Home > Uncategorized > Security News #0x85

Security News #0x85

    • There is a new Metasploit module to exploit Adobe Flash player. Currently the module is restricted to only Internet Explorer on Windows 7 running Adobe Flash player 16.0.0.235. The underlying vulnerability is CVE 2015-0138 which is reported to impact Adobe Flash player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux. The post from Project Zero at Google on this issue is well worth reading.
    • There is a new Metasploit module to exploit Adobe Flash player. (Is there an echo here?) This module works on Windows 7 SP1 (32 bits), IE 8 to IE 11 and Flash 16.0.0.287, 16.0.0.257 and 16.0.0.235. Here the underlying vulnerability is CVE 2015-0311.
    • Older versions of Windows were vulnerable to an attack that exploited how Windows handles shortcut files; there is an existing and a new Metasploit module to attack the problem; the vulnerability is CVE 2010-2568 and was patched in MS 10-046. Mostly. It turns out that the patch does not quite solve the problem, and there are two new Metasploit modules that are able to exploit the issue, even if MS10-046 is installed on Server 2003 SP2, or if MS14-027 is installed on Server 2008 SP2. (Sigh). The underlying vulnerability is now named CVE 2015-0096 and it was patched in MS15-020.
    • If you want to see how Red Team approached the pacific regional CCDC event this past weekend, take a look at the blog from LockBoxx.
    • Would you like to learn more pivoting using SSH and/or Meterpreter? Take a look at the post from Arr0way.
    • If you are a student looking at different ways to maintain persistence on a Windows system, you might want to take a look at the approach of blakhal0, who uses Windows scheduled tasks.
    • RIP Terry Pratchett.

      +++ Divide By Cucumber Error. Please Reinstall Universe And Reboot +++
      — (Terry Pratchett, Hogfather)

Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: