Falcon Worx » Security Alerts

Update: Adobe Flash Zero-Day Vulnerability

Alan — Thu, 30 Jul 2009 12:00:48 +0000

Last week we warned our customers of a serious exploit with Adobe Flash. You can read all of the details here. Today Adobe released an update for Flash that fixes this vulnerability. We highly recommend that you download the latest version of Flash today!

Download:

Adobe Flash Update

Adobe Flash Zero-Day Vulnerability

Alan — Fri, 24 Jul 2009 12:00:04 +0000

There’s a new zero-day vulnerability in the wild that exploits a security hole found in the very popular Adobe Flash 9 & 10 Player. With the introduction of Adobe Acrobat 9 and Adobe Acrobat 9 Reader came the ability to embed/view Flash animations in PDF documents. Technically, this vulnerability affects Adobe Acrobat on all platforms. However, attackers have only targeted PC users at this point.

Attackers are exploiting this newly discovered security hole by embedding malicious Flash content in PDF files and then sending these infected documents to victims. Once the victim opens the infected PDF file, a data stealing trojan is then loaded onto the victims PC. Adobe announced today that a patch to fix the security vulnerability will be released next week. So what do you protect yourself until then? We’ll tell you how!

Adobe has recommended that users disable flash in Acrobat until the fix is released. Security experts have also recommended that users completely disable Adobe Flash on their systems until the fix is released. Even though attackers have only used PDF files at this point, they’re concerned that this exploit may move to the web. Personally, I think that completely removing Adobe Flash from your system is a little overkill.

As always, don’t open PDF from people you don’t know. Even if the attachment is from a person you know, but something about it seems strange, trust your instincts. Contact the person who sent you the PDF file and ask them about it. The next thing you can do is disable Adobe Flash in Acrobat. You can do this by clicking Edit > Preferences > Multimedia Trust (Legacy) > Highlight Permissions for Adobe Flash > Change Permissions for Selected Multimedia Player > Never > Click OK.

Finally, I can’t stress how import this last step is. Make sure your antivirus software is fully updated! If your anti virus software is up-to-date, you’re going to be

Update: Microsoft Zero-Day ActiveX Vulnerability

Alan — Fri, 10 Jul 2009 12:00:10 +0000

Great News! We touched on the the high profile ActiveX vulnerability floating around in the wild in one of our previous posts and we have an update to share with everyone. Microsoft has officially stated that a patch WILL be released on Tuesday, July 14th! Make sure you have your automatic updates enabled, and more importantly allow the updates to install once they’re downloaded! To our managed services customers, the patches will be deployed across your networks as soon as the patches are available on Tuesday!

Microsoft Zero-Day ActiveX Vulnerability

Alan — Wed, 08 Jul 2009 15:07:07 +0000

There’s been a new type of attack in the wild that Microsoft’s Security Research & Defense blog describes as a “browse-and-get-owned attack vector”. This only effects Windows XP machines and Server 2003 machines, but Microsoft recommends that users patch Windows Vista and Server 2008 to be safe.

So how does this attack occur and why should you be concerned? For this attack to be successful, the user simply has to open an email or browse to a website that opens a Video ActiveX Control. A malicious payload of the attacker’s choice is then downloaded onto the user’s system. This could be anything from annoying adware to password stealing programs that could allow an attacker to steal your online banking or Paypal credentials.

Currently, there’s no official patch for this exploit but there is a workaround that was just released. The workaround disables this particular ActiveX control in Internet Explorer. This will not degrade the end users experience because there is no legitimate need for this particular ActiveX control in Internet Explorer to begin with. The next round of patches are due from Microsoft on July 14th, which may or may not include a patch for this very serious security risk.

In the mean time, Falcon Worx recommends that all of our customers and friends visit the Microsoft’s Security and Defense blog to download the work around for this exploit. Go to the bottom of the page and click the “Fix It” image. Download the .MSI file, and just click “Next”. Yes, it’s really that simple!

Once again, this is an example of how Falcon Worx uses a proactive approach rather than a reactive approach. Why wait UNTIL you have a problem? Take care of the problem BEFORE it can occur, protecting your company from downtime! If you need assistance implementing this workaround, contact us to setup an appointment!

DOWNLOAD:

Microsoft Security Research & Defense Blog