[CERT-daily] Tageszusammenfassung - Dienstag 18-04-2017

Tue Apr 18 18:54:27 CEST 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 14-04-2017 18:00 − Dienstag 18-04-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Protecting customers and evaluating risk ***
---------------------------------------------
Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already patched. Below is our update on the investigation. When a potential vulnerability is reported to...
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/


*** Ab sofort keine Updates mehr für Windows 7 und 8.1-Nutzer mit neuer Hardware ***
---------------------------------------------
Es bleibt den Usern somit nur mehr das Upgrade auf Windows 10
---------------------------------------------
http://derstandard.at/2000056017223


*** Mysterious Microsoft patch killed 0-days released by NSA-leaking Shadow Brokers ***
---------------------------------------------
Microsoft fixed critical vulnerabilities in uncredited update released in March.
---------------------------------------------
https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/


*** Warnung - Betrugsversuche ***
---------------------------------------------
Wir weisen darauf hin, dass E-Mails im Umlauf sind, die von gefälschten OeNB-Absende-Adressen aus verschickt werden. [...] Die versendeten E-Mails beinhalten Schadsoftware [...]
---------------------------------------------
https://www.oenb.at/Ueber-Uns/Rechtliche-Grundlagen/warnung-betrugsversuche.html


*** Email Tracking Pixels Used for Pre-Hack Info Gathering ***
---------------------------------------------
A simple email marketing trick is also abused by cyber-criminals, who are employing a technique known as "pixel tracking" to gather information on possible targets or to improve the efficiency of phishing attacks. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/email-tracking-pixels-used-for-pre-hack-info-gathering/


*** FIRST releases twenty years of conference materials ***
---------------------------------------------
The leading association of incident response and security teams publishes its repository of twenty years of incident response learnings.
---------------------------------------------
https://www.first.org/newsroom/releases/20170418


*** Edge Plagued by Various Security Flaws, Not as Secure as Microsoft Boasts ***
---------------------------------------------
Microsoft never shied away from claiming that Edge is a much more secure browser than Chrome. Even some third-party tests have sustained its claims. Nonetheless, there are currently three different issues affecting Edge, which Microsoft might not like you knowing about. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/edge-plagued-by-various-security-flaws-not-as-secure-as-microsoft-boasts/


*** Wartungsarbeiten Donnerstag, 20. 4. 2017 ***
---------------------------------------------
Am Donnerstag, 20. April 2017, ab etwa 19h, werden wir Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies wird zu kurzen Ausfällen der extern erreichbaren Services (zB Mail, Webserver, Mailinglisten) führen,...
---------------------------------------------
http://www.cert.at/services/blog/20170418151642-1969.html


*** VU#676632: IBM Lotus Domino server IMAP EXAMINE command stack buffer overflow ***
---------------------------------------------
Vulnerability Note VU#676632 IBM Lotus Domino server IMAP EXAMINE command stack buffer overflow Original Release date: 17 Apr 2017 | Last revised: 17 Apr 2017   Overview IBM Lotus Domino server, versions IMAP service contains a stack-based buffer overflow vulnerability in the EXAMINE command. This can allow a remote, authenticated attacker to execute arbitrary code with the privileges of the Domino server  Description IBM Lotus Domino includes an IMAP server. This server contains a stack buffer...
---------------------------------------------
http://www.kb.cert.org/vuls/id/676632


*** NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control ***
---------------------------------------------
ProSAFE Plus Configuration Utility is vulnerable to improper access control.
---------------------------------------------
http://jvn.jp/en/jp/JVN08740778/


*** Security Notice - Statement on Command Injection Vulnerability in Huawei HG532n Product ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170418-01-hg532n-en


*** 2107-04 Security Bulletin: Multiple Vulnerabilities in NorthStar Controller Application before version 2.1.0 Service Pack 1. ***
---------------------------------------------
Multiple vulnerabilities have been resolved in the NorthStar Controller Application starting from version 2.1.0 Service Pack 1 and all subsequent releases.
---------------------------------------------
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10783&cat=SIRT_1&actp=LIST


*** cURL and libcurl vulnerabilities in F5 products ***
---------------------------------------------
https://support.f5.com/csp/article/K84940705
https://support.f5.com/csp/article/K85235351
https://support.f5.com/csp/article/K17742627


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Tealeaf Customer Experience (CVE-2016-5597) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22000439
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-8610 and CVE-2017-3731 ) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021869
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Systems Director Platform Agent (CVE-2017-3731, CVE-2017-3732) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1025103
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA (CVE-2016-5597, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22000386
---------------------------------------------
*** IBM Security Bulletin: IBM Connections Docs is Vulnerable to a Denial of Service (CVE-2016-4483) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22001680
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900 ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1010105
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem model V840 ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1010106
---------------------------------------------
*** IBM Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On ***
http://www-01.ibm.com/support/docview.wss?uid=swg22000445
---------------------------------------------
*** IBM Security Bulletin: Multiple ZLIB vulnerabilities affect IBM Mobile Connect ***
http://www.ibm.com/support/docview.wss?uid=swg22000094
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the Firefox component of the Synthetic Playback agent affects IBM Performance Management products. ***
http://www-01.ibm.com/support/docview.wss?uid=swg22000816
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Monitoring Basic Services component. (CVE-2016-2183) ***
http://www.ibm.com/support/docview.wss?uid=swg22001712
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem models 840 and 900 ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010012
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Campaign, IBM Contact Optimization ***
http://www.ibm.com/support/docview.wss?uid=swg21992598
---------------------------------------------