TA10-263A: Adobe Flash Vulnerabilities

Original release date: September 20, 2010
Last revised: --
Source: US-CERT

Systems Affected

  • Adobe Flash Player 10.1.82.76 and earlier versions
  • Adobe Flash Player 10.1.92.10 for Android
  • Adobe Reader 9.3.4 and earlier 9.x versions

Other Adobe products that support Flash may also be vulnerable.


Overview

According to Adobe Security Bulletin APSB10-22 there are vulnerabilities in Adobe Flash. These vulnerabilities affect Flash Player, Reader, and possibly other products that support Flash. A remote attacker could exploit these vulnerabilities to execute arbitrary code.


I. Description

Adobe Security Bulletin APSB10-22 describes vulnerabilities in Adobe Flash that affect Flash Player. These vulnerabilities may also affect other products that independently support Flash, such as Adobe Reader, Acrobat, Photoshop, Photoshop Lightroom, Freehand MX, and Fireworks.

An attacker could exploit these vulnerabilities by convincing a user to open specially crafted Flash content. Flash content is commonly hosted on a web page, but it can also be embedded in a PDF and other documents or provided as a stand-alone file.


II. Impact

If a user opens specially crafted Flash content, a remote attacker may be able to execute arbitrary code.


III. Solution

Update Flash

Adobe Security Bulletin APSB10-22 recommends updating to Flash Player 10.1.85.3 for Windows, Mac OS, Linux, and Solaris and Flash Player 10.1.95.1 for Android.  However, products like Adobe Reader with embedded Flash will require their own security updates.

To reduce your exposure to these and other Flash vulnerabilities, consider the following mitigation technique.

Disable Flash in your web browser

Uninstall Flash or restrict which sites are allowed to run Flash. To the extent possible, only run trusted Flash content on trusted domains. For more information, see Securing Your Web Browser.

Additional workarounds are available in US-CERT Vulnerability Note VU#275289.


IV. References



Feedback can be directed to US-CERT.


Produced 2010 by US-CERT, a government organization. Terms of use


Revision History

September 20, 2010: Initial release

How to Hide Apache Banner

You should hide apache banner information from being displayed so the attackers are not aware of what version of Apache version you are running and thus making it more difficult for them to exploit any system holes and thus making vulnerability scanners work harder and in some cases impossible without knowing banner information.

Example:

Apache/2.2.0 (Ubuntu) PHP/5.2.6-2ubuntu4.6 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0 Server at www.webaddress.com Port 80

How To:

Modify /etc/httpd/conf/httpd.conf
Change the ServerSignature line to: ServerSignature Off
Change the ServerTokens line to: ServerTokens Prod
Restart Apache: /sbin/service httpd restart

For ubuntu you will find these setting in /etc/apache2/conf.d/security
Restart Apache: service apache2 restart

Google Sites Hosts Files Used In Attempted Hackings

Since June, Google has provided hosting for files used in attempted hackings of websites through an account with their Google Sites services. A listing of all the files hosted is available at http://sites.google.com/site/nurhayatisatu/system/app/pages/recentChanges?offset=25. Some of those files are used in remote files inclusion (RFI) attacks which seek exploit vulnerabilities in software that allow remotely hosted files to be be executed. If the attacks are successful modifications are made to website that place spam or malware on the website, or allows the hacker remote access to the website. Attempting hackings utilizing these files have occurred at least as recently as three days ago. We have reported this to Google using the “Report Abuse” link multiple times but the files have continued to remain up.

TA10-257A: Microsoft Updates for Multiple Vulnerabilities

Original release date: September 14, 2010
Last revised: --
Source: US-CERT

Systems Affected

  • Microsoft Windows
  • Microsoft Office

Overview

There are multiple vulnerabilities in Microsoft Windows and Microsoft Office. Microsoft has released updates to address these vulnerabilities.


I. Description

The Microsoft Security Bulletin Summary for September 2010 describes multiple vulnerabilities in Microsoft Windows and Microsoft Office. Microsoft has released updates to address the vulnerabilities.


II. Impact

A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable system or application to crash.


III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for September 2010. That bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).


IV. References



Feedback can be directed to US-CERT.


Produced 2010 by US-CERT, a government organization. Terms of use


Revision History

September 14, 2010: Initial release