Security News #0x30
- If you want to see a more detailed analysis of CVE 2012-4792, the most recent Internet Explorer vulnerability (and who wouldn’t?), check out the analysis of exodusintel. Microsoft has issued a fix-it for the vulnerability, and it is expected that the underlying problem will be patched on January 8. Don’t let the fix-it lull you into a false sense of security though; the folks at exodusintel say that they can bypass the fix-it and still exploit the vulnerability, an this has been added to the existing Metasploit module. The EMET looks to protect against this exploit; we also mention the analysis of Adam Swanger.
- There is a vulnerability in Ruby on Rails (CVE 2012-5664) that allows for SQL injection at the language level, at least in some specialized circumstances. The original announcement of the problem is from Aaron Patterson, and news got picked up by Threatpost. The situation though is somewhat complex though; this is a vulnerability in certain dynamic finder methods. The folks at Phusion have a nice analysis of what is an is not vulnerable.
- TurkTrust, a Turkish CA apparently accidentally released fraudulent certificates for Google websites. These certificates are being revoked.
- The folks at Penetration Testing Lab have a nice piece on post-exploitation techniques on a Linux system in Metasploit.
- I had not seen this method of avoiding UAC calls before; it is definitely something I need to try! In a nutshell, create the task you want to run, export it to XML, modify the logon type to S4U, and then export it back as a task.