Computer & Networking Hacks

Networking & Computer Hacks, Android phone apps & Games

Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Wednesday, 14 August 2019

August 14, 2019

Microsoft Internet Explorer and Edge CVE-2019-1104 Remote Memory Corruption Vulnerability


Microsoft Internet Explorer and Edge CVE-2019-1104 Remote Memory Corruption Vulnerability



Risk - High
Date Discovered : July 9, 2019

Description
Microsoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.

Technologies Affected
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9

Recommendations

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits

Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.

Implement multiple redundant layers of security.
Memory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.

Updates are available. Please see the references or vendor advisory for more information.

References

Credits

Zhong Zhaochen of tophant.com

0
By on No comments:
Tags ,

Tuesday, 25 June 2019

June 25, 2019

Dell SupportAssist | Security Update for PC Doctor Vulnerability

DSA-2019-084: Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Security Update for PC Doctor Vulnerability

Dell SupportAssist | Security Update for PC Doctor Vulnerability

DSA Identifier: DSA-2019-084

 CVE Identifier: CVE-2019-12280

 Severity: High

 Severity Rating: CVSS v3 Base Score: See NVD (http://nvd.nist.gov/) for individual scores for each CVE

 Affected Products:

 Dell SupportAssist for Business PCs version 2.0

 Dell SupportAssist for Home PCs version 3.2.1 and all prior versions

 Summary:

 Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs require an update to the latest versions to address a security vulnerability within the PC Doctor component.

 Details:

 The PC Doctor component in Dell SupportAssist for Business Systems and Dell SupportAssist for Home PCs has been updated for the following vulnerability:
PC Doctor CVE-2019-12280

 For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm. To search for a particular CVE, use the database’s search utility at http://web.nvd.nist.gov/view/vuln/search.

 Resolution:

 The following Dell SupportAssist for Business Systems and Dell SupportAssist for Home PCs release contains a resolution to this vulnerability:
Dell SupportAssist for Business PCs version 2.0.1
Dell SupportAssist for Home PCs version 3.2.2

 Dell recommends all customers update at the earliest opportunity.

 Method 1: Auto Update

 Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs automatically upgrade to the latest versions available, if automatic updates are enabled.

 Method 2: Manual Update

 To update manually, download and install the latest product version from:

 Dell SupportAssist for Business PCs
https://downloads.dell.com/serviceability/Catalog/SupportAssistx64.msi
https://downloads.dell.com/serviceability/Catalog/SupportAssistx86.msi

 Dell SupportAssist for Home PCs
https://downloads.dell.com/serviceability/catalog/SupportAssistInstaller.exe

 Please visit https://www.dell.com/support/home?app=drivers for updates on the applicable products.

 Customers may use one of the Dell notification solutions to be notified and download driver, BIOS and firmware updates automatically once available.
Credit:

 Dell would like to thank Peleg Hadar for reporting this vulnerability.
0
By on No comments:
Tags ,

Monday, 17 June 2019

Free Quick Heal Bot Removal Tool
June 17, 2019

Free Quick Heal Bot Removal Tool

Quick Heal Bot Removal Tool

vulnerability


In collaboration with "Cyber Swachhta Kendra" under the Indian Computer Emergency Response Team (CERT-In), Ministry of Electronics & IT, Quick Heal has developed a Bot Removal Tool that helps users remove botnet infection from their computer.

What is a botnet infection?

A group of computers controlled by cybercriminals to spread malware and launch other malicious attacks on their targets is called a botnet. A botnet infection is when your computer becomes a part of a botnet.

How can your computer be bot-infected?

Attackers can make your computer a part of their botnet by infecting it with something called a ‘bot code’. They can drop this code onto your computer by sending you emails containing malicious links or attachments, fake social media posts, or exploiting existing security vulnerabilities on your system.

What is the Quick Heal Bot Removal Tool?

This tool helps you detect and remove any botnet infection from your computer. This tool can be run with or without an antivirus program on your computer. Note that this tool only secures your computer against bots. It does not provide protection against other malware or prevent any data theft.

How to use the Bot Removal Tool?

