Security advisory for ASA

Similar Messages

• Upgrade to Photoshop Elements 10 - Security Advisory for PSE 8 and earlier

  https://www.adobe.com/support/security/advisories/apsa11-03.html
  Based on the aforementioned advisory, those of you using Photoshop Elements 8, or earlier, should probably upgrade to v10 (or at least 9). Although it has been stated that, "Adobe is not aware of any attacks exploiting these vulnerabilities against Adobe Photoshop Elements to date", it seems silly to run software that contains one or more known critical vulnerabilities and Adobe is NOT going to fix the issue since PSE 8 and earlier versions are no longer supported. Nice of Adobe not to bother fixing a vulnerability in one of their software products when the version involved is only ~2 years old (PSE 8) but the mentality appears to be one designed to virtually force users to pay for upgrades every year or two. FWIW.....

  I admit that it is rather strange that they just issued that advisory when they probably knew about it when pse 8 was stiil being sold.
  Since pse 8 shares much of the code of cs4, look at the date on this advisory for cs4 and yes adobe doesn't have a good track
  record about updating photoshop elements and that is kinda bothersome.
  http://www.adobe.com/support/security/bulletins/apsb10-13.html
  MTSTUNER

• What is the recommended action in response to Adobe's 6-4-10 security advisory for Flash Player?

  Adobe security advisory: http://www.adobe.com/support/security/advisories/apsa10-01.html
  "A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems..."
  Is the Flashblock 1.5.13 addon capable of preventing this vulnerability? I hesitate to install this because of the recent poor user reviews.
  Any suggestions or advice are appreciated. Thank you.

  Hi Bill.
  Flashblock will block Flash objects from running unless you explicitly allow them. I used to use Flashblock but I haven't in quite some time. So, yes, it will do the job. I only see one double-posted bad review for Flashblock. The average rating is still 5 stars.
  Instead I use [https://addons.mozilla.org/en-US/firefox/addon/722 NoScript], which blocks Flash, other plugins, and all page scripts unless explicitly allowed by you. It might be overkill to deal with this vulnerability.
  You could disable the Flash plugin until you are sure you are on a safe site that needs it, such as YouTube, in Tools -> Add-ons -> Plugins.
  You could also try the [http://labs.adobe.com/technologies/flashplayer10/ pre-release of Flash 10.1], which, according to Adobe, does not seem to be vulnerable. Make sure to follow instructions to uninstall any previous Flash version before installing 10.1. I have been using it without problems for awhile.
  You may be fine as long as you avoid unfamiliar sites. Once a malicious site is reported, Firefox will block it with the built in attack site and phishing site protection.

• Recommended port-security settings for ASA HA failover

  I have a pair of ASA 5510s configured in active/standby mode. I have already configured the failover settings on the firewalls. Both firewalls are connected to a 2960G. I made a change to the interfaces on the 2960 to allow 2 mac addresses on each port. Here is the switch port config:
  interface GigabitEthernet0/8
  description ASA-Primary-Out
  switchport access vlan 200
  switchport mode access
  switchport port-security maximum 2
  switchport port-security
  switchport port-security aging time 2
  switchport port-security violation restrict
  switchport port-security aging type inactivity
  ip arp inspection limit rate 500
  no cdp enable
  spanning-tree portfast
  spanning-tree bpduguard enable
  Upon testing failover via the failover active command, I get port-security errors on the outside interface for each device:
  %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address aaaa.bbbb.cccc on port GigabitEthernet0/8. After a few minutes, the error goes away and I can then connect to each firewall. It seems that it still waits for the aging time to expire before allowing the other MAC address. Shouldn't the "maximum 2" setting allow for both mac addresses?
  I'd rather not have to hardcode the firewall's MAC addresses on each switchport because I could see this causing problems for us down the road. Is there anything else that can be done?

  Hello,
  This is expected because of the way ASA failover works. When a failover event occurs, the 2 units will swap their IP and MAC addresses (i.e. the Active unit is always using the same IP and MAC, but this role changes between the 2 physical units).
  Per the port-security config guide:
  http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_25_fx/configuration/guide/swtrafc.html#wp1090391
  "...if a station with a secure MAC address configured or learned on one secure port attempts to access another secure port, a violation is flagged."
  Since the MAC address moves to the other switchport when the failover happens, a violation is being logged.
  -Mike

• Security advisory APSB08-19

  Adobe has released security advisory for Adobe products, which included the reader.
  http://www.adobe.com/support/security/bulletins/apsb08-19.html
  I'm unclear by presented wording in the bulletin. What does the "...and earlier versions..." means exactly? Earlier versions of 8.1.2, ie. 8.1.1, 8.1.0 or all earlier version starting at 8.1.1, and including 7.x.x, 6.x.x, etc...?

