CVE-2014-6352
CVE-2014-6352 is listed in windows 7 Programs and Features panel. Listed with no Publisher, no info. Does this mean I have the remote execution vulnerability or just the patch for it. It was installed Oct 23, 2014, about the same time the advisory came out.
I want to know if I should uninstall it. It is actually listed twice in the panel?
this Trojan came trough Microsoft PowerPoint, I suggest scan your PC
be careful if you open documents files from the 3rd party or website
Workarounds
The following workarounds may be helpful in your situation:
Apply the Microsoft Fix it solution, "OLE packager Shim Workaround", that prevents exploitation of the vulnerability
See Microsoft Knowledge Base Article 3010060 to use the automated Microsoft Fix it solution to enable or disable this workaround.
Note:
The Fix it solution is available for Microsoft PowerPoint on 32-bit and x64-based editions of Microsoft Windows, with the exception of 64-bit editions of PowerPoint on x64-based editions of Windows 8 and Windows 8.1.
Do not open Microsoft PowerPoint files, or other files, from untrusted sources
Do not open Microsoft PowerPoint files that you receive from untrusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted file.
Enable User Account Control (UAC)
Note User Account Control is enabled by default.1.Do one of the following to open Control Panel:1.Click Start, and then click Control Panel.
2.Press the Windows logo key + s, type Control Panel, then open the Control Panel app.
2.In Control Panel, click User Accounts (or User Accounts and Family Safety).
3.In the User Accounts window, click User Accounts.
4.In the User Accounts tasks window, click Turn User Account Control on or off (or Change User Account Control settings).
5.If UAC is currently configured in Admin Approval Mode, a UAC message appears; click Continue.
6.Click the check box "Use User Account Control (UAC) to help protect your computer", and then click OK.
7.Do one of the following:1.Click Restart Now to apply the change right away.
2.Click Restart Later.
8.Close the User Accounts tasks window.
For more deep info, read here
https://technet.microsoft.com/library/security/MS14-064#ID0EM1AE
Similar Messages
-
[CVE-2014-6352] Ironport security
https://technet.microsoft.com/library/security/3010060
[CVE-2014-6352] --- Microsoft side issue only...
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6352
http://tools.cisco.com/security/center/viewAlert.x?alertId=36160
IF the ESA should process an email w/ this attachment/OLE exploit - Sophos would scan, detect, and remove. If this is seen as not occurring, I'd suggest to open a TAC case and have any attachment as missed looked into from Cisco and Sophos.
-Robert -
CSCuq79267 - UCS Apache 2.2 Vulnerability CVE-2014-0118
I too am seeing this same behavior. Nessus has found this, and 3 other, vulnerabilities with the Apache version provided by the UCS platform.
Any fixes in the works? We are currently running firmware 2.2(3c). The release notes for 2.2(3d) and 2.2(3e) do not address CVE-2014-0118.
EDIT:
2.2(3f) also does not address these vulnerabilities. Does the UCS version of Apache use the modules that are found faulty according to Nessus?
Nessus is also reporting the following CVEs related to this one: CVE-2013-6438, CVE-2014-0098, CVE-2013-5704, CVE-2014-0226, and CVE-2014-0231.Hi,
Please refer this links,
Linux GHOST vulnerability (CVE-2015-0235) is not as scary as it looks | Symantec Connect
https://rhn.redhat.com/errata/RHSA-2015-0090.html
Regards,
S27 -
Are you aware about bash security issue CVE-2014-6271 ? Do you have a patch for that? The problem may exist in all Solaris versions.
The official communication is now posted to
https://blogs.oracle.com/security/entry/security_alert_cve_2014_7169 -
PCI Compliance Azure Websites (CVE-2014-6321)
Trying to gain PCI compliance of an azure website. Trustwave scan came back as a pass apart from the following:-
Vulnerability in Security Channel Could Allow Remote Code Execution (MS14-066)/CVE-2014-6321
Anything I can do? It's post 443 - we have a EV SSL certificate in IP Based SSL.I just had a conversation with Trustwave and they are going to disable this check while they figure out a detection without this false positive, so your scans should be fine now. Thank you Trustwave for such a quick response and turn around!
