1 min
Nexpose
CVE-2017-3823: Remote Code Execution Vulnerability in Cisco WebEx Browser Plugin
On January 21st 2017, Google's Project Zero disclosed a vulnerability in Cisco's
WebEx browser plugin extension that could allow attackers to perform a remote
code execution (RCE) exploit on any Windows host running the plugin.
An initial fix was pushed out by Cisco that warned a user if they were launching
a meeting from a domain other than *.webex.com or *.webex.com.cn, however, the
fix was questioned by April King from Mozilla
[https://bugs.chromium.org/p/project-zero/issues/detail?id=1096#c
2 min
Microsoft
Patch Tuesday - September 2014
It's a light round of Microsoft Patching this month. Only four advisories, of
which only one is critical. The sole critical issue this month is the expected
Internet Explorer roll up affecting all supported (and likely some unsupported)
versions. This IE roll up addresses 36 privately disclosed Remote Code
Execution issues and 1 publically disclosed Information Disclosure issue which
is under limited attack in the wild. This will be the top patching priority for
this month.
Of the three no
1 min
Microsoft
Patch Tuesday - August 2014
Microsoft clearly wants everyone to shake off the dog days of summer and pay
attention to patching. This month's advance notice contains nine advisories
spanning a range of MSFT products. We have the ubiquitous Internet Explorer all
supported versions patch (MS14-051), with the same likely caveat that this would
apply to Windows XP too, if Microsoft still supported it. This patch addresses
the sole vulnerability to be actively exploited in the wild from in this month's
crop of issues, CVE-201
2 min
Microsoft
Patch Tuesday - June 2014
Patch Tuesday, June 2014 delivers seven advisories, of them, two critical, five
important – one of which is the seldom seen “tampering” type.
The remarkable item in this month's advisories is MS14-035, the Internet
Explorer patch affecting all supported versions. That in itself is not unique,
we see one of these almost every month, but this time the patch addresses 59
CVEs, that is 59 distinct vulnerabilities in one patch! Microsoft asserts that
while two of the vulnerabilities (CVE-2014-1770
3 min
Microsoft
Patch Tuesday - May 2014 - Lots going on
There is a lot going on in the updates from Microsoft this month, including some
very interesting and long time coming changes. Also, it's the highest volume of
advisories so far this year, with eight dropping on us, two of which are
labelled as critical.
How to describe the patching priority is going to be very subjective. Microsoft
has identified three of these advisories: MS14-024, MS14-025, & MS14-029, the IE
patch as priority 1 patching concerns. Interestingly MS14-029 which is the
update
1 min
Microsoft
Patch Tuesday - March 2014
Microsoft's March Patch Tuesday again came in on the lighter side of some
months. This continues the 2014 trend of smaller Patch Tuesdays. We only see 2
issues that are critical/remote code execution, one of which is the usual IE
(MS14-012), the other is an an issue in the DirectShow libraries (MS14-013)
which affects most versions of Windows from XP up to 8.1/2012r2. These two are
where we should focus our patching efforts.
Of the 18 CVEs addressed in MS14-012, one is known to be in limit
2 min
Internet Explorer
IE 0-day: exploit code is now widely available (CVE-2013-3893)
Any newly discovered Internet Explorer zero day vulnerability is bad for users.
But once the exploit code gets around to public disclosure sites, it's so much
worse. In the past day or so exploit code has been submitted to virustotal.com
and scumware.org.
Users and administrators should take immediate action to mitigate the risk posed
by CVE-2013-3893. Considering the timing, I personally expect to see an out of
band patch from Microsoft before October's patch Tuesday, but that is just
specu
4 min
Exploits
Recent Developments in Java Signed Applets
The best exploits are often not exploits at all -- they are code execution by
design. One of my favorite examples of this is a signed java applet. If an
applet is signed, the jvm allows it to run outside the normal security sandbox,
giving it full access to do anything the user can do.
Metasploit has supported using signed applets as a browser exploit for quite
awhile, but over the last week there have been a couple of improvements that
might help you get more shells. The first of these improve