Hey, it just means, if you can't get into the parking lot, you can't attack the
front door. :) Well, at least not without finding another path. :(
--
There are 10 kinds of people in the world...
those who understand binary and those who don't.
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Susan Bradley
Sent: Tuesday, April 29, 2014 12:44 PM
To: [email protected]
Subject: Re: [NTSysADM] IE exploit
I've gone back to my normal confused state.
As I posted later on the Patchmanagement.org list
(and this is where I showcase that CVE's and my brain only goes so far and it
takes a village to understand this stuff)
From a smarter person that I:
"the Flash update closes the ASLR hole that is needed by the VGX exploit to
achieve a reliable ROP chain"
So while kinda not related, they kinda are.
On 4/29/2014 9:34 AM, Andrew S. Baker wrote:
> Over at SANS, they've suggested that the Adobe patch *is* related
>
> ...the 13.0.0.206 update is explicitly about this vulnerability. See:
>
>
> http://helpx.adobe.com/security/products/flash-player/apsb14-13.html
>
> "Adobe is aware of reports that an exploit for CVE-2014-0515
> exists in the wild, and is being used to target Flash Player users
> on the Windows platform."
>
>
> *ASB
> **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*_
> _**Providing Virtual CIO Services (IT Operations & Information
> Security) for the SMB market...***
>
>
>
>
> On Mon, Apr 28, 2014 at 5:38 PM, Susan Bradley <[email protected]
> <mailto:[email protected]>> wrote:
>
> I can't believe I'm finally finding a need to refer to CVE numbers.
>
>
>
> On 4/28/2014 2:31 PM, Rod Trent wrote:
>
> I blame Adobe.
>
> -----Original Message-----
> From: [email protected]
> <mailto:[email protected]>
> [mailto:[email protected]
> <mailto:[email protected]>] On Behalf Of Susan
> Bradley
> Sent: Monday, April 28, 2014 5:15 PM
> To: [email protected]
> <mailto:[email protected]>
> Subject: Re: [NTSysADM] IE exploit
>
> Hang on, it's not the same exploit. You are confusing two
> Flash vectors.
>
> The zero day via Fireeye is CVE-2014-1776
>
> http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit
> -targeting-internet-explorer-versions-9-through-11-identified-in-targe
> ted-attacks.html
>
> The Flash patch below is a totally different Flash patch and
> it's from Adobe.
> http://helpx.adobe.com/security/products/flash-player/apsb14-09.html
> It's just via Microsoft becasuse they stuck Flash in their
> browser and thus they update it. *CVE number:* CVE-2014-0506,
> CVE-2014-0507, CVE-2014-0508, CVE-2014-0509
>
> Two totally different issues.
>
> Microsoft will patch all supported browsers for the weekend
> zero day when it's ready.
>
> The flash patch is just a Flash update.
>
> On 4/28/2014 2:00 PM, Rod Trent wrote:
>
> BTW: Microsoft has a patch ready for IE10 and IE11 only -
> for Windows
> 8.x and Windows Server 2012...
>
>
> http://windowsitpro.com/msrc/flash-fix-ie-10-and-ie-11-only
>
> *From:*[email protected]
> <mailto:[email protected]>
> [mailto:[email protected]
> <mailto:[email protected]>] *On Behalf Of
> *David Lum
> *Sent:* Monday, April 28, 2014 4:56 PM
> *To:* [email protected]
> <mailto:[email protected]>
> *Subject:* RE: [NTSysADM] IE exploit
>
> Saw this on a forum today: "We have one agency warning us
> of an
> exploit, and the other agency trying to use the exploit :)"
>
> FTW!