-
CSCur27617: AnyConnect vulnerable to POODLE attack (CVE-2014-3566) Win/Mac/Linux
I wanted to know if the AnyConnect Secure Mobility Client would still be vulnerable to this if it was only connecting via SSL VPN (TLS) to an ASA that already has the workaround implemented on it (Disable SSLv3)?
Thanks,
Rob MieleHi Rob ,
According to the bug:
All versions of desktop AnyConnect for Mac OS X and Linux prior to 3.1.00495 are vulnerable , so Anyconnect 3.1.06.073 is safe from POODLE vulnerability
On the Anyconnect you can disable the SSL using Ikev2 instead of the SSL protocols , however as the bug mention , the client creates a paralel ssl tunnel to get updates and profile from the router.
If you're asking to disable SSLv3 on the router , unfortunately there is not code yet , the workaround is to disable the webvpn or upgrade the VPN client.
As well here is the officil advisory for the POODLE vulnerbility on Cisco Products.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
Hope it helps
- Randy - -
Sourcefire rule for CVE 2014-1692
Hi,
Please mention me the Sourcefire rule number for CVE 2014-1692.
Best Regards,
Jackson KuHi,
Thanks for your reply. Do you mean no Sourcefire rule for CVE 2014-1692 currently, and we should raise a TAC case to request?
Best Regards,
Jackson -
Bash vulnerability bash CVE-2014-6271 on Cisco devices
Hi, all,
Anybody know whether any Cisco devices are vulnerable to recent bash CVE-2014-6271? I am especially concerned about ASA which opens https to the public.
Thanks,Have a look here:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_Bash_09252014.html
and here:
http://tools.cisco.com/security/center/mcontent/CiscoSecurityAdvisory/cisco-sa-20140926-bash
Under affected products. -
Is patch available for CVE-2014-3566?
Is patch available for CVE-2014-3566?
Update your OS X to the latest version plus any security updates.
Pete -
OpenSSL SSL/TLS Man-In-The-Middle Injection Attack CVE-2014-0224
Can some help me to fix Open SSL Issue in Windows server 2008 R2 CVE-2014-0224 , Please advice
Hi,
From the description on Open SSL site, it is fixed in newer versions so could you update to the new version?
https://www.openssl.org/news/vulnerabilities.html
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
CVE-2014-0224: 5th June 2014
An attacker can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. (original advisory).
Reported by KIKUCHI Masashi (Lepidum Co. Ltd.).
Fixed in OpenSSL 1.0.1h (Affected 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)
Fixed in OpenSSL 1.0.0m (Affected 1.0.0l, 1.0.0k, 1.0.0j, 1.0.0i, 1.0.0g, 1.0.0f, 1.0.0e, 1.0.0d, 1.0.0c, 1.0.0b, 1.0.0a, 1.0.0)
Fixed in OpenSSL 0.9.8za (Affected 0.9.8y, 0.9.8x, 0.9.8w, 0.9.8v, 0.9.8u, 0.9.8t, 0.9.8s, 0.9.8r, 0.9.8q, 0.9.8p, 0.9.8o, 0.9.8n, 0.9.8m, 0.9.8l, 0.9.8k, 0.9.8j, 0.9.8i, 0.9.8h, 0.9.8g, 0.9.8f, 0.9.8e, 0.9.8d, 0.9.8c, 0.9.8b, 0.9.8a, 0.9.8)
If you have any feedback on our support, please send to [email protected] -
Bash bug CVE-2014-6271 patch availability?
Hi everyone, does anyone know if Oracle has released a patch for the bash bug? CVE-2014-6271 link below.
NVD - Detail
I'm looking for a patch on el5uek and el6uek I'm using: 2.6.39-400.126.1.el5uek, 2.6.39-400.21.1.el6uek.x86_64
thanks!Check the following:
[root@vm110 ~]# yum -y install yum-security
[root@vm110 ~]# yum list-security | grep bash
This system is not registered with ULN.
You can use up2date --register to register.
ULN support will be disabled.
ELSA-2014-1293 security bash-3.2-33.el5.1.x86_64
[root@vm110 ~]# yum info-security ELSA-2014-1293
Loaded plugins: rhnplugin, security
This system is not registered with ULN.
You can use up2date --register to register.
ULN support will be disabled.