It is important that you take a backup of all your important files before using this tool to prevent any unintentional or accidental loss of data.
  1. Download the executable file of the tool from here -
32 Bit: Download
64 Bit: Download

  1. Double-click the downloaded file. The license agreement screen appears. Read the license terms carefully.
  2. Select I Agree to proceed and then click Next. The welcome screen appears. Click Next.
  3. Select one of the following scan options:
    • Quick Scan: Scans areas that are most vulnerable to bot infection. If an infection is detected, you may need to run a Full Scan.
    • Full Scan: Scans the hard drives and folders of your computer. Note that this process may take some time to complete.
    • Customized Scan: Scans selected folders. If you select this option, you have to select specific folders that you want to scan.
  4. Click Next. On completion of the scan, a summary of the scan results appears. You can view the details of the scan by clicking Scan Results.
  5. Click Finish.
Benefits of the Quick Heal Bot Removal Tool:
  • No need to install it. Simply run the tool when you need it.
  • Detects and removes even the latest bot malware.
  • Run it along with your existing antivirus software.
  • It can be run on all Windows-based operating systems.
0
By on No comments:
Tags ,

Sunday, 16 June 2019

Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability (BlueKeep)
June 16, 2019

Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability (BlueKeep)

 

Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability (BlueKeep)

Alert Type:- Vulnerability

Severity:- High

 

Systems Affected

  • Windows XP (all)
  • Windows 2003 (all)
  • Windows 7 for 32-bit Systems SP 1 and x64-based Systems SP 1
  • Windows Server 2008 for 32-bit Systems SP 2 (Server Core installation also affected)
  • Windows Server 2008 for Itanium-Based Systems SP 2
  • Windows Server 2008 for x64-based Systems SP 2 (Server Core installation also affected)
  • Windows Server 2008 R2 for Itanium-Based Systems SP 1
  • Windows Server 2008 R2 for x64-based Systems SP 1 (Server Core installation also affected)


Overview

A vulnerability has been reported in Microsoft Windows Remote Desktop Services which could be exploited by a remote attacker to execute remote code on the targeted system.


Description

This vulnerability aka BlueKeep exists in the Microsoft Remote Desktop Services due to improper handling of connection requests. A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target systems Remote Desktop Service via RDP. This vulnerability is pre-authentication and does not require any user interaction. Hence, this vulnerability could create a worm, which could lead to propagation of any future malware exploiting this vulnerability from one computer to another (Similar to Wannacry ransomware). Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code and compromise the target system completely.


Solution

Apply appropriate fix as mentioned in Microsoft Security Advisory


Out of Support Windows OSes (Windows XP, Windows 2003): Apply appropriate patches to patch your OS (and strongly recommended to upgrade). Microsoft does not normally give patches for out-of-support OSes but made an exception because of the criticality of the vulnerability.


Vendor Information

Microsoft


References:

Microsoft


Cisco


Trend Micro


Krebson Security


BleepingComputer


CVE Name

1
By on 1 comment:
Tags ,

Saturday, 15 June 2019

June 15, 2019

Security Bulletin for Adobe Flash Player | APSB19-30


Security Bulletin for Adobe Flash Player | APSB19-30

Bulletin ID Date Published Priority
APSB19-30 June 11, 2019  2

 

Summary

Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical vulnerability in Adobe Flash Player. Successful exploitation could lead to arbitrary code execution in the context of the current user. 

Affected Product Versions

Product Version Platform
Adobe Flash Player Desktop Runtime 32.0.0.192 and earlier  Windows, macOS and Linux
Adobe Flash Player for Google Chrome 32.0.0.192 and earlier Windows, macOS, Linux and Chrome OS 
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 32.0.0.192  and earlier Windows 10 and 8.1
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right- click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest version:
Product Version Platform Priority Availability
Adobe Flash Player Desktop Runtime 32.0.0.207 Windows, macOS 2 Flash Player Download Center
Flash Player Distribution
Adobe Flash Player for Google Chrome 32.0.0.207 Windows, macOS, Linux, and Chrome OS  2 Google Chrome Releases
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 32.0.0.207 Windows 10 and 8.1 2 Microsoft Security Advisory
Adobe Flash Player Desktop Runtime 32.0.0.207 Linux 3 Flash Player Download Center
Note:
  • Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, macOS and Linux update to Adobe Flash Player 32.0.0.207 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
  • Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 32.0.0.207  for Windows, macOS, Linux and Chrome OS.
  • Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 32.0.0.207.
  • Please visit the Flash Player Help page for assistance in installing Flash Player.
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.

Vulnerability details

Vulnerability Category Vulnerability Impact Severity CVE Number
Use After Free Arbitrary Code Execution Critical CVE-2019-7845

0
By on No comments:
Tags ,