Duke ITSO Alerts
On April 8, 2014, both Microsoft Windows XP and Microsoft Office 2003 will officially reach their end-of-life. At that time, Microsoft will no longer provide any security updates or patches for either Windows XP or Office 2003. The lack of security updates means that Duke users and departments are likely to be at risk if they continue to use Windows XP or Office 2003 after April 14th 2014.
- Identify systems running Windows XP or Microsoft Office 2003
- Determine if the systems can be upgraded to Windows 7 and/or the latest version of Microsoft Office if they need to be replaced with newer hardware.
- Upgrade or replace the systems by April 2014.
- If any of the systems are running an embedded version of XP, move the devices to private network space and work with the supporting vendor and/or the ITSO on options for upgrading or retiring the devices.
Want to know when there is a Java 0-Day vulnerability to worry about? Bookmark the following link and check it out regularly:
Oracle has released an update to Java to address the most currently reported 0-day vulnerabilites affecting Java running in web browsers, which are currently being exploited by attackers to install the McRat remote access trojan. From the alert:
This Security Alert addresses security issues CVE-2013-1493 (US-CERT VU#688246) and another vulnerability affecting Java running in web browsers. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software.
These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user's system.
The updated versions of Java are Java SE 7 Update 17, Java SE 6 Update 43 and Java SE 5 Update 41. Existing Java installations should auto-update. Updated Java runtimes can be downloaded from java.com.
Instructions for disabling Java in the browser can be found here: http://www.java.com/en/download/help/disable_browser.xml
This morning an attacker launched a malware attack targeting Duke email users. The message purports to be from American Airlines and is entitled "Your Order#82172372 - APPROVED".
The message requests that the user click on links to print tickets or check order status. These links lead to a zip file which contains malware. At this time, VirusTotal reports that only one anti-virus suite is detecting the file as malware.
If you clicked on these links and suspect your machine may now be infected, please contact the OIT Service Desk or the Duke IT Security Office immediately.
OIT Service Desk:
(919) 684-2200
Duke IT Security Office:
This morning an attacker launched a phishing attack targeting Duke email users. The message is entitled "1 New Mail Message:" and requested the user to click on a link to "view the message."
If you click on the link, you are taken to a non-Duke site and asked for your Duke netID and password. The site looks very similar to Duke's Outlook Web Access site, but it is a fraud, as indicated by the website's address: "http:// www. semazen. net/images/video/email.edu.htm."
If you submitted your credentials to this form, please contact the OIT Service Desk or the Duke IT Security Office immediately.
OIT Service Desk:
(919) 684-2200
Duke IT Security Office:
The message looks like the following:
Adobe has released security updates for Adobe Flash Player and Shockwave Player. The udpates fix several critical vulnerabilities that could result in malicious code being run on the affected system.
Flash users can check their version and update to the latest version of Flash by going to http://www.adobe.com/software/flash/about/.
Shockwave users can update to the latest version by going to http://get.adobe.com/shockwave/.
We recommend that these udates be deployed as soon as possible.
Microsoft has released 12 updates addressing 57 vulnerabilities. Six of these updates are rated Critical by Microsoft due to the potential for remote code execution:
- Cumulative Security Update for Internet Explorer (MS13-009)
- Vulnerability in Vector Markup Language Could Allow Remote Code Execution (MS13-010)
- Vulnerability in Media Decompression Could Allow Remote Code Execution (MS13-011)
- Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (MS13-012)
- Vulnerability in OLE Automation Could Allow Remote Code Execution (MS13-020)
SANS has released their analysis of the patches, and of course the updates are now available via Microsoft and Windows Update. We recommend that these patches be deployed as soon as possible.
From Adobe:
Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.0) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.1 and earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Users can update their Reader and Acrobat installations by:
Adobe Reader
Users on Windows and Macintosh can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Reader users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=W....
Adobe Reader users on Macintosh can also find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=M....
Adobe Reader users on Linux can find the appropriate update here: ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/.
Adobe Acrobat
Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Acrobat Standard and Pro users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Wi....
Acrobat Pro Extended users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Wi....
Acrobat Pro users on Macintosh can also find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Ma....
http://www.adobe.com/support/security/bulletins/apsb13-02.html
A new version of Chrome (version 24) that addresses several security issues. More details can be found here:
http://googlechromereleases.blogspot.de/2013/01/stable-channel-update.html
We have received a notification that a 0-day vulnerability for Java 7 Update 10 has been found. The vulnerability is already in use in the wild as part of a common malware package. For now, disabling Java in the browser is the only workaround. This is a remote code execution vulnerability, so it should be considered to be serious.
UPDATE: An update has been made available by Oracle, but we still recommend disabling java in web browsers (see below).
Instructions for disabling Java 7u10 in the browser here: http://www.java.com/en/download/help/disable_browser.xml
More information: http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crime...