SANS ISC: Infocon change to yellow for Adobe Flash issues - SANS Internet Storm Center

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

We have decided to change the Infocon ¹ to yellow in order to bring attention to the multiple recent Adobe Flash Player vulnerabilities ² that are being actively exploited. There have been 3 patched vulnerabilities that have an update and applying them is highly recommended. 1 of the vulnerabilities has not yet been patched, and is expected to be released as an OOB (Out of Band) next week by Adobe ³. 

Our reasoning is that the Adobe Flash Player is very widely installed, the vulnerability affects multiple platforms, remote code execution gives the attacker complete control of the system, the patch is not yet available, it affects both organizational IT systems as well as home or soho users, a crimeware kit is actively exploiting the vulnerabilities, people might mistakenly believe that the patch from yesterday fixes all of the issues, and last but not least mitigation through the use of EMET or other tools/means is not normally feasible for home users or quick deployment in enterprise environments without testing. In short, the high impact of these vulnerabilities being exploited warrants raising the Infocon from now until Monday. 

1- https://isc.sans.edu/infocon.html

2- https://isc.sans.edu/forums/diary/Flash+0Day+Deciphering+CVEs+and+Understanding+Patches/19223/

3- http://helpx.adobe.com/security/products/flash-player/apsa15-01.html

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
My SANS teaching schedule