MS14-066: Vulnerability in SChannel could allow remote code execution: November 11, 2014

Similar Messages

• Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)

  Can some one help me to download below Security patches which i am not able to download from MS Web site?
  Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)
  Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)

  Microsoft Releases KB3024777 Update to Fix Botched KB3004394 Patch
  http://news.softpedia.com/news/Microsoft-Releases-KB3024777-Update-to-Fix-Botched-KB3004394-Patch-46...
  Windows 7 Pro SP1 (64-bit), avast! V7 Free, MBAM Pro, Windows Firewall, EMET, OpenDNS Family Shield, IE9 & Firefox (both using WOT & KeyScrambler), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS, SAS (on-demand scanner), Secunia PSI.
  [I am experimenting with Sandboxie, and believe computer-users who sandbox are acting prudently.]

• What is happening about: The GNU Bourne Again Shell (Bash) is a command line utility widely used in many Unix-based operating systems including Linux and OS X.  Researchers have discovered a critical flaw in Bash which could allow remote code executi

  Authoritative advice today:
  The GNU Bourne Again Shell (Bash) is a command line utility widely used in many Unix-based operating systems including Linux and OS X.
  Researchers have discovered a critical flaw in Bash which could allow remote code execution by an unauthenticated user
  APPLE response?

  Also see:
  http://www.macrumors.com/2014/09/26/apple-os-x-users-safe-bash-flaw-update-soon/
  If you are not running a web server
  If you have not enabled CUPS web interface
  If you do not allow anonymous users to ssh into your Mac.
  If all are no, they you are not at risk.
  This IS a very serious bug for web servers, but the typical consumer Mac user is not at risk.

• Threat Feed say my ipad2 got threats, memory corruption vulnerability exist, which could lead to remote code execution. How to solve this problem?

  Threat Feed (McAfee) say my ipad2 got threats, memory corruption vulnerability exist,
  which could lead to remote code execution. How to solve this problem?

  You can't solve this problem yourself. You would need to wait for apple to release a "fix" or for McAfee to revise their judgement.
  If you're worried about the threats, don't do things that would expose yourself to the vulnerability that they describe.
  Since I can't see what you're looking at, I can't give you any other advice.

• False positive for 16800: TCP: GNU Bash Remote Code Execution Vulnerability

  Dear Team, 
  in my customer, one of banking in brunei want to access several finance website such as www.iifm.net etc. Tipping point IPS blokec to access the website with report as a 16800: TCP: GNU Bash Remote Code Execution Vulnerability ( Low Severity). The site is normal and legal website. Our question is the several website is needed to access by our employee due to the dailiy working. Please advice 
  Best Regards
  Yudi

  @yuibagan 
  ‎Thank you for using HP Support Forum. I have brought your issue to the appropriate team within HP. They will likely request information from you in order to look up your case details or product serial number. Please look for a private message from an identified HP contact. Additionally, keep in mind not to publicly post ( serial numbers and case details).
  If you are unfamiliar with the Forum's private messaging please click here to learn more.
  Thank you,
  Omar
  I Work for HP

• False positive for GNU Bash Remote Code Execution Vulnerabil​ity

  Dear Team, 
  in my customer, one of banking in brunei want to access several finance website such as www.iifm.net etc. Tipping point IPS blokec to access the website with report as a 16800: TCP: GNU Bash Remote Code Execution Vulnerability ( Low Severity). The site is normal and legal website. Our question is the several website is needed to access by our employee due to the dailiy working. Please advice 
  Best Regards
  Yudi

  Hello Yuibagan,
  This is the Consumer products forum.
  You need to be in the HP Enterprise Business Community for IT related issues for servers, etc.
  I think you will want to post this question in the Security section. Dont post the same question more than once as you did here.
  HP Networking
  You will also want to take a look at the Articles and updates explaining GNU Bash here:
  GNU Bash vulnerability "Shellshock" (CVE-2014-6271... - HP Enterprise Business Community
  HP Security Research: GNU Bash vulnerability "Shel... - HP Enterprise Business Community
  HP AppDefender and HP WebInspect updates: GNU Bash... - HP Enterprise Business Community
  HPSR Software Security Content 2014 Update 3 - HP Enterprise Business Community
  Good luck

