A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 22.214.171.124 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. The vulnerability allows an attacker to send booby-trapped content to a browser’s Flash plug-in that may cause the browser to crash, and will also hand over control to the hacker in the process. This type of exploit is known as Remote Code Execution (RCE) or drive-by-download or drive-by-install and is a common method of malware installation.
Adobe recommends users update their installs to the newest version. Please see the following for more information on affected versions and solutions:
It is recommended that Flash is kept up to date and that users utilize their browser’s click-to-play function (a/k/a ask to activate), so Flash content does not run without a user realizing it. For more information on how to activate this for your browser(s), please see:
To read the Adobe Security Advisory, please see:
Trend Micro has found two critical flaws (heap corruption remote code execution vulnerabilities) in Apple’s PC version of QuickTime that could allow hackers to take over computers. Rather than putting out a fix, Apple recently advised that it will no longer support QuickTime for Windows, and provided the following instructions for removal:
The U.S. Computer Readiness Team (US-CERT) has advised users to remove QuickTime for Windows from their PC’s. Users of QuickTime on Apple OS do not need to do anything.
Clients of NYU IT Desktop Services will have this taken care of for them. Department or School System Administrators will need to perform similar steps if they run Active Directory, or will need to advise clients to remove QuickTime manually. For home computers, or if you’re in a department that does not have local support, you can follow the instructions from Apple, above.
For more information on the vulnerabilities please see:
http://zerodayinitiative.com/advisories/ZDI-16-241/ & http://zerodayinitiative.com/advisories/ZDI-16-242/
For additional information, please see:
Badlock is a recently-announced security bug in Windows and Samba. Though few details have been released, it is thought to affect Server Message Block (SMB), the protocol used to read and write files over a local network. Please note that machines running Linux and OS X may provide services through Samba. Staff that administer those systems should check the full release info tomorrow for more details.
Patches will be released tomorrow by 17:00 UTC. Microsoft typically releases patches at this time, on “Patch Tuesdays”, so Microsoft’s patches will likely be available. For typical desktop/laptop users, just make sure that you allow the patch to be applied as normal, and allow the machine to reboot.
For admins running systems that use Samba for SMB shares, patches will be available for Samba 4.4, Samba 4.3, and Samba 4.2. It is recommended that Samba users upgrade to version 4.4.0. Samba 4.1 and below are discontinued, and are not eligible for security fixes. However, some vendors may backport patches.
For more information, please see:
To watch the SANS video of the month for expert tips on creating strong passphrases/passwords, using two factor authentication, and keeping your passwords safe, please visit:
*Please note that this video will only be available to view during April 2016.