Qualys Blog

www.qualys.com
wkandek

November MSFT and Adobe 0-days – Update2

Update2:
Adobe has reacted quickly and has assigned the printSeps vulnerability CVE-2010-4091 and will fix it in the planned release for Adobe Reader APSA10-015 on Nov 15.

Update1:
A second, distinct 0-day (printSeps) for Adobe Reader has been seen in use on the internet. Mila Parkour has samples and VUPEN has a working exploit. Adobe recommends using the Javascript blacklist, we recommend turning off Javascript in Adobe Reader altogether.

The IE 0-day has been seen in a second type of attack as well and has apparently been integrated into the Elenore crimepack, meaning that everybody that pays their Elenore maintenance fees now gets access to this fresh IE 0-day. Microsoft maintains that DEP is effective against the attacks, so update to IE8 (which has DEP enabled by default) or change the DEP settings to include IE7. Microosoft has provided a Fix-it link for user to apply this change for IE7 automatically. IE6 cannot be protected by DEP and users of this old browser should migrate as soon as possible to a newer version.

Original:
Microsoft published an advisory warning of an 0-day vulnerability in Internet Explorer affecting versions 6,7 and 8. Data Execution Prevention (DEP), a security feature first implemented in 2005 currently prevents the exploit from executing successfully. IE8 users have DEP enabled by default and are protected. According to Microsoft, only a single website was found to host the exploit, but others are soon expected.

Upgrading to IE8 with DEP is highly recommended.

Last week Adobe acknowledged a 0-day flaw in their standalone Flash product and in the embedded Flash player in Adobe Reader. Exploits found in the wild are currently limited to PDF files. Adobe’s mitigation instructions are to delete the embedded Flash player and detailed steps are given for Windows, Mac OS X and Linux. Adobe will publish a fix for Flash this week and has given mid-November as a date for the Reader fix.

We will keep you updated as further news comes out.

References:

Leave a Reply