This security bulletin will be updated at least -daily- as additional information and patches are made available.
Location of Updated Software: http://www.mcafee.co.../downloads.aspx
(More detail at the first mcafee URL at the top of this post.)

Remediation: https://kc.mcafee.co...085#remediation

- http://www.securityt....com/id/1030985
CVE Reference: CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
Oct 9 2014
___

Fortinet - GNU Bash Multiple vulns
- http://blog.fortinet.../shellshock-faq
V 1.4 Sep 29 2014 - "This document will be updated and maintained as new or updated information becomes available. Continue to check this page for updates... FortiGuard Labs is currently investigating and will provide updated IPS and AV signatures if appropriate... It is important to note that FortiOS is not affected by Shellshock. FortiOS does -not- use the Bash shell... Ensure you have appropriate IPS signatures deployed to monitor and mitigate any potential attacks on your infrastructure. Fortinet issued an update* to our customers with IPS signatures to detect and prevent Shellshock attacks. This signature is available for download via FDN..."
* Latest 2014-10-02: http://www.fortiguar...l?version=5.554

- http://www.fortiguar...y/FG-IR-14-030/
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 10 October 2014 - 10:00 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#147 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,275 posts

Posted 28 November 2014 - 07:01 AM

FYI...

ClamAV multiple vulnerabilities - updates available
- https://secunia.com/advisories/62542/
Release Date: 2014-11-27
Criticality: Highly Critical
Where: From remote
Impact: System access
Solution Status: Vendor Patch...

- http://www.securityt....com/id/1031267
CVE Reference: https://cve.mitre.or...e=CVE-2013-6497
Nov 27 2014
Impact: Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Version(s): prior to 0.98.5
Description: A vulnerability was reported in Clam AntiVirus. A remote or local user can cause denial of service conditions.
Impact: A user can cause the target service to crash...
Solution: The vendor has issued a fix (0.98.5)...

- http://www.securityt....com/id/1031268
CVE Reference: https://cve.mitre.or...e=CVE-2014-9050
Nov 27 2014
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.98.5
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause denial of service conditions...
The vendor's advisory is available at:
- http://blog.clamav.n...n-released.html
Nov 18 2014 - "... ClamAV 0.98.5 includes new features and bug fixes..."

> http://www.clamav.net/download.html

- http://www.clamav.net/about.html

- http://www.clamav.net/doc/install.html

- https://twitter.com/clamav
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 28 November 2014 - 11:52 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button