• PHP-Remote Code Execution

  Hi Experts,
  My IPS has been reporting "PHP-Remote Code Execution" attack on one of our webserver for a while now. Each time the attackers IP address keeps changing. I created an object-group and access-list to deny the object-group on my firewall and i keep adding the attacker's IPs to the group, however i keep recieving new "PHP-Remote Code Execution" attacks. My IPS is in promiscous mode and i have auto signature update enabled.
  IPS has reported "packet denied by global correlation in some case. Like i said, IPS is in promiscous mode. Signature: 2271/0 and CVE-2012-1823
  Apart from making sure the webservers have the right security patches, What else should i be doing?. Do not want to miss anything out?

  cactus wrote:mhakali. I applaud your attention to security.
  However, it is generally not well received to post the same thing in multiple categories..
  Yes. Please do not cross-post: http://bbs.archlinux.org/viewtopic.php?p=205922
  Use the above  thread for discussion.
  Locking.

• Adobe Acrobat Reader Crafted PDF Document Remote Code Execution

  Hi all,
  I was wondering if Adobe can clarify when "CVE-2012-4363 Adobe Acrobat Reader Crafted PDF Document Remote Code Execution" will be fixed?
  It's been a pretty long time since this issue was reported.
  With kind regards,
  Erik Verhoef
  The Netherlands

  i was also given the Knowledge Base number 405461 from adobe, and they said that this would definitely fix the problem...AND IT DIDN'T :-(
  see kb405461
  http://kb.adobe.com/selfservice/view...nalId=kb405461
  and just to let everyone know, i have already completely uninstalled adobe reader and reinstalled it several times thinking that fresh install would cure the problem, and it hasn't made a bit of difference. the version of reader doesn't matter either, as i've tried versions 7, 8 and 9... all with the same exact issue...which makes me think that it might be an issue with MS IE6.

• CSCus68798 - ISE is vulnerable to CVE-2015-0235 Linux Ghost remote code execution

  First time trying to follow a specific CVE in Real-Time...
  I see this CVE-2015-0235 GHOST hack is applicable to ISE and Prime Infrastructure... but I haven't seen any patch status update since yesterday.
  CSA says "Obtaining Fixed Software
  Cisco has released free software updates that address the vulnerability described in this advisory."
  Yet, when I check the (2) products' download pages, the newest software I see is from Jan 23 and Jan 6, respectively. The exploit was published on Jan 27. So, where are the patches?

  The team that found the exploit, Qualys Security Advisory, documented that "the most stable and long-term-support distributions were left exposed (and still are): Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04, for example."  See the link below for the full report:
  https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
  I'm assuming this is affecting all versions of UC appliances running these OS's (and possibly more that aren't used in the example?).  Anyone know how to determine what products are vulnerable to this?

• [security] php 5.2.0 update (remote code execution)

  Hi!
  I just throw together an updated PHP package for those of you who want to patch your web servers against the advisory released yesterday.
  The package is available here:
  http://adiza.nexticom.net/files/package … pkg.tar.gz
  The advisory is available here:
  http://www.frsirt.com/english/advisories/2006/4317
  Note that it is without IMAP and ODBC support since i did not have these packages installed.
  Greets.

  cactus wrote:mhakali. I applaud your attention to security.
  However, it is generally not well received to post the same thing in multiple categories..
  Yes. Please do not cross-post: http://bbs.archlinux.org/viewtopic.php?p=205922
  Use the above  thread for discussion.
  Locking.

