This week at the USENIX Enigma 2016 Security conference the final talk was given by Rob Joyce, Chief of the NSA’s Tailored Access Operations (TAO). TAO is the offensive unit of the NSA that got much coverage following the public disclosure of internal NSA documents by Edward Snowden, with some of their arsenal of exploitation tools documented.
Oracle has published their Critical Patch Update (CPU) for January 2016. The Oracle CPU is quarterly and addresses the flaws in large Oracle’s product line, including their core product the relational database, but also in a large number of acquisitions like Solaris, MySQL, Java and many of the end-user products, such as JDEdwards ERP, Peoplesoft and CRM.
This week Microsoft released a patch for a critical Silverlight issue, MS16-006, and since I worked on Silverlight signatures in the past it caught my eye. It’s a Remote Code Execution vulnerability which allows attackers to run code of his or her choice on the victim machine. I had a hunch that something more was hiding. I started to analyze it as soon as I finished writing signatures for the existing patch. When I was working on the analysis Kaspersky Lab published a great blog post about the story of this vulnerability.
In this blog, I’m presenting analysis of a different function that was also fixed in the same patch.
Update: Kaspersky who is credited with finding MS16-006,the critical Silverlight vulnerability just published their story on how the bug was found. Very interesting, has to do with the Hacking Team breach and coding "standards" – take a look at their blog post for more info. They also made clear that this vulnerability is under attack in the wild and that we are looking at a true 0-day here. This changes our priorities – we now put MS16-006 at the top of our list. Take a look at your installations, see if you have Silverlight installed and address the flaw as soon as possible.
Original: The first Patch Tuesday of 2016 turns out to be low in numbers, but broad and packing quite a punch: six of the nine bulletins are rated critical, including the Windows Kernel and Office bulletins. In addition some rather important products are going End-of-Life and get their last patch update today. Microsoft is retiring support for all older browsers on each platform and will from here on only maintain the newest browser on each version of the OS.
Qualys is looking for customers excited to talk on security, best practices and case studies leveraging the use of Qualys technologies. Take the stage in the Qualys booth to share your experience with RSA Conference attendees two or three times total during exhibit hall hours on March 1, 2, or 3.
If you would like to be considered as a presenter, please send a title and short abstract for a 20-30 minute presentation to Victoria Venturi at firstname.lastname@example.org. The call for presenters is open until January 29, 2016.
RSA Conference 2016 is held at Moscone Convention Center in San Francisco. Qualys will provide accepted presenters with a full conference pass, and pay your airfare and hotel expenses for the conference.
This release of the Qualys Cloud Platform 2.11 includes new features for the Qualys AssetView Service – a service that lets your company search for information across your entire environment, scaling to millions of assets for organizations of all sizes. Qualys AssetView provides search capabilities for multiple data sources in your environment, including data from: Free Inventory with Qualys Cloud Agent, optional VM or PC features of Cloud Agent, and also agentless scan sources. This feature replaces the Asset Management module in your account once enabled, and can be activated by contacting your Technical Account Manager or Technical Support.
As a follow-up to our recent major release Qualys Web Application Scanning (WAS) 4.3 and our last release of WAS 4.4, we have added a few new features, tweaks and clarifications in WAS 4.5 to allow further optimizations of scans as well as deliver some optimizations to Progressive Scanning in particular. Customers can also now receive more comprehensive CSV reporting on their scans. This allows customers to continue to deliver targeted web application security metrics to all the stakeholders while ensuring a successful web application security program meets the protection of all organizational demands.
Qualys Web Application Firewall 2.0 (WAF) now supports multiple secure web applications (HTTPS) in the same cluster, through the Server Name Indication (SNI) extension of TLS protocol. Multiple TLS certificates could now be presented on the same WAF Cluster IP, making the configuration and the deployment of multiple secure websites easier and quicker.