The last few weeks have been quite busy for researchers and IT administrators with a bevy of issues to follow and understand. While we probably cannot do all of them justice in this post, we will attempt to summarize each here for you.

We might as well start with the topic that will get the most attention today, it’s Microsoft Patch Tuesday; as most of you know this happens once a month. Microsoft released nine bulletins that address a total of eleven vulnerabilities that are assigned CVE (http://cve.mitre.org) numbers. Probably the most notable vulnerability is addressed in MS10-061; a Print Spooler Service (CVE-2010-2729) vulnerability is out in the wild being leveraged by the Stuxnet worm which is reportedly using multiple zero day vulnerabilities. There is a great blog post by the folks over at Microsoft Security & Defense outlining the risk of each of the updates. Give it a read and plan your system patching activities accordingly http://blogs.technet.com/b/srd/archive/2010/09/14/assessing-the-risk-of-the-september-security-updates.aspx.

While we are on the topic of vulnerabilities that were patched today we understand how easy it is for other issues to get buried underneath the Microsoft patch event. One such issue that many should be paying attention to is fixed in the release of Samba 3.5.5 which fixes a buffer overrun vulnerability (CVE-2010-3069). Remember Samba is not just on your favorite Linux distribution, but this will also affect Apple Macintosh OS X systems, certain network attached storage systems, and other embedded devices. While at this time we have no reports of this issue being used in the wild, it is probably only a matter of time, as even with the public release of Samba many of the alternate devices may remain vulnerable for quite some time.

Another, at this time unfixed issue which deserves our attention is being referred to as “Padding Oracle Attack.” While I know some of you will automatically think of older papers on this topic from 2002 (http://www.iacr.org/archive/eurocrypt2002/23320530/cbc02_e02d.pdf) and then a presentation earlier this year at Blackhat Europe demonstrating a tool known as POET (http://netifera.com/research/poet/PaddingOracleBHEU10.pdf), coming up this week the brain behind POET is presenting additional research into this flaw that shows how ASP.NET web applications are vulnerable - http://ekoparty.org/juliano-rizzo-2010.php. The impact of this flaw can range from basic information disclosure to full system compromise, so we can expect this one to make a lot of noise and have an impact for quite some time to come.

As more details and analysis on all of the above issues are available we will update this post. In closing, we want to congratulate David Kane-Parry who will be presenting at this year’s Toorcon (http://www.toorcon.org) in San Diego; he will speak about Location Based Threats and Mitigations. We will have Dave post a detailed abstract of his talk here on our blog.

Cheers,
Leviathan Security Group