Monthly Archives: October 2015

Security

VM Detection Via Browsers

In three browser families researched (Edge, Internet Explorer and Firefox – all on Windows 7 or above), it is possible to extract the frequency of the Windows performance counter, using standard HTML and Javascript. With the Windows performance counter frequency, it is possible to remotely detect some virtual machines and to coarse-grain fingerprint physical machines.

VMWare

UPDATED VMSA-2015-0007.1 VMware vCenter and ESXi updates address critical security issues

------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID: VMSA-2015-0007.1
Synopsis:    VMware vCenter and ESXi updates address critical security
             issues

Issue date:  2015-10-01
Updated on:  2015-10-06
CVE number:  CVE-2015-5177 CVE-2015-2342 CVE-2015-1047
------------------------------------------------------------------------

1. Summary

   VMware vCenter and ESXi updates address critical security issues.


2. Relevant Releases

   VMware ESXi 5.5 without patch ESXi550-201509101
   VMware ESXi 5.1 without patch ESXi510-201510101
   VMware ESXi 5.0 without patch ESXi500-201510101

   VMware vCenter Server 6.0 prior to version 6.0 update 1
   VMware vCenter Server 5.5 prior to version 5.5 update 3
   VMware vCenter Server 5.1 prior to version 5.1 update u3b
   VMware vCenter Server 5.0 prior to version 5.0 update u3e


3. Problem Description

   a. VMWare ESXi OpenSLP Remote Code Execution

      VMware ESXi contains a double free flaw in OpenSLP's
      SLPDProcessMessage() function. Exploitation of this issue may
      allow an unauthenticated attacker to remotely execute code on
      the ESXi host.

      VMware would like to thank Qinghao Tang of QIHU 360 for reporting
      this issue to us.

      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the identifier CVE-2015-5177 to this issue.

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.

        VMware          Product  Running   Replace with/
        Product         Version  on        Apply Patch
        ====================  =======   =================
        ESXi            6.0       ESXi      not affected
        ESXi            5.5       ESXi      ESXi550-201509101 *
        ESXi            5.1       ESXi      ESXi510-201510101
        ESXi            5.0       ESXi      ESXi500-201510101

        * Customers who have installed the complete set of ESXi 5.5 U3
        Bulletins, please review VMware KB 2133118. KB 2133118 documents
        a known non-security issue and provides a solution.

   b. VMware vCenter Server JMX RMI Remote Code Execution

      VMware vCenter Server contains a remotely accessible JMX RMI
      service that is not securely configured. An unauthenticated remote
      attacker that is able to connect to the service may be able use it
      to execute arbitrary code on the vCenter server.

      VMware would like to thank Doug McLeod of 7 Elements Ltd and an
      anonymous researcher working through HP's Zero Day Initiative for
      reporting this issue to us.

      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the identifier CVE-2015-2342 to this issue.

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.

      VMware                        Product    Running   Replace with/
      Product                       Version    on        Apply Patch
      =============                 =======    =======   ===============
      VMware vCenter Server         6.0        Any       6.0 u1
      VMware vCenter Server         5.5        Any       5.5 u3
      VMware vCenter Server         5.1        Any       5.1 u3b
      VMware vCenter Server         5.0        Any       5.0 u3e

   c. VMware vCenter Server vpxd denial-of-service vulnerability

      VMware vCenter Server does not properly sanitize long heartbeat
      messages. Exploitation of this issue may allow an unauthenticated
      attacker to create a denial-of-service condition in the vpxd
      service.

      VMware would like to thank the Google Security Team for reporting
      this issue to us.

      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the identifier CVE-2015-1047 to this issue.

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.

      VMware                         Product    Running   Replace with/
      Product                        Version    on        Apply Patch
      =============                  =======    =======   ==============
      VMware vCenter Server          6.0        Any       not affected
      VMware vCenter Server          5.5        Any       5.5u2
      VMware vCenter Server          5.1        Any       5.1u3
      VMware vCenter Server          5.0        Any       5.0u3e


4. Solution

   Please review the patch/release notes for your product and version
   and verify the checksum of your downloaded file.

   ESXi
   --------------------------------
   Downloads:
   https://www.vmware.com/patchmgr/findPatch.portal

   Documentation:
   http://kb.vmware.com/kb/2110247
   http://kb.vmware.com/kb/2114875
   http://kb.vmware.com/kb/2120209

   vCenter Server
   --------------------------------
   Downloads and Documentation:
   https://www.vmware.com/go/download-vsphere


5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5177
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2342
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1047

   http://kb.vmware.com/kb/2133118

------------------------------------------------------------------------

6. Change log

   2015-10-06 VMSA-2015-0007.1
   Updated security advisory in conjunction with the release of ESXi 5.5
   U3a on 2015-10-06. Added a note to section 3.a to alert customers to
   a non-security issue in ESXi 5.5 U3 that is addressed in ESXi 5.5 U3a.

