I've gone back to my normal confused state.
As I posted later on the Patchmanagement.org list
(and this is where I showcase that CVE's and my brain only goes so far
and it takes a village to understand this stuff)
From a smarter person that I:
"the Flash update closes the ASLR hole that is needed by the VGX exploit
to achieve a reliable ROP chain"
So while kinda not related, they kinda are.
On 4/29/2014 9:34 AM, Andrew S. Baker wrote:
Over at SANS, they've suggested that the Adobe patch *is* related
...the 13.0.0.206 update is explicitly about this vulnerability. See:
http://helpx.adobe.com/security/products/flash-player/apsb14-13.html
"Adobe is aware of reports that an exploit for CVE-2014-0515
exists in the wild, and is being used to target Flash Player users
on the Windows platform."
*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*_
_**Providing Virtual CIO Services (IT Operations & Information
Security) for the SMB market…***
On Mon, Apr 28, 2014 at 5:38 PM, Susan Bradley <[email protected]
<mailto:[email protected]>> wrote:
I can't believe I'm finally finding a need to refer to CVE numbers.
On 4/28/2014 2:31 PM, Rod Trent wrote:
I blame Adobe.
-----Original Message-----
From: [email protected]
<mailto:[email protected]>
[mailto:[email protected]
<mailto:[email protected]>] On Behalf Of Susan
Bradley
Sent: Monday, April 28, 2014 5:15 PM
To: [email protected]
<mailto:[email protected]>
Subject: Re: [NTSysADM] IE exploit
Hang on, it's not the same exploit. You are confusing two
Flash vectors.
The zero day via Fireeye is CVE-2014-1776
http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html
The Flash patch below is a totally different Flash patch and
it's from Adobe.
http://helpx.adobe.com/security/products/flash-player/apsb14-09.html
It's just via Microsoft becasuse they stuck Flash in their
browser and thus they update it. *CVE number:* CVE-2014-0506,
CVE-2014-0507, CVE-2014-0508, CVE-2014-0509
Two totally different issues.
Microsoft will patch all supported browsers for the weekend
zero day when it's ready.
The flash patch is just a Flash update.
On 4/28/2014 2:00 PM, Rod Trent wrote:
BTW: Microsoft has a patch ready for IE10 and IE11 only –
for Windows
8.x and Windows Server 2012…
http://windowsitpro.com/msrc/flash-fix-ie-10-and-ie-11-only
*From:*[email protected]
<mailto:[email protected]>
[mailto:[email protected]
<mailto:[email protected]>] *On Behalf Of
*David Lum
*Sent:* Monday, April 28, 2014 4:56 PM
*To:* [email protected]
<mailto:[email protected]>
*Subject:* RE: [NTSysADM] IE exploit
Saw this on a forum today: ”We have one agency warning us
of an
exploit, and the other agency trying to use the exploit :)”
FTW!
-Dave Lum
*From:*[email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>
[mailto:[email protected]
<mailto:[email protected]>] *On Behalf Of
*Rod Trent
*Sent:* Monday, April 28, 2014 12:04 PM
*To:* [email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>
*Subject:* RE: [NTSysADM] IE exploit
It’s not. Adobe has been working on today’s patch since
early April,
working with Kaspersky. The one announced over the weekend as
identified by FireEye and Microsoft is working on a patch.
*From:*[email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>
[mailto:[email protected]
<mailto:[email protected]>] *On Behalf Of
*David Lum
*Sent:* Monday, April 28, 2014 3:00 PM
*To:* [email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>
*Subject:* RE: [NTSysADM] IE exploit
Adobe’s patch addresses CVE-2014-0515
Microsoft’s address CVE-2014-1776
It’s possible they are linked, since this article does
make them seem
like the same attack vector, but I do not speek enough
programmer-speak to know for sure:
http://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014
_0515_used_in_watering_hole_attacks
-Dave Lum
*From:*[email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>
[mailto:[email protected]
<mailto:[email protected]>] *On Behalf Of
*David McSpadden
*Sent:* Monday, April 28, 2014 10:37 AM
*To:* '[email protected]
<mailto:[email protected]>'
*Subject:* RE: [NTSysADM] IE exploit
I thought that is what I read in the MS articles?
VML and Flash were the vector for the exploit?
