Monthly Archives: September 2014

AVG

How to switch to AVG antivirus

Leave a comment

Sometimes changing your security software can seem like a daunting and complicated task, especially if you’re not familiar with removing programs from your computer. There are many things to remember and check. It doesn’t always need to be complicated though, if you want to protect your Windows PC with AVG’s award winning security software, there are just a few steps you need to take to make sure it goes to plan.

Follow these five tips to help you avoid any complications when switching to AVG’s security software and have a hassle free experience:

Check your system specifications:

With any installation, you should check that your PC meets the minimum requirements for the software. This will ensure that it is compatible with your machine and that you have enough space and power to run it properly.

Action: You can find AVG’s requirements here: What are AVG system requirements and supported operating systems.

 

Ensure your system is up to date:

Security software can make alterations to your operating system, so it’s important to check that you are running the most current version of Windows. This will help prevent issues when AVG has to make changes to any system files.

Action:  Visit the Microsoft Windows Update page to make sure that you are running the most up to date version of Windows.

 

Remove other security software:

Before installing AVG security software, it’s important to check that you have removed any existing protection. It’s quite common for multiple installations of security software to conflict as they can both alter you system at the same time and also degrade performance.

Action: If you are having difficulty removing any existing security software, check out this How to remove conflicting anti-virus products article.

 

Check you are logged in as Administrator:

In order for AVG to install properly, it needs to be done by the system administrator. This will ensure that the AVG installer has access to all the files necessary for it to complete successfully.

Action: Read this How to check if I’m using an administrative account article to sure you are logged into Windows as an Administrator.

 

Install the latest version of AVG:

Whether you are reinstalling AVG or installing it for the first time, it is important to check that you are installing the latest version of our security software.

Action: For instructions on how to install the latest version of AVG, visit the How to download and install AVG article.

Tip: If you happen to experience any issues during installation, please refer to the article What to do when AVG installation is failing for help. 

Microsft

MS14-046 – Important: Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625) – Version: 1.2

Leave a comment

Severity Rating: Important
Revision Note: V1.2 (September 19, 2014): Updated the Known Issues entry in the Knowledge Base Article section from “None” to “Yes”.
Summary: This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow security feature bypass if a user visits a specially crafted website. In a web-browsing attack scenario, an attacker who successfully exploited this vulnerability could bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code.

Avira

Fixing bugs is hard – Rosetta Flash is back

Leave a comment

software is a long chain

 Software is like a very long chain, made of millions of links.

a link of the chainIt’s more or less impossible to check all links individually in detail. a weak linkSome links are weaker than others and make the whole chain vulnerable.
But they’re needles in a huge haystack.

a vulnerability in the chainWhen a vulnerability is found, it’s critical to fix it. CORRECTLY.

patching a vulnerabilitySo, a patch is created…

Of course, you need to apply the patch to keep your software secure! But most people don’t, choosing instead the “Remind me later” option — unaware that they are leaving themselves open to security holes exploitable by malware writers.

Releasing a patch highlights weaknesses

Once the patch is available, the weak link is now highlighted: it now stands out from the millions of other links in the chain.

Whether the vulnerability is documented or not, whether the patch is documented or not, it’s possible to reverse-engineer the patch and see the changes (there are several advanced tools for that). By checking out the changes, one can determine what is actually fixed rather than what should be theoretically prevented to fail.

a new vulnerabilityBy looking closely where the patch was applied, it’s possible that a related and smaller vulnerability which is still not fixed might be easy to find, thanks to the information provided by the patch.

That is, when comparing the changes introduced by the patch, it’s possible to quickly find what was fixed, and by doing this discover a new vulnerability that is still not fixed. And since patches are usually released once a month, it gives a person an easier 0-day, that could stay unpatched for a complete month!

Fixing bugs is hard

We can see the difficulties of releasing a patch: it has to be done fast, reliably, but it also has to cover more than the initial descriptions or test cases.

In a previous blog entry, we looked at how crafting an Adobe Flash file made of alphanumeric characters enabled an attack on many websites. The initial Proof Of Concept only used 0-9A-Za-z characters.

It's actually possible to make a Flash file only made of printable characters.

It’s actually possible to make a Flash file only made of printable characters.

This is what the patched fixed: checking if the flash file is made entirely of these characters.

However, the risk is more significant than the initial PoC: with the same technique it’s easy to craft a file just by letting it finish with another character ‘(‘. Just changing this last character bypasses the filter implemented by the official patch! This new vulnerability remained unpatched for a whole month (8th July -> 12th August) !

Another CVE was assigned to this new vulnerability, which is now patched, but this shows that releasing a patch is a double-edged sword: you give the defenders a new protection layer, but you also highlight a — previously — weak area for the attackers. Fixing bugs is hard.

Here is small chronology

  1. 8th July: the original Rosetta Flash PoC (made only of alphanumeric characters) is public, along with the patch and announcment (CVE-2014-4671).
  2. The patch is not enough! Just by letting the PoC end with “(” the filter is bypassed. This is way too weak.
  3. 12th August: the 2nd patch is released (CVE-2014-5333).

The post Fixing bugs is hard – Rosetta Flash is back appeared first on Avira Blog.

Security

Apple Foundation NSXMLParser XML eXternal Entity (XXE)

Leave a comment

In May 2014, VSR identified a vulnerability in versions 7.0 and 7.1 of the iOS SDK whereby the NSXMLParser class, resolves XML External Entities by default despite documentation which indicates otherwise. In addition, settings to change the behavior of XML External Entity resolution appears to be non-functional. This vulnerability, commonly known as XXE (XML eXternal Entities) attacks could allow for an attacker’s ability to use the XML parser to carry out attacks ranging from network port scanning, information disclosure, denial of service, and potentially to carry out remote file retrieval. Further review also revealed that the Foundation Framework used in OS X 10.9.x is also vulnerable.

Security

Asterisk Project Security Advisory – AST-2014-010

Leave a comment

Asterisk Project Security Advisory – When an out of call message – delivered by either the SIP or PJSIP channel driver or the XMPP stack – is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the ReceiveFax dialplan application while using the res_fax_spandsp module. Note that this crash does not occur when using the res_fax_digium module. While this crash technically occurs due to a configuration issue, as attempting to receive a fax from a channel driver that only contains textual information will never succeed, the likelihood of having it occur is sufficiently high as to warrant this advisory.

Security

Asterisk Project Security Advisory – AST-2014-009

Leave a comment

Asterisk Project Security Advisory – It is possible to trigger a crash in Asterisk by sending a SIP SUBSCRIBE request with unexpected mixes of headers for a given event package. The crash occurs because Asterisk allocates data of one type at one layer and then interprets the data as a separate type at a different layer. The crash requires that the SUBSCRIBE be sent from a configured endpoint, and the SUBSCRIBE must pass any authentication that has been configured. Note that this crash is Asterisk’s PJSIP-based res_pjsip_pubsub module and not in the old chan_sip module.