   2015-10-01 VMSA-2015-0007
   Initial security advisory in conjunction with ESXi 5.0, 5.1 patches
   and VMware vCenter Server 5.1 u3b, 5.0 u3e on 2015-10-01.


------------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

    security-announce at lists.vmware.com
    bugtraq at securityfocus.com
    fulldisclosure at seclists.org

   E-mail: security at vmware.com
   PGP key at: http://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   Consolidated list of VMware Security Advisories
   http://kb.vmware.com/kb/2078735

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2015 VMware Inc.  All rights reserved.
_______________________________________________
Security-announce mailing list
Security-announce-xEzmwC/hc7si8rCdYzckzA< at >public.gmane.org
http://lists.vmware.com/mailman/listinfo/security-announce
AVG

The dangers of geotagging via photos & social media

Did you know you could be unwillingly revealing your location via geotagging in photos you upload with social media applications?

AVG’s Michael McKinnon walks you through some things to be aware of when it comes to geotagging.

Did you know:

  1. Photos can contain location information stored in metadata (EXIF data) within the image itself.
  2. Location data can be automatically applied to your GPS enabled smartphone photos.
  3.  The location data usually includes the precise GPS co-ordinates of where the photo was taken, as well as the time and date it was captured.

Here are some ways to protect your privacy when it comes to geotagging on your mobiles device:

  • Disable location services on your mobile devices.
  • Remove EXIF data from images before uploading to social media networks or file sharing sites.
  • Be aware of location options in apps or online services and social media.

For more great tips on getting the most out of your devices, visit us at www.now.avg.com and follow us on twitter or Facebook.

Stay safe out there.

AVG

Addressing Cybersecurity for Small & Medium Businesses

Perspectives on cybersecurity continue to evolve as our level of ‘connectedness’ and awareness of potential threats increases. According to the U.S. Chamber of Commerce, many security experts believe there are two types of businesses, “…those that have been hacked and know it, and those that have been hacked and don’t know it yet.” While this overstates the situation a bit, it does highlight the urgency to address cybersecurity, even for small businesses. As the U.S. Chamber of Commerce suggests, the question isn’t if, it’s when.

Both Europe and the U.S. have designated October as cybersecurity month, highlighting the importance of this issue to business. One of the governmental organizations addressing the issue is the National Institute of Standards and Technology (NIST). NIST is currently in the revision phase of its report, Small Business Information Security: The Fundamentals, by Richard Kissel and Hyunjeong Moon. In partnership with the Small Business Administration and the FBI, NIST is one of the governmental organizations reaching out to the small business community and providing guidance on how to address cybersecurity.

Cybersecurity is not an all-or-nothing effort. NIST recognizes that the appropriate security measures may differ from company to company and that not every company will be able to implement every possible measure quickly. Nonetheless, they have classified a number of cybersecurity practices as ‘absolutely necessary’ and suggest that every small business adopts them to protect their information, systems and networks.

These practices include:

  1. Protecting information/systems/networks from damage by viruses, spyware, and other malicious code
  2. Protecting a company’s Internet connection
  3. Installing and activating software firewalls on all business systems
  4. Patching operating systems and applications
  5. Making backup copies of important business data/information
  6. Training employees in basic security principles

A great starting point for evaluating a businesses security status and potential risk is to use the “AVG Small Business Security Healthcheck” tool that AVG Business provides for free on our website. In just a few minutes a business can generate a cybersecurity profile that can be used internally, or with an IT solution provider that understands the company’s network and business practices, to ensure the right solutions are put in place.

In many cases, security experts will advise, as NIST has, that protecting against viruses and malware and installing firewalls are critical steps. This can be easily accomplished with software solutions including the just updated AVG AntiVirus and AVG Internet Security solutions from AVG Business. With exceptionally easy user interfaces and automated protection features, special knowledge isn’t required to provide protection across an entire business. Making sure that antivirus is in place and firewalls are working are the first and easiest steps a company can take.

Addressing cybersecurity for small and medium businesses has clearly risen to mission-critical status, but that doesn’t mean it has to impact a company’s resources, finances or operations. With a network of more than 10,000 partners, an active channel community, and software solutions that are continuously updated to address changing security needs, AVG Business is certain that every business can establish strong cybersecurity measures and worry less about potential threats. If your company hasn’t yet embarked on a cybersecurity plan, now is a good time to start.