[CERT-daily] Tageszusammenfassung - Freitag 5-12-2014

Fri Dec 5 18:17:23 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 04-12-2014 18:00 − Freitag 05-12-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** MS14-DEC - Microsoft Security Bulletin Advance Notification for December 2014 - Version: 1.0 ***
---------------------------------------------
This is an advance notification of security bulletins that Microsoft is intending to release on December 9, 2014.
This bulletin advance notification will be replaced with the December bulletin summary on December 9, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS14-DEC


*** Missing Exchange Patch Expected Among December Patch Tuesday Bulletins ***
---------------------------------------------
Microsofts December 2014 advanced Patch Tuesday notification includes three critical bulletins and a missing Exchange patch originally scheduled for November.
---------------------------------------------
http://threatpost.com/missing-exchange-patch-expected-among-december-patch-tuesday-bulletins/109722


*** Details Emerge on Sony Wiper Malware Destover ***
---------------------------------------------
Kaspersky Lab has published an analysis of Destover, the wiper malware used in the attacks against Sony Pictures Entertainment, and its similarities to Shamoon and DarkSeoul.
---------------------------------------------
http://threatpost.com/details-emerge-on-sony-wiper-malware-destover/109727


*** Upcoming Security Updates for Adobe Reader and Acrobat (APSB14-28) ***
---------------------------------------------
December 4, 2014
---------------------------------------------
http://blogs.adobe.com/psirt/?p=1147


*** Upcoming Adobe Reader, Acrobat Update to Patch Sandbox Escape ***
---------------------------------------------
Adobe announced security updates for Reader and Acrobat that likely include patches for a sandbox escape vulnerability. Googles Project Zero released details and exploit code earlier this week.
---------------------------------------------
http://threatpost.com/upcoming-adobe-reader-acrobat-update-to-patch-sandbox-escape/109738


*** Weekly Metasploit Wrapup: On Unicorns and Wizards ***
---------------------------------------------
This week, we shipped a brand new exploit for the "unicorn" bug in Microsoft Internet Explorer, CVE-2014-6332, not-so-prosaically entitled, Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution. This is a big deal client-side vulnerability for the usual reason that Internet Explorer 11 accounts for about a quarter of browser traffic today; nearly always, remote code execution bugs in latest IE are usually particularly dangerous to leave unpatched in your environment. The buzz around this bug, though, is that it's been exploitable...
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/12/04/weekly-metasploit-wrapup


*** Schwachstelle: Yosemite schreibt Firefox-Eingaben mit ***
---------------------------------------------
Unter Mac OS X 10.10 werden sämtliche Eingaben im Browser Firefox protokolliert. Mozilla spricht von einer schweren Schwachstelle, die in der aktuellen Version des Browsers geschlossen ist. Die Protokolldateien sind allgemein zugänglich und sollten gelöscht werden.
---------------------------------------------
http://www.golem.de/news/schwachstelle-yosemite-schreibt-firefox-eingaben-mit-1412-110995-rss.html


*** Demo-Exploit für kritische Kerberos-Lücke in Windows Server ***
---------------------------------------------
Höchste Zeit zu patchen: Mit dem Python Kerberos Exploitation Kit können sich Angreifer sonst zum Enterprise-Admin machen.
---------------------------------------------
http://www.heise.de/security/meldung/Demo-Exploit-fuer-kritische-Kerberos-Luecke-in-Windows-Server-2481872.html


*** ZDI-14-403: (0Day) Microsoft Internet Explorer display:run-in Use-After-Free Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-403/


*** ZDI: (0Day) 3S Pocketnet Tech VMS PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 multiple Vulnerabilities ***
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-393
http://www.zerodayinitiative.com/advisories/ZDI-14-394
http://www.zerodayinitiative.com/advisories/ZDI-14-395
http://www.zerodayinitiative.com/advisories/ZDI-14-396
http://www.zerodayinitiative.com/advisories/ZDI-14-397


*** DSA-3090 iceweasel - security update ***
---------------------------------------------
Multiple security issues have been found in Iceweasel, Debians versionof the Mozilla Firefox web browser: Multiple memory safety errors, bufferoverflows, use-after-frees and other implementation errors may lead tothe execution of arbitrary code, the bypass of security restrictions ordenial of service.
---------------------------------------------
https://www.debian.org/security/2014/dsa-3090


*** Security Advisory: libxml2 vulnerability CVE-2014-3660 ***
---------------------------------------------
(SOL15872)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15872.html?ref=rss


*** Novell Patches and Security Updates ***
---------------------------------------------
https://download.novell.com/Download?buildid=gV_oiDtqRV0~
https://download.novell.com/Download?buildid=vPrLP1Ai9zY~
https://download.novell.com/Download?buildid=GuVaYIx6DDo~
https://download.novell.com/Download?buildid=lHQCbRDbSMI~
https://download.novell.com/Download?buildid=Tlic28DXD3o~
https://download.novell.com/Download?buildid=zhVqTr2nsdg~


*** MediaWiki Bugs Permit Cross-Site Request Forgery and API Code Injection Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1031301


*** Security Advisories for VMware vSphere ***
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://www.vmware.com/security/advisories/VMSA-2014-0008.html
http://www.vmware.com/security/advisories/VMSA-2014-0002.html


*** HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities ***
---------------------------------------------
Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04517477


*** HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information ***
---------------------------------------------
A potential security vulnerability has been identified with HP Insight Remote Support Clients running SSLv3 which may impact WBEM, WS-MAN and WMI connections from monitored devices to a HP Insight Remote Support Central Management Server (CMS).
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04510081


Next End-of-Shift report on 2014-12-09