Over at SANS, they've suggested that the Adobe patch *is* related ...the 13.0.0.206 update is explicitly about this vulnerability. See: > > http://helpx.adobe.com/security/products/flash-player/apsb14-13.html > > "Adobe is aware of reports that an exploit for CVE-2014-0515 exists in the > wild, and is being used to target Flash Player users on the Windows > platform." >
*ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> *Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market...* On Mon, Apr 28, 2014 at 5:38 PM, Susan Bradley <[email protected]> wrote: > I can't believe I'm finally finding a need to refer to CVE numbers. > > > > On 4/28/2014 2:31 PM, Rod Trent wrote: > >> I blame Adobe. >> >> -----Original Message----- >> From: [email protected] [mailto:listsadmin@lists. >> myitforum.com] On Behalf Of Susan Bradley >> Sent: Monday, April 28, 2014 5:15 PM >> To: [email protected] >> Subject: Re: [NTSysADM] IE exploit >> >> Hang on, it's not the same exploit. You are confusing two Flash vectors. >> >> The zero day via Fireeye is CVE-2014-1776 http://www.fireeye.com/blog/ >> uncategorized/2014/04/new-zero-day-exploit-targeting- >> internet-explorer-versions-9-through-11-identified-in- >> targeted-attacks.html >> >> The Flash patch below is a totally different Flash patch and it's from >> Adobe. >> http://helpx.adobe.com/security/products/flash-player/apsb14-09.html >> It's just via Microsoft becasuse they stuck Flash in their browser and >> thus they update it. *CVE number:* CVE-2014-0506, CVE-2014-0507, >> CVE-2014-0508, CVE-2014-0509 >> >> Two totally different issues. >> >> Microsoft will patch all supported browsers for the weekend zero day when >> it's ready. >> >> The flash patch is just a Flash update. >> >> On 4/28/2014 2:00 PM, Rod Trent wrote: >> >>> BTW: Microsoft has a patch ready for IE10 and IE11 only - for Windows >>> 8.x and Windows Server 2012... >>> >>> http://windowsitpro.com/msrc/flash-fix-ie-10-and-ie-11-only >>> >>> *From:*[email protected] >>> [mailto:[email protected]] *On Behalf Of *David Lum >>> *Sent:* Monday, April 28, 2014 4:56 PM >>> *To:* [email protected] >>> *Subject:* RE: [NTSysADM] IE exploit >>> >>> Saw this on a forum today: "We have one agency warning us of an >>> exploit, and the other agency trying to use the exploit :)" >>> >>> FTW! >>> >>> -Dave Lum >>> >>> *From:*[email protected] >>> <mailto:[email protected]> >>> [mailto:[email protected]] *On Behalf Of *Rod Trent >>> *Sent:* Monday, April 28, 2014 12:04 PM >>> *To:* [email protected] >>> <mailto:[email protected]> >>> *Subject:* RE: [NTSysADM] IE exploit >>> >>> It's not. Adobe has been working on today's patch since early April, >>> working with Kaspersky. The one announced over the weekend as >>> identified by FireEye and Microsoft is working on a patch. >>> >>> *From:*[email protected] >>> <mailto:[email protected]> >>> [mailto:[email protected]] *On Behalf Of *David Lum >>> *Sent:* Monday, April 28, 2014 3:00 PM >>> *To:* [email protected] >>> <mailto:[email protected]> >>> *Subject:* RE: [NTSysADM] IE exploit >>> >>> Adobe's patch addresses CVE-2014-0515 >>> >>> Microsoft's address CVE-2014-1776 >>> >>> It's possible they are linked, since this article does make them seem >>> like the same attack vector, but I do not speek enough >>> programmer-speak to know for sure: >>> >>> http://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014 >>> _0515_used_in_watering_hole_attacks >>> >>> -Dave Lum >>> >>> *From:*[email protected] >>> <mailto:[email protected]> >>> [mailto:[email protected]] *On Behalf Of *David McSpadden >>> *Sent:* Monday, April 28, 2014 10:37 AM >>> *To:* '[email protected]' >>> *Subject:* RE: [NTSysADM] IE exploit >>> >>> I thought that is what I read in the MS articles? >>> >>> VML and Flash were the vector for the exploit? >>> >>> *From:*[email protected] >>> <mailto:[email protected]> >>> [mailto:[email protected]] *On Behalf Of *Rod Trent >>> *Sent:* Monday, April 28, 2014 1:34 PM >>> *To:* [email protected] >>> <mailto:[email protected]> >>> *Subject:* RE: [NTSysADM] IE exploit >>> >>> Yes, but that has nothing to do with the exploit reported over the >>> weekend. >>> >>> *From:*[email protected] >>> <mailto:[email protected]> >>> [mailto:[email protected]] *On Behalf Of *Kennedy, Jim >>> *Sent:* Monday, April 28, 2014 1:13 PM >>> >>> *To:* [email