  This was already discussed in yesterday's thread http://www.adobeforums.com/webx/.59b6ef1e/

• Security Advisory 2982792 - Available for SCCM?

  Does anyone know if the update for Security Advisory 2982792 (Digital Cert Spoofing) is going to be available in SCCM?
  Orange County District Attorney

  https://technet.microsoft.com/en-us/library/security/2982792
  Recommendation. An automatic updater of revoked certificates is included in supported editions of Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012, and Windows Server 2012 R2, and for devices running
  Windows Phone 8 or Windows Phone 8.1. For these operating systems or devices, customers do not need to take any action because the CTL will be updated automatically.
  For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2 that are using the automatic updater of revoked certificates (see
  Microsoft Knowledge Base Article 2677070 for details), customers do not need to take any action because the CTL will be updated automatically.
  https://support.microsoft.com/kb/2982792
  Prerequisites
  In order to receive this update, you may have to have one or both of the following updates installed:
  2677070       (http://support.microsoft.com/kb/2677070/            
  An automatic updater of revoked certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 
  2813430      (http://support.microsoft.com/kb/2813430/            
  An update is available that enables administrators to update trusted and disallowed CTLs in disconnected environments in Windows
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Cisco Security Advisory: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

  Hello Experts,
  I need to rule out that we have affected openSSL version 1.0.1 running on our devices. I need to know what is the version of openSSL that is current on the following platforms:
  Cisco PIX
  Cisco FWSM
  Cisco ISR
  Cisco VPN Concentrator
  I know ASA runs 0.9.8f and I know that PIX and Concentrator are very old, and they might run an older version, however for a security assessment I need to rule those out too.
  Does anyone know what is the version for these platforms?
  Thanks in advance.

  The definitive source is and will continue to be the Cisco Security Advisory. It has already been updated several times today. Please keep checking back to it at the following URL:
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
  That said, the Pix and VPN Concentrator development and code release ended prior to the release of openssl with the vulnerability so I would hazard an educated guess that you won't have any problems with respect to this particular vulnerability. THAT said, if you're concerned about security vulnerabilities why are you running products with associated code that has not had other documented bugs and vulnerabilities patched for at least several years?
  The ISR G2 will almost certainly depend on the IOS level and whether you are using any of the ssl-related features.

• Security Advisory (How to apply)

  I have a ?.  I checked the latest Security Advisory registry fix and noticed that the registry root involved is HKEY_CURRENT_USER.  I checked the registry and saw the key in the account I applied the fix, but not in other accounts.  My question is "Do I need to merge this key with each account I use Adobe Reader on?".

  Hi Ankit
  when you implemented this Note in DEV system and also deleted the report manually, it did ask for access key, both for develper access key and the object change access key, right ?
  Now, the thing is that, when the access keys are requested form marketplace to change any object in SAP system, those are requested as per 'Installation Number'. In other words, when you utilized the access key to change or delete that object/report in system DEV, then that access key was not particular to the DEV system but it was particular to the 'Installation number' of your SAP system i.e. DEV system.
  now, since you want this change/transport into QA/PRD systems of the landscape, it doesn't need you to delete the report again manually or you can say it doesn't require the 'access key' again because the 'installation number' normally same throughout the landscape and the object is already changed once as per the installation number !
  So, you can implement the Note in QA/PRD just by importing the transport.
  I hope this clears your doubt.
  Bhudev

• Creating syslog report on a separate server for ASA 5555-x

  hello all,
  how do we create syslog report for ASA to dump in a separate physical server?
  thanks

  Hello,
  You mean send syslog messages to an external dabatase
  If thats the case it should be
  logging enable
  logging server name_if IP_address
  logging trap 7
  For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com
  Any question contact me at [email protected]
  Cheers,
  Julio Carvajal Segura

• Microsoft Security Advisory (979267) on Flash Player 9

  Someone plaease answer this.
  We are currently using Adobe Flash player 9 on Windows XP operating system. We would like to know if Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP, could Allow Remote Code Execution mentioned in Microsoft Security Advisory (979267), is resolved in Flash Player 9? For more details on vulnerability please refer "Microsoft Security Advisory (979267)".
  Since we have security related issue with this please consider this call at high priority.
  ~
  Satu28

  Updated:
  Flash player 10.2.159.1
  Uninstall the old: http://download.macromedia.com/pub/flashplayer/current/uninstall_flash_player.exe
  Install the new for IE: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
  Plugin for other browsers: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe
  ThinkPad: T530 / X1 Gen 2 / Helix - Yoga: Tablet 2 Pro (Win) / Yoga 3 Pro
  If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
  Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.
  Microsoft MVP - Consumer Security
  SpywareHammer

• I need help configuring a connection with asdm 5.2 for asa

  Hi All
  I am very much a novice with asdm 5.2 for asa and I urgently need to configure a connection but don’t know how to. I have 2 domains at work and someone is trying to connect their sql client from their pc in one domain to the sql server in the other domain (DMZ).
  When he tries to connect he gets the error
  Cant connect to MySql Server at "IP Address" (10060)
  He is trying to connect on port 3306. Could anyone please give me any tips on how i can resolve this quickly? I know i am
  trying a shortcut on this one but I recently started a new job and thrown in the deep end here and need to learn this asdm 5.2 for asa product from scratch with nothing more than the manual that come with the cd . My Cisco knowledge is from 2001 when i did half of a ccna course.
  Any help would be greatly appreciated

  Hi,
  I'm not a security specialist but here is how I had it set up at home:
  Essentially a NAT and a rule forwarding the port are needed. In this particular case I had an Oracle server running and a person requested remote access. So, for example, the source address was his external IP and the destination was the Oracle's external IP. For the NAT the source was the internal IP of the Oracle server and the interface was Outside.
  Hope this points you in the right direction.

• Microsoft Security Advisory 2963983

  https://technet.microsoft.com/library/security/2963983
  I called MS today not sure i had the right department, but the gentleman didn't know what I was referencing does anyone know of a site to get up to date information of this issue and when MS plans on releasing a patch?
  Also were advising everyone to disable the Adobe flash in internet explorer Add-on's, anything else that we can do to remedy this is greatly valued.
  Thank you,

  Summary:
  For more information on these and other remediation options, please see
  Security Advisory 2963983.  Additional information on this limited, targeted attack can be found on the
  MSRC blog. 
  IE is widely recognized as the most secure browser against socially-engineered malware, the most common form of attack, blocking 99.9% of malware in a
  recent NSS Labs test. 
  We encourage you to consider upgrading to the latest version of IE for improved security features such as Enhanced Protected Mode, better backward compatibility through
  Enterprise Mode, increased performance, and support for the modern web standards that run today’s websites and services.
  On April 26, 2014, Microsoft released a
  Security Advisory (2963983) to notify customers of a vulnerability in IE.  At this time we are aware of limited, targeted attacks.  We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is
  finalized.
  Guidance on suggested mitigations:
  Our investigation has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in IE10 and IE11, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview, could help protect against this potential
  risk.  We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalized.
  The Enhanced Mitigation Experience Toolkit 4.1: (EMET)
  helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder to exploit.  EMET 4.1 is supported by Microsoft, and is automatically configured to help protect Internet Explorer.  EMET
  can also be configured using Group Policy.  For more information, see
  Microsoft Knowledge Base Article 2458544.
  More details:
  Deploy the Enhanced Mitigation Experience Toolkit 4.1
  Pros:  Blocks potential exploits of this vulnerability
  Cons:  May be incompatible with some web apps
  Enable Enhanced Protected Mode
  Pros: Blocks potential exploits of this vulnerability
  Cons:  May be incompatible with some web apps; not available on 32-bit Windows 7
  Businesses who have upgraded to IE11 or IE10 can enable
  Enhanced Protected Mode
  (EPM) for additional security protection.   On Windows 8 and Windows 8.1, EPM is enabled by default for the modern, immersive browsing experience.  Customers using the touch-friendly IE11 browser on Windows tablets, for example, are already
  using EPM and may not be susceptible to this and similar attacks.   
  Enhanced Protected Mode can be enabled and managed through Group Policy.  To manually enable EPM in IE, perform the following steps:
  On the IE Tools menu, click Internet Options.
  In the Internet Options dialog box, click the Advanced tab, and then scroll down to the Security section of the settings list.
  Ensure the checkboxes next to Enable Enhanced Protected Mode and Enable 64-bit processes for Enhanced Protected Mode (for 64-bit systems) are selected.
  Click OK to accept the changes and return to IE.
  Restart your system.
  While Enhanced Protected Mode provides significant additional protection, it may not be compatible with some add-ons and enterprise web apps.  Also, while EPM is available for
  64-bit Windows 7, it is not an option for 32-bit Windows 7 installations. 
   Unregister VGX.DLL
  Pros:  Relatively simple workaround
  Cons:  May not protect against other exploits
  Known attacks currently take advantage of VGX.DLL, which provides support for Vector Markup Language (VML).  VML is not natively supported by most web browsers today,
  so this remediation option may have the least impact on enterprise web app compatibility. 
  To unregister VGX.DLL:
  Click Start, click Run, and type "%SystemRoot%\System32\regsvr32.exe" /u /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
  After an update has been released and installed, you can re-register VGX.DLL with:  "%SystemRoot%\System32\regsvr32.exe" /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
  These commands can be issued as batch files via Microsoft System Center Configuration Manager or other infrastructure management solutions. 
  Rob^_^