• A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (p

  A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that
  the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)(Microsoft SQL Server, Error: 2)
  The system cannot find the file specified
  Cannot connect to COWBOYS.
  Here are the technical details===================================
  A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider:
  Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (.Net SqlClient Data Provider)
  For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=2&LinkId=20476
  Error Number: 2
  Severity: 20
  State: 0
  Program Location:
     at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
     at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
     at System.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, Boolean withFailover)
     at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover)
     at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer
  timeout)
     at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance)
     at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance,
  SqlConnectionString userConnectionOptions, SessionData reconnectSessionData)
     at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)
     at System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup, DbConnectionOptions userOptions)
     at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)
     at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
     at System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
     at System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry)
     at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry)
     at System.Data.SqlClient.SqlConnection.Open()
     at Microsoft.SqlServer.Management.SqlStudio.Explorer.ObjectExplorerService.ValidateConnection(UIConnectionInfo ci, IServerType server)
     at Microsoft.SqlServer.Management.UI.ConnectionDlg.Connector.ConnectionThreadUser()
  ===================================
  The system cannot find the file specified
  I have tried from so many forms. This is so frustrating. Thank for everyone/anyone who wants to help. So this is what happened: I had to uninstall my previous sqlserver 2012(which worked great) for some reason, and I uninstalled everything from that download.
  Then I installed the trial edition of sql server 2012 (64 Bit) and It wouldn't connect to the database. (Error mentioned above.) My local DB is COWBOYS. (COWBOYS is also my computer name.) After this, I have tried downloading sqlexpress and sqlserver 64bit
  many times and cannot connect to my local DB. 
  How do I connect to my Local DB? 
  Also, I think this might help: (When I run sqlserve.exe, which I was able to find in C:\Program Files\Microsoft SQL Server\110\LocalDB\Binn, I get an error: Your SQL server installation is either corrupt or has been tampered with(Error getting
  instance ID from name). Please uninstall then re-run setup to correct this problem.
  I would happily re install it, if it wasn't my 20th time.
  I don't have any remote connections, I don't use username/password, only window authentication. I work mostly on visual studio, but without able to store /retrieve data, I don't know how to survive.
  May be the solution is very simple, but I am too frustrated. 
  Some of the things I have tried:
  From a command prompt, enter one of the following commands:
  net start "SQL Server Agent (MSSQLSERVER)" OR 
  net start "SQL Server Agent(instancename)"(for instance)
  on my sql configuration, I cannot start anything because there is nothing there to start. I can post more details, if that would help. Also, some more details about the error:
  Details
  Product:
  SQL Server
  ID:
  2
  Source:
  MSSQLServer
  Version:
  10.0
  Component:
  SQLEngine
  Message:
  An error has occurred while establishing a connection to the server. When connecting to SQL Server, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error:
  40 - Could not open a connection to SQL Server) (.Net SqlClient Data Provider)
  Explanation
  SQL Server did not respond to the client request because the server is probably not started.
  User Action
  Make sure that the server is started.
  Version:
  9.0
  Component:
  SQLEngine
  Message:
  An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error:
  40 - Could not open a connection to SQL Server) (.Net SqlClient Data Provider)
  Explanation
  SQL Server did not respond to the client request because the server is probably not started.
  User Action
  Make sure that the server is started.
  Any one that can help me, I will be greatful. Thank you so much. p.s. please ask me anything if you have any questions.

  It sounds like there are a couple things going on here.  First check if you have a successful install of SQL Server, then we'll figure out the connection issues.
  Can you launch SQL Server Configuration Manager and check for SQL Server (MSSQLSERVER) if default instance or SQL Server (other name) if you've configured your instance as a named instance.  Once you find this, make sure the service is started. 
  If not started, try to start it and see if it throws an error.  If you get an error, post the error message your hitting.  If the service starts, you can then launch SSMS and try to connect.  If you have a default instance, you can use the machine
  name in the connection dialog.  Ex:  "COWBOYS" where Cowboys is the machine name.  However, if you named the SQL Server instance during install, you'll need to connect using the machine\instance format.  Ex:  COWBOYS\Romo (where Romo
  is the instance name you set during install).
  You can also look at the summary.txt file in the SQL Server setup error logs to see what happened on the most recent install.  Past install history is archived in the log folder if you need to dig those up to help troubleshoot, but the most
  recent one may help get to the bottom of it if there is an issue with setup detecting a prior instance that needs to be repaired.
  Thanks,
  Sam Lester (MSFT)
  http://blogs.msdn.com/b/samlester
  This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click
  "Mark as Answer" and
  "Vote as Helpful" on posts that help you. This can be beneficial to other community members reading the thread.