>
> -Dave Lum
>
> *From:*[email protected]
> <mailto:[email protected]>
> <mailto:[email protected]
> <mailto:[email protected]>>
> [mailto:[email protected]
> <mailto:[email protected]>] *On Behalf Of
> *Rod Trent
> *Sent:* Monday, April 28, 2014 12:04 PM
> *To:* [email protected]
> <mailto:[email protected]>
> <mailto:[email protected]
> <mailto:[email protected]>>
> *Subject:* RE: [NTSysADM] IE exploit
>
> It's not. Adobe has been working on today's patch since
> early April,
> working with Kaspersky. The one announced over the weekend as
> identified by FireEye and Microsoft is working on a patch.
>
> *From:*[email protected]
> <mailto:[email protected]>
> <mailto:[email protected]
> <mailto:[email protected]>>
> [mailto:[email protected]
> <mailto:[email protected]>] *On Behalf Of
> *David Lum
> *Sent:* Monday, April 28, 2014 3:00 PM
> *To:* [email protected]
> <mailto:[email protected]>
> <mailto:[email protected]
> <mailto:[email protected]>>
> *Subject:* RE: [NTSysADM] IE exploit
>
> Adobe's patch addresses CVE-2014-0515
>
> Microsoft's address CVE-2014-1776
>
> It's possible they are linked, since this article does
> make them seem
> like the same attack vector, but I do not speek enough
> programmer-speak to know for sure:
>
>
> http://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014
> _0515_used_in_watering_hole_attacks
>
> -Dave Lum
>
> *From:*[email protected]
> <mailto:[email protected]>
> <mailto:[email protected]
> <mailto:[email protected]>>
> [mailto:[email protected]
> <mailto:[email protected]>] *On Behalf Of
> *David McSpadden
> *Sent:* Monday, April 28, 2014 10:37 AM
> *To:* '[email protected]
> <mailto:[email protected]>'
> *Subject:* RE: [NTSysADM] IE exploit
>
> I thought that is what I read in the MS articles?
>
> VML and Flash were the vector for the exploit?
>
> *From:*[email protected]
> <mailto:[email protected]>
> <mailto:[email protected]
> <mailto:[email protected]>>
> [mailto:[email protected]
> <mailto:[email protected]>] *On Behalf Of
> *Rod Trent
> *Sent:* Monday, April 28, 2014 1:34 PM
> *To:* [email protected]
> <mailto:[email protected]>
> <mailto:[email protected]
> <mailto:[email protected]>>
> *Subject:* RE: [NTSysADM] IE exploit
>
> Yes, but that has nothing to do with the exploit reported
> over the
> weekend.
>
> *From:*[email protected]
> <mailto:[email protected]>
> <mailto:[email protected]
> <mailto:[email protected]>>
> [mailto:[email protected]
> <mailto:[email protected]>] *On Behalf Of
> *Kennedy, Jim
> *Sent:* Monday, April 28, 2014 1:13 PM
>
> *To:* [email protected]
> <mailto:[email protected]>
> <mailto:[email protected]
> <mailto:[email protected]>>
> *Subject:* RE: [NTSysADM] IE exploit
>
>
> Flash just released an update.
>
>
> http://helpx.adobe.com/security/products/flash-player/apsb14-13.html
>
> *From:*[email protected]
> <mailto:[email protected]>
> <mailto:[email protected]
> <mailto:[email protected]>>
> [mailto:[email protected]
> <mailto:[email protected]>] *On Behalf Of
> *Rod Trent
> *Sent:* Monday, April 28, 2014 1:11 PM
>
> *To:* [email protected]
> <mailto:[email protected]>
> <mailto:[email protected]
> <mailto:[email protected]>>
> *Subject:* RE: [NTSysADM] IE exploit
>
>
> It's all versions of Internet Explorer. However, supported
> versions
> will be patched.
>
> There are ways to mitigate:
>
>
> http://windowsitpro.com/windows/all-hands-deck-zero-day-reported-wild-
> affects-ie6-11
>
>
> *From:*[email protected]
> <mailto:[email protected]
> <mailto:[email protected]>>
> [mailto:[email protected]
> <mailto:[email protected]>] *On Behalf Of
> *David McSpadden
> *Sent:* Monday, April 28, 2014 1:05 PM
>
> *To:* [email protected]
> <mailto:[email protected]>
> <mailto:[email protected]
> <mailto:[email protected]>>
> *Subject:* RE: [NTSysADM] IE exploit
>
>
> Is it just XP or am I wrong that the 7's, 8's, and Server
> OS's also an
> issue the way I am reading it.
>
> Especially if they have Adobe Flash (Not sure of version)
> and the
> website being visited using VML.
>
> ??
>
> *From:*[email protected]
> <mailto:[email protected]
> <mailto:[email protected]>>
> [mailto:[email protected]
> <mailto:[email protected]>] *On Behalf Of
> *Rod Trent
> *Sent:* Monday, April 28, 2014 12:59 PM
>
> *To:* [email protected]
> <mailto:[email protected]>
> <mailto:[email protected]
> <mailto:[email protected]>>
> *Subject:* RE: [NTSysADM] IE exploit
>
>
> The is the first in a coming list of exploits that Windows
> XP will be
> vulnerable to forever.
>
> *From:*[email protected]
> <mailto:[email protected]>
> <mailto:[email protected]
> <mailto:[email protected]>>
> [mailto:[email protected]
> <mailto:[email protected]>] *On Behalf Of
> *Jonathan Link
> *Sent:* Monday, April 28, 2014 12:51 PM
>
> *To:* [email protected]
> <mailto:[email protected]>
> <mailto:[email protected]
> <mailto:[email protected]>>
> *Subject:* Re: [NTSysADM] IE exploit
>
>
> It's really bad if you're still running XP in your
> environment...
>
> On Mon, Apr 28, 2014 at 12:38 PM, David McSpadden
> <[email protected] <mailto:[email protected]>
> <mailto:[email protected] <mailto:[email protected]>>> wrote:
>
> Any reason for concern?
>
> This e-mail and any files transmitted with it are property of
> Indiana Members Credit Union, are confidential, and are
> intended
> solely for the use of the individual or entity to whom
> this e-mail
> is addressed. If you are not one of the named recipient(s) or
> otherwise have reason to believe that you have received this
> message in error, please notify the sender and delete this
> message
> immediately from your computer. Any other use, retention,
> dissemination, forwarding, printing, or copying of this
> email is
> strictly prohibited.
>
> Please consider the environment before printing this email.
>
> This e-mail and any files transmitted with it are property
> of Indiana
> Members Credit Union, are confidential, and are intended
> solely for
> the use of the individual or entity to whom this e-mail is
> addressed.
> If you are not one of the named recipient(s) or otherwise
> have reason
> to believe that you have received this message in error,
> please notify
> the sender and delete this message immediately from your
> computer. Any
> other use, retention, dissemination, forwarding, printing,
> or copying
> of this email is strictly prohibited.
>
> Please consider the environment before printing this email.
>
> This e-mail and any files transmitted with it are property
> of Indiana
> Members Credit Union, are confidential, and are intended
> solely for
> the use of the individual or entity to whom this e-mail is
> addressed.
> If you are not one of the named recipient(s) or otherwise
> have reason
> to believe that you have received this message in error,
> please notify
> the sender and delete this message immediately from your
> computer. Any
> other use, retention, dissemination, forwarding, printing,
> or copying
> of this email is strictly prohibited.
>
> Please consider the environment before printing this email.
>
> --
> Got your CryptoLocker prevention in place?
> http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit-updates/
> Our last day of XP patching. Wave it goodbye.
>
>
>
>
>
>
>
>
>
>
> --
> Got your CryptoLocker prevention in place?
> http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit-updates/
> Our last day of XP patching. Wave it goodbye.
>
>
>
>
--
Got your CryptoLocker prevention in place?
http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit-updates/
Our last day of XP patching. Wave it goodbye.
