145 replies to this topic

[AplusWebMaster]

FYI...

DAT 6807/6808 causing issues...
- https://kc.mcafee.co...=...&id=KB76004
Last Modified: August 23, 2012
- https://kc.mcafee.co...=...&id=KB76048
Last Modified: August 24, 2012

McAfee DAT versions 6807 or 6808 ...
- http://www.theregist...net_cutoff_bug/
23rd August 2012 16:29 GMT

> http://service.mcafe...aq/TS101446.htm

> https://btbusiness.c...s_cat/2468,2470
"... some of our customers have lost access to the internet after recent updates by McAfee. If you right-click on your McAfee icon and then select About, you will be able to see the "DAT version". If this is 6807 or 6808, you are likely to be affected. This issue has only affected certain Operating Systems but can be fixed by re-installing your security software.
Affected Operating Systems:
Windows XP
Windows Vista
Windows 7 ...
>> http://www.mcaf.ee/s3b79
Document ID: TS101446

? reinstall... see TS100342.
> http://service.mcafe...aq/TS100342.htm

Edited by AplusWebMaster, 24 August 2012 - 09:14 AM.

[AplusWebMaster]

FYI...

Sophos - False positives ...
- http://www.sophos.co...ase/118311.aspx
Updated: 25 Sep 2012
"Issue: Numerous binaries are falsely detected as ssh/updater-B.
Cause: An identity released by SophosLabs for use with our Live Protection system is causing False Positives against many binaries that have updating functionality.
What To Do: Customer should ensure that endpoints are update to date with the latest IDE files. This issue is resolved with javab-jd.ide which was released at Wed, 19 Sep 2012 18:48:35 +0000... (more info at the URL above.)
If you need more information or guidance, then please contact technical support*."
* http://www.sophos.co...ct-support.aspx

- http://www.sophos.co...ase/118322.aspx
Updated: 25 Sep 2012

- http://www.sophos.co...ase/118323.aspx
Updated: 25 Sep 2012

- http://www.sophos.co...ase/118315.aspx
Updated: 25 Sep 2012
___

- http://h-online.com/-1713840
20 Sep 2012

Edited by AplusWebMaster, 25 September 2012 - 11:13 AM.

[AplusWebMaster]

FYI...

Symantec Enterprise Outside In Filters vulns - update available
- https://secunia.com/advisories/50824/
Release Date: 2012-10-01
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote...
Software: Symantec Enterprise Vault 10.x
CVE Reference(s): CVE-2012-1744, CVE-2012-1766, CVE-2012-1767, CVE-2012-1768, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, CVE-2012-3109, CVE-2012-3110
... more information: https://secunia.com/SA49936/
... vulnerabilities are reported in versions prior to 10.0.2.
Solution: Update to version 10.0.2.
Original Advisory: Symantec (SYM12-015):
http://www.symantec....uid=20120928_00
... Reference:
- http://www.kb.cert.org/vuls/id/118913
Last revised: 29 Sep 2012

[AplusWebMaster]

FYI...

Trend Micro Control Manager SQL injection vuln - updates available
- http://h-online.com/-1721385
01 Oct 2012 - "... Trend Micro's platform for centralised security management is vulnerable to SQL injection attacks. According to US-CERT*, versions 5.5 and 6.0 of the Trend Micro Control Manager are vulnerable. The company has provided patches** for both affected versions. The vulnerability in question concerns a blind SQL injection attack which means the web frontend does not divulge any information from the database. According to a report by security consulting firm Spentera which includes a proof-of-concept, the vulnerable system can be made to leak information like password hashes by analysing the timing of SQL queries."
* http://www.kb.cert.org/vuls/id/950795
Last revised: 27 Sep 2012

** http://esupport.tren...us/1061043.aspx
"... Critical patches for this vulnerability are now available..."

- http://www.securityt....com/id/1027584
CVE Reference: http://web.nvd.nist....d=CVE-2012-2998 - 7.5 (HIGH)
Sep 28 2012
Impact: Disclosure of system information, Disclosure of user information, User access via network...
... vendor's advisory is available at:
- http://esupport.tren...us/1061043.aspx

Edited by AplusWebMaster, 02 October 2012 - 09:10 AM.

[AplusWebMaster]

FYI....

