Posted by Ryan Naraine @ ZDNet - 16-Oct-2009

"Remember that Microsoft .NET Framework Assistant add-on that Microsoft sneaked into Firefox without explicit permission from end users?

Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the "browse and you’re owned" attacks that are typically used in drive-by malware downloads."

Read entire article

Adobe has confirmed a critical, unpatched vulnerability in its PDF Reader/Acrobat software is being exploited by malicious attackers.

The vulnerability affects Adobe Reader and Acrobat 9.1.3 and earlier versions on Windows, Macintosh and UNIX. Adobe described the in-the wild attacks as limited and targeted, suggesting PDF documents rigged with exploits are being attached to e-mails and sent to business targets.

The exploit only targets Adobe Reader and Acrobat 9.1.3 on Windows.

Adobe’s advisory offers some mitigations:
 Read More...

Southern writes:  

Urges users to run single-click tool before hackers exploit 'decently wormable' flaw
With attack code that exploits a critical unpatched bug in Windows likely to go public soon, Microsoft wants users to run an automated tool that disables the vulnerable component.
The bug in SMB (Server Message Block) 2, a Microsoft-made network file- and print-sharing protocol that ships with Windows, affects Windows Vista, Windows Server 2008 and preview releases of Windows 7.
When the flaw was first disclosed Sept. 7, it was thought that attacks would only crash PCs, causing the notorious Blue Screen of Death. Since then, however, researchers have figured out how to create exploits that can be used to hijack a vulnerable computer.

more: Computerworld
Microsoft 'Fix it' tool

SECUNIA ADVISORY ID: SA36671

CRITICAL: Highly Critical

VERIFY ADVISORY: http://secunia.com/advisories/36671/

DESCRIPTION: Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a vulnerable system.
 Read More...

Posted by Ryan Naraine @ 1:26 pm, September 8th, 2009
(Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.)

[ UPDATE: Microsoft has now confirmed this vulnerability and warns of code execution risk ]
Exploit code for a remote reboot flaw in Microsoft’s implementation of the SMB2 protocol has been posted on the internet, exposing users of Windows 7 and Windows Vista to the teardrop attacks that used to be popular on Windows 3.1 and Windows 95. The demo code, published on the Full Disclosure mailing list, allows an attacker to remotely crash any Windows 7 or Windows Vista machine with SMB enabled. No user action is required.

From the advisory: SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionality. The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it’s used to identify the SMB dialect that will be used for further communication.

The researcher who discovered the issue said Windows 2000 and Windows XP are not affected because they do not have the vulnerable driver.

The exploit has been added to the Metasploit point-and-click attack tool. Metasploit’s HD Moore believes the bug was introduced with Windows Vista SP1.

The folks at The H Online got the exploit to fire on Windows Vista but could not replicate the issue on Windows 7. In the absence of a patch from Microsoft, they suggest closing the SMB ports by un-ticking the boxes for file and printer access in the firewall settings.

SECUNIA ADVISORY ID: SA36592

VERIFY ADVISORY: http://secunia.com/advisories/36592/

CRITICAL: Highly Critical

DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
 Read More...