===============================================================================
bash security update
===============================================================================
Update ID : ELSA-2014-1293
Release : Oracle Linux 5
Type : security
Status : final
Issued : 2014-09-24
CVEs : CVE-2014-6271
Description : [4.1.2-15.1]
: - Check for fishy environment
: Resolves: #1141645
Solution : This update is available via the Unbreakable Linux Network (ULN)
: and the Oracle Public Yum Server. Details on how
: to use ULN or http://public-yum.oracle.com to
: apply this update are available at
: http://linux.oracle.com/applying_updates.html.
Rights : Copyright 2014 Oracle, Inc.
Severity : Critical
info-security done
[root@vm110 ~]# yum -y install bash-3.2-33.el5.1
If you cannot see the above and do not pay for a subscription, make sure you have correct yum repository setup.
See Oracle Public Yum Server for details.
To install:
[root@vm110 ~]# yum -y install bash-3.2-33.el5.1 -
Bash bug CVE-2014-6271 patch availability for OL4?
Hi,
Kindly advise how to download the CVE-2014-7169 CVE-2014-6271 security patches for Oracle Linux 4?
Rgds;
ShirleyExactly the same way as you would for OL5, OL6 or OL7: either connect your machine to the Unbreakable Linux Network or public-yum.oracle.com and use the up2date tool to upgrade bash.
-
Are any versions of Firefox susceptable to Heartbleed bug CVE-2014-0160 ?
Do any versions of Firefox use OpenSSL?
if so, which versions of Firefox would be vulnerable to the Heartbleed bug CVE-2014-0160 that has recently been identified.
As covered in:
http://heartbleed.com/
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/An interesting article on the Heartbleed vulnerability and its probable extent
* http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/ -
Regarding CVE-2014-0510, the CVE only references 12.0.0.77; however, none of the updates since address this CVE. Is this vulnerability still outstanding in current versions?
Hi,
As far as I know, ir41_32.ax 4.51.16.3 for Intel Indeo Video 4.5 allows remote attackers to cause a denial of service (crash) via a crafted .avi file.
If you are not using the above version of Intel Indeo Video, then systems are not affected.
In addition, it is recommended to keep Windows machines fully patched.
More information for you:
Vulnerability Summary for CVE-2014-3735
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3735
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected] -
Schannel and TLS 1.x padding vulnerability (CVE-2014-8730)
Hi all,
Is the implementation of TLS by Microsoft Secure Channel (Schannel) (http://msdn.microsoft.com/en-us/library/windows/desktop/aa380123%28v=vs.85%29.aspx) affected by "CVE-2014-8730 TLS 1.x padding vulnerability"?
Please see the following links for more details about this vulnerability:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8730
https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls
Is there a confirmation from Microsoft that Schannel is not affected by this vulnerability?
Regards,
SanjayNo, Microsoft SChannell is not affected.Only F5 products are affected:
http://www.securityfocus.com/bid/71549
Vadims Podāns, aka PowerShell CryptoGuy
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new:
PowerShell File Checksum Integrity Verifier tool.
i know some Windows 2008 System which are affected?! Why?
Maybe you are looking for
-
I need more than the maximum allowed 30 profiles - how do I change this?
I need more than the maximum allowed 30 profiles - how do I change this? Once I reach 30 profiles and I try to add one - it just deletes one automatically thus only allowing a maximum of 30. Please help.
-
Write data to PLC register using datasockets
hello all... i have made some headway, i can access the PLC read data from it (1-10) and depending on the random # produced i get a message from a file and display it. Now...i need to write back to a register in the PLC with some informatio (string a
-
We have developed a NIO C/S server, the client side is pluged into Tomcat. We have encounted an out memory exception in tomcat, and dump the tomcat, and find NIO Client thread is blocked. Is the block normal? or its some bugs? "Thread-2862" daemon pr
-
Forefront 2010 for Exchange- SPAM mails block
Hi we have installed forefront 2010 in edge transport servers. we are getting SPAM mails from external and attachment are scanned successfully but mails are delivered to recipient. is there any way to stop the entire mails when attachment are detecte
-
How to really resize photos when exporting?
I need to cut and resize images to 170x170px and I am trying to do the job by using iPhoto 08. No problem for editing and cutting the photos, but when I use the Export command to resize them to 170x170 I see that only photos with a bigger pixel size