P e i Gne . 6 Patches, 12 bugs – 3 Critical, Affects Windows, Office Other updates, MSRT,...
-
Upload
lindsey-hill -
Category
Documents
-
view
219 -
download
0
Transcript of P e i Gne . 6 Patches, 12 bugs – 3 Critical, Affects Windows, Office Other updates, MSRT,...
• 6 Patches, 12 bugs – 3 Critical, Affects Windows, Office
• Other updates, MSRT, Defender Definitions, Junk Mail Filter
– MS09-069 - Local Security Authority Subsystem Service, Denial of Service– MS09-070 - Active Directory Federation Services, Remote Code Execution– MS09-071 - Internet Authentication Service, Remote Code Execution– MS09-072 - Cumulative Security Update for Internet Explorer– MS09-073 - WordPad and Office Text Converters, Remote Code Execution– MS09-074 - Microsoft Office Project, Remote Code Execution
Patch Tuesday
• Adobe– Flash Player
– Illustrator CS3 & CS4
• Apple– Java for Mac OS X 10.5.8 and OS X 10.6.2
• Windows 7 0-day– Still no patch
• IE 6/7 0-day– dangling pointer in mshtml.dll CSS/STYLE objects via "getElementsByTagName()"
• IE 8, XSS via anti-XSS protection module
• Browsers, firefox, opera
• Clientless SSL VPNs, cisco, juniper, checkpoint and many more
Holes / Patches
Hacking • SSL renegotiation bug used to
access Twitter
• ‘Ikee’ / rickroll goes evil
• MS performs year long study to remind us low-hanging fruit is still a target.
• wp_brute_attempt() – WordPress admin cracking found in the wild
• SynJunkie - Abusing vlans with BackTrack, Yersinia, vconfig, Wireshark, Nmap
Corp. Hell
• Windows 8 scheduled for July 2010
• Google to drop Gears
• Rapid7 releases free version of NeXpose
• Yahoo spying guide leaked– Your data starts at $20
Papers
[In]secure Magazine #23
English ShellcodeJoshua Mason, Sam Small, Fabian Monrose, Greg MacManus
NIST Special Publication 800-37 Cyber Security Guidance
Copyright
• Copyright act of 1976 allows artists to begin cancelling copyright as soon as 2013.
• Global DMCA ?!?
UpdatesFedora 12
allows non-root to install signed packages
Metasploit 3.3.1
Katana 1.0multi-boot thumb drive
Cain & Abel 4.9.35
picvizlog visualization
process hacker 1.7
remote reboot x 1.5