• After restoring SharePoint farm backup ( The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connection)

  Hi,
  I have taken farm back and restore it in new UAT environment, while access to the main site getting the below error: 
  Error  
  An unexpected error has occurred. 
  Troubleshoot issues with Microsoft SharePoint Foundation. 
  Correlation ID: 866476f3-23dd-4e1e-97af-bffc62cc2d57 
  Date and Time: 7/15/2014 11:26:35 AM 
  When i checked in log i got below error
  System.Data.SqlClient.SqlException: A network-related or instance-specific
  error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40
  - Could not open a connection to SQL Server)    at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)     at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
  stateObj)     at System.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecu... 
  Thanks in advance
  Said Al Balushi

  Hi Wendy,
  i have checked all below points, every thing is fine but still i am getting the same error.
  Check SQL services are runing
  Check remote conenctions are enabled
  Check SQL Browser service is runing
  Check TCP/IP protocal enabled at SQL server
  Check out windows firewall setting
  Thanks,
  Said
   

• SQL server 2005 does not allow remote connnections error: 40 w/Synch Manage

  I have a local server for B1 that I need to synch to a hosted Webserver.  When I go to Synch Manager, I can't connect to the webtools on the hosted webserver even when I enter the IP address (which the firewall has been updated to allow).
  When I try to connect is says "an error has occured while establishing connection to the server.  when connecting to SQL server 2005 , this failure may be caused by the fact that under the default settings  SQL server does not allow remote connections.  [provider: named pipes provider, error:40.  could not open connection to SQL server.
  I'm not a firewall or Infrastucture expert so I need assistance.
  any help would be greatly appreciated!
  Heidi

  turned out we just needed to turn on remote connections and named pipes for SQL.

• An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider,

  An error has occurred while establishing a connection to the server.  When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider,
  error: 40 - Could not open a connection to SQL Server)

  An error has occurred while establishing a connection to the server.  When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named
  Pipes Provider, error: 40 - Could not open a connection to SQL Server)
  Hello,
  Make sure your SQL Server service is started.
  Make sure TCP\IP and names pipes protocol is enabled
  Make sure you have made an exception in firewall for SQL Server connection
  Make sure SQL Server browser service is enabled
  Make sure you connect with correct name hostname\instance name for named instance,MSSQLSERVER for default instance and Hotname\SQLEXPRESS for express edition.
  Please make sure you use port no when connecting to SQL server listeing on different port (hostname\instance ,portno)
  http://blogs.msdn.com/sql_protocols/archive/2006/09/30/SQL-Server-2005-Remote-Connectivity-Issue-TroubleShooting.aspx
  Hope this helps
  Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers

• Unable to allow remote control and deny transfer files in RM

  Hi, we're running ZCM 11 SP1 and I have a question about assiging rights to non-Helpdesk users for remote control only for user application support. It looks like if I deny transfer files that the button for remote control automatically changes from allow to deny. I couldn't find anything in the forums, KB, or docs to see if this is working as intended or a bug of some sort? If intended, do you know why remote control and transfer files go together, just curious? In ConsoleOne versions of remote management we had always limited non-Helpdesk remote operators and were hoping to do exactly the same with ZCM11. Thanks.

  Originally Posted by spond
  Newellt,
  I can't see why it would be necessary, I suggest you open a Service
  Request and complain!
  Shaun Pond
  Was there ever a workaround for this? I'm seeing the same behavior in 11.2.3 and we have a need to block file transfer but allow remote management.