Vulnerabilities and exploits

The twitter infosec sphere last night and the blogosphere this morning is in a bit of a frenzy about the public leak of a DoS PoC targeting CVE-2012-0002, the RDP pre-auth remote. First off, patch now. Now. If you can’t, use the mitigation tool that Microsoft is offering – the tradeoff between requiring network authentication and the fairly high risk of RCE in the next couple of weeks is worth it. You can see the list of related links on the side of this page, one was included for MS12-020.

In early March, we received a report from an independent researcher on mass infections of computers on a corporate network after users had visited a number of well-known Russian online information resources

Patch Tuesday March 2012 fixes a set of vulnerabilities in Microsoft technologies.

The following statistics were compiled in February using data collected from computers running Kaspersky Lab products: 143,574,335 web-borne infections were prevented.

Today is the last day of CanSecWest – a security conference taking place in Vancouver, Canada.

Let’s just make a conservative guesstimate that there are more than 40 million infected victim hosts and malware serving “hosts” connected to the internet at any one time, including both traditional computing devices, network devices and smartphones.

This section of the report is based on data obtained and processed using the Kaspersky Security Network (KSN).

All statistical data used in this report were obtained using Kaspersky Lab’s botnet monitoring system and Kaspersky DDoS Prevention.

Microsoft is releasing 9 Security Bulletins this month (MS12-008 through MS12-016), patching a total 21 vulnerabilities.

Last week researchers found vulnerabilities in the Google Wallet payment system. The vulnerability was leveraged to display the current PIN number but required root access to the device. The very next day a new vulnerability was discovered in how application data is handled in the Wallet app requiring no root access. I expect these to be just the beginning of a scavenger hunt for Google Wallet vulnerabilities in the future.

Many of the apps we enjoy are free. Well, to call them free is a bit misleading. You pay for the apps by looking at advertisements. This is a platform we should all recognize from the sidebar of Facebook, or Google, or almost any service that doesn’t charge a premium to use it. Advertising has paved the way for many services to gather a huge audience audience and still profit.

The Adobe AIR and Adobe Flash Player Incubator program updated their Flash Platform runtime beta program to version 5, delivered as Flash Player version 11.2.300.130. It includes a “sandboxed” version of the 32-bit Flash Player they are calling “Protected Mode for Mozilla Firefox on Windows 7 and Windows Vista systems”. It has been over a year since Adobe discussed the Internet Explorer ActiveX Protected Mode version on their ASSET blog, and the version running on Google Chrome was sandboxed too.

Does the Bouncer will be effective in addressing the malware problems with Android apps? Is it still a good idea to use a mobile security program for protection even with Bouncer in place? Are there ways for hackers to sneak infected apps into the store despite Bouncer?

In this webcast, Kaspersky Lab senior security researcher Roel Schouwenberg talks about the Diginotar certificate authority breach and the implications for trust on the Internet. Schouwenberg also provides a key suggestion for all major Web browser vendors.

S. Korean handlers are slow to take down the publicly distributed malicious code exploiting CVE-2012-0003, a vulnerability patched in Microsoft’s January 2012 patch release MS12-004.