Qualys Blog

494 posts

CSA Top Threat Report Coming

For the last couple of months we have participated in the Cloud Security Alliance’s project "Top Threats to Cloud Computing". A first version will be published at RSA 2010 at the Cloud Security Alliance Summit during RSA 2010.

Please help us with this effort by completing the Top Threats Survey. The survey takes about 5 minutes to complete and will help us understand whether we are on the right track with the areas covered.

The idea is to present summarized results of this survey at RSA. The project will continue to evolve after the conference as we incoporate your feedback.

Come see the results at the Cloud Security Alliance Summit !

Adobe Patching Out-Of-band – Updated

Updated: The Patch for Adobe Reader (9.3.1) is now available – one of the flaws CVE-2010-0188 was found by Microsoft’s Research Team.

Adobe announced a number of updates yesterday out of their normal 3-month cycle: APSB10-06 addresses a critical flaw in Adobe Flash and AIR. APSB10-07 is the announcement for an Adobe Reader and Acrobat update that will come out next Tuesday. It applicable to Windows, MAC OS X and Unix and critical as well.

Patch Tuesday Bottomline – February 2010

Microsoft’s February 2010 Patch Tuesday was slated to be the biggest release for Microsoft fixes in the last two years – 14 bulletins addressing 34 vulnerabilities. But the Google/CN Internet Explorer 0-day forced Microsoft to accelerate the testing of the planned IE bulletin and release it early, still in January. That leaves 13 bulletins covering 26 vulnerabilities for the February release, which constitutes one of the bigger patch Tuesdays.

There are 5 critical vulnerabilities for the Windows Operating System family – the newer versions Windows 7 and Windows 2008 R2 are only affected by 3 of them. Rewrites of the TCP/IP stack and the URI handling in Windows 7 and 2008/R2 improved on the implementation of these core OS capabilities.

Overall highest on our list for patching are MS10-006 SMB client and MS10-013 DirectShow, which affect all versions of Windows and have a low exploitability index. Next are MS10-007 Shell URL handling, which is critical for Windows 2000, XP and 2003 and MS10-008, an update to the ActiveX Killbit settings, applicable to all platforms.

MS10-012 is a bulletin for SMB that server administrators should focus on. It allows a malicious, unauthenticated party to launch a remote denial of service attack. In addition remote authenticated clients can execute code using another flaw addressed in the bulletin.

MS10-010 addresses an interesting vulnerability – it is in the hypervisor of Windows 2008. This virtualization vulnerability allows a guest operating system to crash the host operating system, affecting all virtual machines running on the same physical host. Virtualization is increasingly used in corporate IT environments and in cloud computing initiatives and we see this class of vulnerability gaining importance.

Microsoft Office has 2 bulletins, both rated as important. While the newest version of Office for Windows, Office 2007, is not affected, users of all other versions, including on MAC OS X should update as quickly as possible because file based vulnerabilities have been a favorite of attackers in the last year.