Sophos - critical security vulnerabilities
- http://h-online.com/-1744777
6 Nov 2012 - "... critical security vulnerabilities in Sophos anti-virus software. This includes the publication of a proof of concept (PoC) for a root exploit for Sophos 8.0.6 for Mac OS X, which utilises a stack buffer overflow when searching through PDF files. The vulnerability is also likely to affect Linux and Windows versions. Ormandy has published a full analysis on the SecLists.org security mailing list newsletter. A module for the Metasploit penetration testing software is now also available... the anti-virus company is not aware of any of the vulnerabilities having been exploited in the wild..."
* http://www.sophos.co...ase/118424.aspx
Updated: 07 Nov 2012 - "... roll-out of fixes to Sophos customers will begin on November 28th 2012..."
___

- https://secunia.com/advisories/51156/
Release Date: 2012-11-07
Criticality level: Highly critical
Impact: Cross Site Scripting, Privilege escalation, System access
Where: From remote...
Original Advisory: Sophos:
http://www.sophos.co...ase/118424.aspx

[AplusWebMaster]

FYI...

Sophos v9.004 released
- https://secunia.com/advisories/51339/
Release Date: 2012-11-19
Criticality level: Highly critical
Impact: Cross Site Scripting, System access
Where: From remote
Operating System: Sophos UTM 9.x
CVE Reference: https://web.nvd.nist...d=CVE-2012-5671 - 6.8
Solution: Update to version 9.004.
Original Advisory: http://www.astaro.co...up2date/UTM9004
Support for UTM100 licenses
Fix: issues with Endpoint Protection on HA/Cluster systems
Fix: WebAdmin login problems when using French as language
System will be rebooted
Configuration will be upgraded...

- http://securitytracker.com/id/1027788
Nov 20 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 9.004 ...
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the Sophos UTM web interface, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (9.004)...
> https://www.astaro.c...up2date/UTM9004

[AplusWebMaster]

FYI...

SYM12-019 - Symantec Endpoint - multiple issues
- https://secunia.com/advisories/51527/
Release Date: 2012-12-11
Criticality level: Moderately critical
Impact: System access
Where: From local network
... vulnerabilities are reported in the following versions:
* Symantec Endpoint Protection version 11.0
* Symantec Endpoint Protection version 12.0
* Symantec Endpoint Protection version 12.1
Solution: Update to a fixed version.
CVE Reference(s): CVE-2012-4348, CVE-2012-4349
Original Advisory: Symantec (SYM12-019):
http://www.symantec....uid=20121210_00
"... SEP 12.0 Small Business Edition... Updates are available through customers’ normal support/download locations..."

[AplusWebMaster]

FYI...

SYM12-020 Symantec Enterprise Security ...
- http://www.securityt....com/id/1027874
CVE Reference: CVE-2012-4350
Dec 13 2012
Impact: Root access via local system, User access via local system
Version(s): 10.x and prior ...
Solution: The vendor has issued a fix (Security Update SU44, or 11.0).
The vendor's advisory is available at:
https://www.symantec...uid=20121213_00

[AplusWebMaster]

FYI...

MS AV def. performance issues...
Update signature definitions to resolve performance issues in definitions starting with 1.141.2400.0
- https://blogs.techne...Redirected=true
27 Dec 2012 - "Some users of Microsoft antimalware products have reported a performance issue with signature definition versions starting with 1.141.2400.0 (12/21/2012 1920 UTC). The current definition files, since 1.141.2639.0 (12/27/2012 0625 UTC), resolve this issue. If you have a signature set in the affected range, please update to the current definition files*."
* http://www.microsoft...itions/adl.aspx

[AplusWebMaster]

FYI...

MSE Update problems
- http://h-online.com/-1791005
24 Jan 2013 - "On Saturday, Microsoft Security Essentials (MSE), Microsoft's free anti-virus software package, stopped automatically updating its malware signatures on some systems. Users are also reporting that clicking on the "Update" button on the program window likewise fails to deliver the anticipated results. The problem appears to have been present on affected systems since 19 January. Microsoft has -not- officially commented on the issue. The problem can apparently be resolved by downloading the malware signatures from Microsoft's Malware Protection Center*. The signatures consists of a 70 MB program which must be run with administrator privileges. When downloading, users need to make sure they get the right executable – different packages are required for the 32- and 64-bit versions of MSE. In addition, users should also install updated network access control rules, available separately from Microsoft**."
* https://www.microsof...x?wa=wsignin1.0

** https://www.microsof...s/howtomse.aspx

[AplusWebMaster]

FYI...

Kaspersky update hoses Internet access for XP users
- http://news.cnet.com...ndows-xp-users/
Feb 5, 2013 - "Windows XP users who run certain Kaspersky antivirus software may find themselves offline after downloading a new update... the update causes Windows XP computers to lose their connection to the Internet. IT administrators who use Kaspersky Endpoint Security at their organizations chimed into the Kaspersky forum yesterday and today complaining of connectivity problems. One person who manages around 12,000 computers with KES installed noted a slew of calls to the help desk from users knocked offline. Some IT admins said they were able to restore Internet access by shutting down the monitoring of certain ports or disabling the product's Web Anti-Virus component. But those were deemed temporary solutions at best. Kaspersky did eventually acknowledge the problem, announcing a fix* to the buggy update and offering a resolution..."
* "... Kaspersky Lab has fixed the issue that was causing the Web Anti-Virus component in some products to block Internet access. The error was caused by a database update that was released on Monday, February 4th, at 11:52 a.m., EST. At 5:31 p.m. the same day, the problem was fixed by a database update being uploaded to public servers..."

