Beruflich Dokumente
Kultur Dokumente
March 9, 2011
About eEye
Zero-Day Tracker
Q&A
eEye Preview
• Advanced Vulnerability Information
• Full Zero-Day Analysis and Mitigation
• Custom Malware Analysis
• eEye Research Tool Access
• Includes Managed Perimeter Scanning
eEye AMP
• Any Means Possible Penetration Testing
• Gain true insight into network insecurities
• “Capture-The-Flag” Scenarios
eEye Custom Research
• Exploit Development
• Malware Analysis
Forensics Support
• Compliance Review
Severity: High
Players goin’ play…
DLL Hijacking & a file format vulnerability
Attacker must convince a user to open a WTV, DVR-MS, MPG file, gain same
rights as the local user
Typical file format vulnerability, event log entries will log crashes in SBE.dll
Mitigations
Disable the loading of DLLs from WebDAV and remote network shares
Disable WebClient service
Restrict access to Stream Buffer Engine (SBE.dll)
Ensure “Desktop Experience” is disabled on Servers
Severity: High
Beware… Beware the Groove!
DLL Hijacking
Occurs when loading files with .vcg or .gta extension
Configuration is key…
Mitigations
Disable the loading of DLLs from WebDAV and remote network shares
Disable WebClient service
Severity: High
RDC + RCE =<3
DLL Hijacking
Occurs when loading files with .rdp extension
Configuration, configuration, configuration…
Mitigations
Disable the loading of DLLs from WebDAV and remote network shares
Disable WebClient service
1 Vulnerability Fixed
Error Caused by Scanning a Malformed Registry Key - CVE-2011-0037
Details
Error in the Malware Protection Engine caused by a crafted registry key
Could allow an attacker to execute code in the context of SYSTEM
Engine is a part of many Microsoft services:
• Antigen for Exchange, SMTP Gateway – Not Affected
• Defender, Forefront Client, Security Essentials
Mitigating Factors
Turn-around time for a fix was very tight, attack surface dried up quickly
Attacker would need valid logon credentials, but since this was an privilege
escalation vulnerability, does not matter what account the attacker
compromised
www.eeye.com/zdt
You must post your comment on the eEye Blog by Friday 03/11 at
noon PST
Java
21 Total Vulnerabilities Fixed in JRE, JDK, and JDB
8 Scoring a 10.0 CVSS v2 Base Score
Vulnerabilities Affecting Deployment, Sound, Swing, HotSpot, Install, JAXP, 2D,
Java Language, JDBC, Launcher, Networking, XML Digital Signature, Security
sub-components.
All except 2 Vulnerabilities are Exploitable Without Authentication
Additional Information
JRE/JDK 1.5.x/1.4.x/1.3.x updates are available only through Vintage Support
or Java SE for Business contracts.
Other Vendors To Follow Suit with Updates
Thunderbird
4 Vulnerabilities Fixed in Thunderbird 3.1.8
Vulnerabilities could lead to Remote Arbitrary Code Execution, Arbitrary
JavaScript Code Execution with Chrome Privileges, or Application Crashes
iTunes
57 Total Vulnerabilities Fixed
Vulnerabilities caused by crafted Web Content, Images, and XML Files.
Vulnerabilities could lead to Arbitrary Code Execution, Denial of Service
Conditions, Information Disclosure, or Arbitrary Script/HTML Code Injection
Java
16 Total Vulnerabilities Fixed
Vulnerabilities could lead to Arbitrary Code Execution Outside Java Sandbox or
Cause Denial of Service Condition
Other Unspecified Vulnerabilities could affect Confidentiality, Integrity, and/or
Availability
Safari
62 Total Vulnerabilities Fixed
Vulnerabilities could lead to Arbitrary Code Execution, Information Disclosure,
Cross-Origin CSS Injection, Cache Poisoning, Cross-Site Scripting Attacks
CTO/CSO/CxO News
French Government Hacked
Canadian Government Hacked
South Korean Government DDoSed
IT Admin News
WHOIS Problem Reporting System Gains Privacy
IPv6 Spam-Filtering Nightmare (Death of the Blacklist)
Risk Metrics Are Cr@p
Researcher News
OSX Trojan
Mac fail: SSD Security
Android Malware Clean-up Exposes Reliance on Mobile
Carriers to Push Out Updates
http://blog.eeye.com
http://www.facebook.com/eEyeDigitalSecurity
http://www.twitter.com/eEye
http://www.YouTube.com/eEyeDigitalSecurity
• End-to-end vulnerability and compliance management • Assess, mitigate, and protect from one console
• Centralized management, reporting, and controls • Advanced trending and analytics
SECURITY RESEARCH
Visit eEye
http://www.eEye.com
About Us, Solutions, Awards, Resources, Downloads
Contact Us
1.866.339.3732 or research@eEye.com