*From:*[email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>
[mailto:[email protected]
<mailto:[email protected]>] *On Behalf Of
*Rod Trent
*Sent:* Monday, April 28, 2014 1:34 PM
*To:* [email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>
*Subject:* RE: [NTSysADM] IE exploit
Yes, but that has nothing to do with the exploit reported
over the
weekend.
*From:*[email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>
[mailto:[email protected]
<mailto:[email protected]>] *On Behalf Of
*Kennedy, Jim
*Sent:* Monday, April 28, 2014 1:13 PM
*To:* [email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>
*Subject:* RE: [NTSysADM] IE exploit
Flash just released an update.
http://helpx.adobe.com/security/products/flash-player/apsb14-13.html
*From:*[email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>
[mailto:[email protected]
<mailto:[email protected]>] *On Behalf Of
*Rod Trent
*Sent:* Monday, April 28, 2014 1:11 PM
*To:* [email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>
*Subject:* RE: [NTSysADM] IE exploit
It’s all versions of Internet Explorer. However, supported
versions
will be patched.
There are ways to mitigate:
http://windowsitpro.com/windows/all-hands-deck-zero-day-reported-wild-
affects-ie6-11
*From:*[email protected]
<mailto:[email protected]
<mailto:[email protected]>>
[mailto:[email protected]
<mailto:[email protected]>] *On Behalf Of
*David McSpadden
*Sent:* Monday, April 28, 2014 1:05 PM
*To:* [email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>
*Subject:* RE: [NTSysADM] IE exploit
Is it just XP or am I wrong that the 7’s, 8’s, and Server
OS’s also an
issue the way I am reading it.
Especially if they have Adobe Flash (Not sure of version)
and the
website being visited using VML.
??
*From:*[email protected]
<mailto:[email protected]
<mailto:[email protected]>>
[mailto:[email protected]
<mailto:[email protected]>] *On Behalf Of
*Rod Trent
*Sent:* Monday, April 28, 2014 12:59 PM
*To:* [email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>
*Subject:* RE: [NTSysADM] IE exploit
The is the first in a coming list of exploits that Windows
XP will be
vulnerable to forever.
*From:*[email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>
[mailto:[email protected]
<mailto:[email protected]>] *On Behalf Of
*Jonathan Link
*Sent:* Monday, April 28, 2014 12:51 PM
*To:* [email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>
*Subject:* Re: [NTSysADM] IE exploit
It's really bad if you're still running XP in your
environment...
On Mon, Apr 28, 2014 at 12:38 PM, David McSpadden
<[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>> wrote:
Any reason for concern?
This e-mail and any files transmitted with it are property of
Indiana Members Credit Union, are confidential, and are
intended
solely for the use of the individual or entity to whom
this e-mail
is addressed. If you are not one of the named recipient(s) or
otherwise have reason to believe that you have received this
message in error, please notify the sender and delete this
message
immediately from your computer. Any other use, retention,
dissemination, forwarding, printing, or copying of this
email is
strictly prohibited.
Please consider the environment before printing this email.
This e-mail and any files transmitted with it are property
of Indiana
Members Credit Union, are confidential, and are intended
solely for
the use of the individual or entity to whom this e-mail is
addressed.
If you are not one of the named recipient(s) or otherwise
have reason
to believe that you have received this message in error,
please notify
the sender and delete this message immediately from your
computer. Any
other use, retention, dissemination, forwarding, printing,
or copying
of this email is strictly prohibited.
Please consider the environment before printing this email.
This e-mail and any files transmitted with it are property
of Indiana
Members Credit Union, are confidential, and are intended
solely for
the use of the individual or entity to whom this e-mail is
addressed.
If you are not one of the named recipient(s) or otherwise
have reason
to believe that you have received this message in error,
please notify
the sender and delete this message immediately from your
computer. Any
other use, retention, dissemination, forwarding, printing,
or copying
of this email is strictly prohibited.
Please consider the environment before printing this email.
--
Got your CryptoLocker prevention in place?
http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit-updates/
Our last day of XP patching. Wave it goodbye.
--
Got your CryptoLocker prevention in place?
http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit-updates/
Our last day of XP patching. Wave it goodbye.
--
Got your CryptoLocker prevention in place?
http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit-updates/
Our last day of XP patching. Wave it goodbye.