- http://forum.kaspers...m...t&p=1978848

- http://h-online.com/-1799641
7 Feb 2013

Edited by AplusWebMaster, 07 February 2013 - 09:40 AM.

[AplusWebMaster]

FYI...

AVG false positive on XP System32\wintrust.dll
- http://h-online.com/-1823171
14 March 2013 - "On Thursday morning, the protection programs of AVG incorrectly identified the Windows system file wintrust.dll as a trojan of type "Generic32.FJU". Under certain circumstances, the virus hunting software has also labelled programs as malware if they attempted to access the supposed trojan DLL. The solution is a virus signature update. Only Windows XP systems were affected by the problem. Users who deleted the file from their system could not boot their computers any more. In this case, to help restore the system, boot it with the Rescue CD and take wintrust.dll from a still functioning system and copy that to C:\Windows\System32\. At least, according to AVG, the anti-virus software did not automatically delete or quarantine the wintrust.dll file, though other files will have to be moved back into place. The company says it fixed the problem by 12:45 on the same day with updates to virus database number 567 for AVG 9 and 2012 editions and virus database number 6174 for the current 2013 edition."
___

Kaspersky fixes IPv6 problem...
- http://h-online.com/-1822839
14 March 2013 - "Security researcher Marc Heuse discovered that the firewall in Kaspersky Internet Security 2013 has a problem with certain IPv6 packets. The researcher said that he publicly disclosed the details of the problem because Kaspersky didn't respond when he reported it. Shortly after his disclosure, Kaspersky did release a fix. A single packet is all that's required to completely cripple a Windows PC. When running tests with his IPv6 tool suite, Heuse discovered that KIS responds inappropriately to fragmented IPv6 packets that contain an overly long extension header. IPv6 support has been enabled by default since Windows Vista, therefore users would be vulnerable even without one of the still sparsely used IPv6 internet connections – for example on public Wi-Fi networks. Kaspersky has now confirmed the problem for Kaspersky Internet Security 2013, Kaspersky Pure 3.0 and Kaspersky Endpoint Security 10 for Windows. "A non-public patch [for Kaspersky Internet Security 2013] is already available from our support department on request, and an autopatch that will fix the problem automatically will be released in the near future"..."

[AplusWebMaster]

FYI...

ClamAV v0.97.7 released
- https://secunia.com/advisories/52647/
Release Date: 2013-03-18
Criticality level: Moderately critical
Impact: Unknown
Where: From remote
... vulnerabilities are reported in version 0.97.6. Prior versions may also be affected.
Solution: Update to version 0.97.7.
Original Advisory: ClamAV:
http://blog.clamav.n...n-released.html
March 15, 2013

McAfee Vulnerability Manager hotfix...
- https://secunia.com/advisories/52688/
Release Date: 2013-03-18
Impact: Cross Site Scripting
Where: From remote
... vulnerability is reported in versions 7.5.0 and 7.5.1.
Solution: Apply hotfix (please see the vendor's advisory for details*). The vendor is planning to release a MVM 7.5.2 patch at the end of March...
Original Advisory:
* https://kc.mcafee.co...=...&id=KB77772
March 15, 2013

[AplusWebMaster]

FYI...

Sophos Web Appliance v3.7.8.2 released
- https://secunia.com/advisories/52814/
Release Date: 2013-04-03
Criticality level: Moderately critical
Impact: Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote
CVE Reference(s): CVE-2013-2641, CVE-2013-2642, CVE-2013-2643
... vulnerabilities are reported in versions prior to 3.7.8.2.
Solution: Update to version 3.7.8.2.
Original Advisory: Sophos:
http://www.sophos.co...ase/118969.aspx

- http://h-online.com/-1834672
3 April 2013

Edited by AplusWebMaster, 03 April 2013 - 01:03 PM.

[AplusWebMaster]

FYI...

Malwarebytes def. file update wipes out thousands of computers
- http://www.theinquir...ds-of-computers
Apr 17 2013 - "... Malwarebytes has wiped out thousands of computers around the world with a faulty security update, mistaking legitimate system files as malware code. The security firm confessed to the mistake in a blog post on Tuesday, and assured firms that the update has since been pulled... The update definition made it so Malwarebytes protection software treated essential Windows .dll and .exe files as malware, stopping them from running and thus knocking IT systems and PCs offline..."
> http://blog.malwareb...e-update-issue/
April 16, 2013

> http://forums.malwar...howtopic=125138