Thursday

Another patch round: Oracle, Wordpress, Firefox, ActiveX Killbits Snaphot Viewer



Oracle
releases 45 Crictical Database & Server patches. From Zero Day:

Database server giant Oracle plans to ship patches for a total of 45 security vulnerabilities on Thursday (July 17), bringing the vulnerability count for 2008 to a whopping 112.

Since January 2006 (this CPU included), Oracle has shipped fixes for a total of 572 vulnerabilities.

According to a pre-release analysis, the vulnerabilities affect hundreds of products, including all supported Oracle Database, Oracle Application Server, and Oracle E-Business Suite versions.

This is the first Critical Patch Update that includes fixes for BEA WebLogic, Hyperion BI, and TimesTen Database.

and again, Zero Day (it's one of the best blogs, really) warns us of an upgrade to Wordpress 2.6 which has more default settings with security in mind and a lot of fixed bugs:

WordPress, one of the fastest growing blog software providers, has shipped a new update with fixes for nearly 200 bugs and a major security-related change to disable remote publishing protocols by default.

With WordPress 2.6, the open-source software promises to be more secure out-of-the-box with full SSL support in the core, and the ability to force SSL for security.

Even more importantly, WordPress has disabled the Atom Publishing Protocol and the variety of XML-RPC protocols by default to shut down a potential security risk.

Read the full article.

In the third place is Firefox which released 2.0.0.16 to fix the following two critical security vulnerabilities:
  • MFSA 2008-35 (CVE-2008-2933) Command-line URLs launch multiple tabs when Firefox not running
  • MFSA 2008-34 (CVE-2008-2785) Remote code execution by overflowing CSS reference counter
The automatic updater should do the trick or you can get it manually here.

The last one is actually not a patch but the lack of a patch. Microsoft released an advisory Microsoft Security Advisory (953635) to warn us last week. From the US CERT report:
Microsoft Snapshot Viewer is a viewer for snapshots created with Microsoft Access. Snapshot Viewer is available as an ActiveX control, which is provided by snapview.ocx, or as a stand-alone application. Snapshot Viewer is provided with Office 2000, Office XP, and Office 2003, and it may also be installed on a system that does not have Microsoft Office. By design, the Snapshot Viewer ActiveX control can download a specified file to a temporary location, giving it a temporary name. However, a race condition in the control can allow an attacker to download files to arbitrary locations with arbitrary file names. We have received reports of active exploitation of this vulnerability. Exploit code for this vulnerability is publicly available.
Till they release a patch, you can set a 'kill bit' to disable this ActiveX control.

Paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F0E42D50-368C-11D0-AD81-00A0C90DC8D9}]
“Compatibility Flags”=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F0E42D60-368C-11D0-AD81-00A0C90DC8D9}]
“Compatibility Flags”=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F2175210-368C-11D0-AD81-00A0C90DC8D9}]
“Compatibility Flags”=dword:00000400

So remember to keep up with your patches and upgrades (or other countermeasures)

Related posts:
(Picture under Creative Commons from MarMotChasers's Photostream)

No comments: