Currently Unpatched Windows / Internet Explorer Vulnerabilities

Published: 2011-01-05
Last Updated: 2011-01-08 01:58:58 UTC
by Johannes Ullrich (Version: 2)
2 comment(s)

Update: Microsoft now created its own version of this table:

http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx

------

Thanks to our reader Dan for getting this started. Here is a preliminary table on various Internet Explorer and Windows vulnerabilities that are as of yet unpatched.Let me know if I forgot one. I originally planned to include some of the older issues, but none of them appears to be as relevant/serious as the issues in this list.

CVE Name Release Date Affected Exploit and comments Mitigation
 no CVE Use after free error within "mshtml.dll" Jan 5th 2011 IE 7,8 http://www.vupen.com/english/advisories/2011/0026  
CVE-2010-3970 Graphics Rendering Engine Jan 4th 2011 Windows XP/VIsta (not: 7, 2008 R2) Available

Disable shimgvw.dll

MSFT Advisory #2490606

no CVE WMI ActiveX Control Dec 23rd 2010 IE with WMI ActiveX Control installed
See this Websense blog for details
set killbit on affected ActiveX control
CVE-2010-3971 CSS Import Rule Processing Use-After-Free Vulnerability Dec 14th 2010 IE 6,7,8 PoC available. Critical

Enhanced Mitigation Experience Toolkit

MSFT Advisory #2488013

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

2 comment(s)

ipv6finder : How ready are you for IPv6?

Published: 2011-01-05
Last Updated: 2011-01-05 17:00:33 UTC
by Johannes Ullrich (Version: 1)
4 comment(s)

Over the holidays, I used some of the vacation and down time to reorganize my home network. Part of this was to update my network maps and figure out how many of my devices do not support IPv6. I do use IPv6 extensively at home, but even some recently purchased devices do not support it.

Another problem you have with IPv6 is to find all devices on your network. The standard and simplest way to do this (aside from passively listening) is to ping the "all hosts" multicast address ff02::1. If you use auto configured link local addresses, you can also look for the EUI-64 (MAC Address) derived IPv6 addresses.

The result: a shell script to run some of these scans for you [1]

The ipv6finder.sh script currently is tested on Linux and OS X. It will not work on Windows. It does require root access as it uses arping for some of its tests (could fix that, but I found the arping output to be more consistent between platforms then just the arp command which would work too with a normal ping).

Read the comments in the file for some more details. Also: at the top of the script there are some variables that you can use to point it to the right location for various binaries it uses. Why bash and not perl... well, I started it in bash and it grew.

[1] http://johannes.homepc.org/ipv6finder.sh

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: ipv6
4 comment(s)

After cross_fuzz leak: More Internet Explorer Vulnerabilities reported

Published: 2011-01-05
Last Updated: 2011-01-05 16:14:08 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Earlier this week, Michal Zalewski of Google released cross_fuzz [1], a tool so far used internally at Google to identify browser bugs. While the tool is not specific to a particular browser, Google had a lot of success using it against Internet Explorer. It is no surprise that with the release of the tool, we see the release of new vulnerabilities. For example, today a "Circular Memory References Use-after-free" issue was uncovered in Internet Explorer [2]

 

[1] http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html
[2] http://www.vupen.com/english/advisories/2011/0026

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords:
0 comment(s)

Survey: Software Security Awareness Training

Published: 2011-01-05
Last Updated: 2011-01-05 14:24:42 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

We currently offer a course, DEV 304 Software Security Awareness [1], which introduces managers and junior developer to software security concept. Right now, it covers the top 20 most common software weaknesses and threat modeling. But we are trying to improve the content and delivery of the course.

If you are developing software, or managing developers, please help us out by taking part in our survey.

http://www.surveymonkey.com/s/sansdev

And while we are talking surveys: We still have the annual ISC survey at http://www.surveymonkey.com/s/iscsurvey2011

[1] http://www.sans.org/appsec-2011/description.php?tid=1912

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

0 comment(s)

VMWare Security Advisory VMSA-2011-0001

Published: 2011-01-05
Last Updated: 2011-01-05 12:39:50 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

VMWare today released Security Advisory VMSA-2011-0001 [1] as well as updated two of last years security advisories [2],[3]

The update patches glibc, sudo and openldap that are used as part of VMWare ESX. The vulnerabilities could be used to escalate privileges if a user has access to the VMWare console or launch a denial of service attack.

Component CVE Number CVSS Base Score Access
glibc CVE-2010-3847 (not yet released)   - -
  CVE-2010-3856 (not yet released)   - -
sudo CVE-2010-2956  6.2 Medium local
openldap CVE-2010-0211  5.0 Medium network
  CVE-2010-0212 5.0 Medium network

 

[1] http://www.vmware.com/security/advisories/VMSA-2011-0001.html
[2] http://www.vmware.com/security/advisories/VMSA-2010-0017.html
[3] http://www.vmware.com/security/advisories/VMSA-2010-0016.html

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: vmware
0 comment(s)

Comments


Diary Archives