protected] >>> <mailto:[email protected]> >>> *Subject:* RE: [NTSysADM] IE exploit >>> >>> >>> Flash just released an update. >>> >>> http://helpx.adobe.com/security/products/flash-player/apsb14-13.html >>> >>> *From:*[email protected] >>> <mailto:[email protected]> >>> [mailto:[email protected]] *On Behalf Of *Rod Trent >>> *Sent:* Monday, April 28, 2014 1:11 PM >>> >>> *To:* [email protected] >>> <mailto:[email protected]> >>> *Subject:* RE: [NTSysADM] IE exploit >>> >>> >>> It's all versions of Internet Explorer. However, supported versions >>> will be patched. >>> >>> There are ways to mitigate: >>> >>> http://windowsitpro.com/windows/all-hands-deck-zero-day-reported-wild- >>> affects-ie6-11 >>> >>> >>> *From:*[email protected] >>> <mailto:[email protected]> >>> [mailto:[email protected]] *On Behalf Of *David McSpadden >>> *Sent:* Monday, April 28, 2014 1:05 PM >>> >>> *To:* [email protected] >>> <mailto:[email protected]> >>> *Subject:* RE: [NTSysADM] IE exploit >>> >>> >>> Is it just XP or am I wrong that the 7's, 8's, and Server OS's also an >>> issue the way I am reading it. >>> >>> Especially if they have Adobe Flash (Not sure of version) and the >>> website being visited using VML. >>> >>> ?? >>> >>> *From:*[email protected] >>> <mailto:[email protected]> >>> [mailto:[email protected]] *On Behalf Of *Rod Trent >>> *Sent:* Monday, April 28, 2014 12:59 PM >>> >>> *To:* [email protected] >>> <mailto:[email protected]> >>> *Subject:* RE: [NTSysADM] IE exploit >>> >>> >>> The is the first in a coming list of exploits that Windows XP will be >>> vulnerable to forever. >>> >>> *From:*[email protected] >>> <mailto:[email protected]> >>> [mailto:[email protected]] *On Behalf Of *Jonathan Link >>> *Sent:* Monday, April 28, 2014 12:51 PM >>> >>> *To:* [email protected] >>> <mailto:[email protected]> >>> *Subject:* Re: [NTSysADM] IE exploit >>> >>> >>> It's really bad if you're still running XP in your environment... >>> >>> On Mon, Apr 28, 2014 at 12:38 PM, David McSpadden <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Any reason for concern? >>> >>> This e-mail and any files transmitted with it are property of >>> Indiana Members Credit Union, are confidential, and are intended >>> solely for the use of the individual or entity to whom this e-mail >>> is addressed. If you are not one of the named recipient(s) or >>> otherwise have reason to believe that you have received this >>> message in error, please notify the sender and delete this message >>> immediately from your computer. Any other use, retention, >>> dissemination, forwarding, printing, or copying of this email is >>> strictly prohibited. >>> >>> Please consider the environment before printing this email. >>> >>> This e-mail and any files transmitted with it are property of Indiana >>> Members Credit Union, are confidential, and are intended solely for >>> the use of the individual or entity to whom this e-mail is addressed. >>> If you are not one of the named recipient(s) or otherwise have reason >>> to believe that you have received this message in error, please notify >>> the sender and delete this message immediately from your computer. Any >>> other use, retention, dissemination, forwarding, printing, or copying >>> of this email is strictly prohibited. >>> >>> Please consider the environment before printing this email. >>> >>> This e-mail and any files transmitted with it are property of Indiana >>> Members Credit Union, are confidential, and are intended solely for >>> the use of the individual or entity to whom this e-mail is addressed. >>> If you are not one of the named recipient(s) or otherwise have reason >>> to believe that you have received this message in error, please notify >>> the sender and delete this message immediately from your computer. Any >>> other use, retention, dissemination, forwarding, printing, or copying >>> of this email is strictly prohibited. >>> >>> Please consider the environment before printing this email. >>> >>> -- >> Got your CryptoLocker prevention in place? >> http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit-updates/ >> Our last day of XP patching. Wave it goodbye. >> >> >> >> >> >> >> >> >> >> > -- > Got your CryptoLocker prevention in place? > http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit-updates/ > Our last day of XP patching. Wave it goodbye. > > > >