• Cisco Security Advisory: Access Point Memory Exhaustion from ARP Attacks

  I recieved this Cisco Advisory e-mail today. I have 1200 access points that I upgraded yesterday to 12.3(7)JA2, in which this problem was corrected. In the advisory it states to upgrade to this software release and to make a configuration change on each radio interface. I made this change on Dot11Radio0 interface and it took. I have 2 more interfaces ( Dot11Radio0.2 and Dot11Radio0.75) in which I get an error when I try to make this configuration change. I don't quite understand these interfaces, so I would like to know if I really need to make this change on the other 2 interfaces or is making the change on the 1st one enough. Any information is certainly appreciated. Thanks, Laurie Coles

  Since you have subinterfaces configured, you are apparently using
  VLANs on your APs. The ARP table is only relevant for the VLAN
  with the management IF, that is the native VLAN.
  For all other VLANs it's simply bridging, therefore no ARP table,
  and therefore this vulnerability doesn't apply here.
  So your only concern should be the native VLAN, and unless you
  need wireless access for managing your APs the best way for
  securing this would be to not configure a SSID for this VLAN.
  Then the only access to the AP would be over the Ethernet-IF.
  The security advisory is more important for APs configured
  without VLANs where wireless clients and the management IF
  of the AP are in the same (W)LAN.

• Microsoft security Advisory 2028859

  A serious security flaw has been found in Windows 7 systems running Aero.Untill microsoft releases a security patch users can disable the Aero theme to  prevent the issue from being exploited.
  To disable Windows Aero by changing the theme, perform the following steps for each user on a system:
  Click Start, select the Control Panel, and then click on Appearance and Personalization.
  Under the Personalization category, click on Change the Theme.
  Scroll to the bottom of the listed themes and select one of the available Basic and High Contrast Themes.
  For further information go through the below given link 
  http://www.microsoft.com/technet/security/advisory/2028859.mspx
  The above mentioned vulnerability only affects Windows 7 and Windows server 2008 R2 users.
  Cheers and regards,
  • » νιנαｿѕαяα∂нι ѕαмανє∂αм ™ « •
  ●๋•کáŕádhí'ک díáŕý ツ
  I am a volunteer here. I don't work for Lenovo

  Here is more information on Microsoft security advisory 2269637, mitigating it from Cisco devices:
  Vulnerability alert: http://tools.cisco.com/security/center/viewAlert.x?alertId=21268
  Mitigation buletin: http://tools.cisco.com/security/center/viewAlert.x?alertId=22317
  All security related advisories for cisco can be found from the Cisco SIO (Security Intelligence Operations):
  http://tools.cisco.com/security/center/home.x
  Hope that helps.

• Microsoft Security Advisory (2269637)

  Microsoft Security Advisory (2269637)
  Insecure Library Loading Could Allow Remote Code  Execution
  This  vulnerability came out in August and is there a signature that will cover this in the ips and if not is there an idea if one is being reviewed?

  Here is more information on Microsoft security advisory 2269637, mitigating it from Cisco devices:
  Vulnerability alert: http://tools.cisco.com/security/center/viewAlert.x?alertId=21268
  Mitigation buletin: http://tools.cisco.com/security/center/viewAlert.x?alertId=22317
  All security related advisories for cisco can be found from the Cisco SIO (Security Intelligence Operations):
  http://tools.cisco.com/security/center/home.x
  Hope that helps.