Security update available for Adobe Flash (10.0.32.18)

Summary [1]
Critical vulnerabilities have been identified in the current versions of Adobe Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.
We expect to provide an update for Adobe Reader and Acrobat v9.1.2 for Windows, Macintosh and UNIX by July 31, 2009. This bulletin will be updated to reflect their availability on that date. (The update for Adobe Flash Player v9 and v10 for Solaris is still pending.)
Adobe recommends users of Adobe Flash Player 9.x and 10.x and earlier versions update to Adobe Flash Player 9.0.246.0 and 10.0.32.18. Adobe recommends users of Adobe AIR version 1.5.1 and earlier versions update to Adobe AIR 1.5.2.

Severity rating:
Critical (Remote Code Execution)

Solution:
Update to Flash 10.0.32.18 from http://www.adobe.com/go/getflashplayer

[1] Security updates available for Adobe Flash Player (2009-Jul-30) [Adobe]

CRP09-038

System Administrator Appreciation Day

It’s *that* time of year again;

July 31, 2009 (Last Friday Of July)
10th Annual
System Administrator Appreciation Day

Friday, July 31, 2009, is the 10th annual System Administrator Appreciation Day. On this special international day, give your System Administrator something that shows that you truly appreciate their hard work and dedication. (All day Friday, 24 hours, your local timezone).

Let’s face it, System Administrators get no respect 364 days a year. This is the day that all fellow System Administrators across the globe, will be showered with expensive sports cars and large piles of cash in appreciation of their diligent work. But seriously, we are asking for a nice token gift and some public acknowledgement. It’s the least you could do.

Consider all the daunting tasks and long hours (weekends too.) Let’s be honest, sometimes we don’t know our System Administrators as well as they know us. Remember this is one day to recognize your System Administrator for their workplace contributions and to promote professional excellence. Thank them for all the things they do for you and your business.

http://www.sysadminday.com/

Security update available for Shockwave Player (11.5.1.601)

Summary [1]
Adobe Shockwave Player 11.5.0.600 and earlier versions on Windows leverages a vulnerable version of the Microsoft Active Template Library (ATL) described in Microsoft Security Advisory (973882). This vulnerability could allow an attacker who successfully exploits the vulnerability to take control of the affected system. Adobe has provided a solution for the reported vulnerability. It is recommended that users update their installations using the instructions provided below. …

Severity rating:
Critical (Remote Code Execution)

Solution:
Update to Shockwave v11.5.1.601 from http://get.adobe.com/shockwave/

LINKS:
[1] Security update available for Shockwave Player (2009-Jul-28) [Adobe]
[2] Microsoft Security Bulletin MS09-035 – Moderate (2009-Jul-28) [MS]

CRP09-037

Collingwood Papal Succession?

After each voting session, ballots are burned. If the vote is inconclusive, a chemical substance is added to the paper to produce black smoke. Billowing from the roof of the Vatican Palace, the smoke is a message to the crowds watching in St. Peter’s Square that the church is still without a pope.
…
When the college eventually reaches the final decision, each cardinal lowers a purple canopy over his chair, leaving the elected Pope’s canopy folded. The final ballots are burned and their white smoke signals a successful election.
– A Papal Succession Primer

The Silver Top Taxi headquarters fire started with heavy black smoke which changes to plumes of white smoke …

… just as Collingwood signed coach Mick Malthouse and former club captain Nathan Buckley to revolutionary five-year deals.

Coincidence or a signal to the faithful?

This weeks links (2009-07-27)

Skype to close?

eBay says it may have to shut down Skype due to a licensing dispute with the founders of the internet telephony service.
The surprise admission puts a cloud over the 40 million active daily users around the world who use Skype for business or to keep in touch with friends and far-flung relatives.
– Shock threat to shut Skype(2009-Jul-31) [The Age]

Hmmm, coffee!

“You have as many words for Espresso as Eskimos do for snow”
– “Friend Roast” (2009-Jul-30) [dieselsweeties]

Melbourne University job slash …

MELBOURNE University will slash 220 full-time academic and administrative staff because its financial position has taken a battering in the economic crisis.
In an email to staff, vice-chancellor Glyn Davis said the crisis had devastated investment returns and a so-called ‘‘economic response program’’ would result in 50 academic and 50 administrative staff taking voluntary redundancies.
Another 120 jobs would go in restrictions on contract renewal, a freeze on hiring, and attrition. …
– Battered Melbourne Uni slashes 220 jobs (2009-Jul-29) [The Age]

Vice-chancellor Glyn Davis said today Melbourne was looking at a number of measures to reel in costs, including a freeze on hiring, about 100 voluntary redundancies as part of a 3 per cent cut in staff costs, a clamp on travel, and a $10,000 incentive for staff to take early retirement.
– Financial rout forces University of Melbourne to slash staff (2009-Jul-29) [The Australian]

Glyn Davis memo, Melbourne University (2009-Jul-29) [The Australian] – the full memo by Melbourne University’s vice-chancellor, Glyn Davis, detailing his economic response package.

Vice-Chancellor Glyn Davis says the job losses have been forced by a $30 million fall in the university’s investments, because of the global downturn.
He says the university budget is in surplus and the cost cutting will ensure it remains in the black.
– Melbourne Uni to axe 220 jobs (2009-Jul-29) [ABC News]

humanities?

Australian universities need to do much more to fulfil their most important role: teaching students to think for themselves.
…When I was an undergraduate at the University of Melbourne in the 1960s, my teachers still had time to talk to their students, either in their offices or in the cafeteria or at the pub. Tutorials were limited to 12 students. Today they are often twice that size, making it almost impossible for every student to contribute. Without those conversations, in class and out, I doubt that I would have gone into philosophy. Today’s Australian university teachers are under far more pressure, not only to teach more students, but also to publish more papers, and to write more time-consuming applications for research grants that they don’t really want, but which, if successful, will somehow demonstrate the value of their research. (When I tell my colleagues at the University of Melbourne that no one at Princeton tells me I should be applying for research grants, I see the envy in their eyes.) …
– Peter Singer (2009-Jul-27) [The Age]
We must nurture the humanities

Quick Links
Pictured: The record-breaking kayaker who risked life and limb in a 186ft waterfall drop (2009-Jul-27) [The Daily Mail]

Microsoft Security – Two out-of-band security bulletins (Jul-2009)

Microsoft has notified us of two out-of-band security bulletins with a target release for 10:00 AM Pacific Time next Tuesday, 2009-Jul-28 {4:00 am – AEST (ACT, NSW, Queensland, Tasmania, Victoria)}. This will be only the third Microsoft out-of-band security patch in the past few years.

Microsoft Security Bulletin Advance Notification for July 2009 [1]
Microsoft Security Bulletin Advance Notification issued: July 24, 2009
Microsoft Security Bulletins to be issued: July 28, 2009
This is an advance notification of two out-of-band security bulletins that Microsoft is intending to release on July 28, 2009. One bulletin will be for the Microsoft Visual Studio product line; application developers should be aware of updates available affecting certain types of applications. The second bulletin contains defense-in-depth changes to Internet Explorer to address attack vectors related to the Visual Studio bulletin, as well as fixes for unrelated vulnerabilities that are rated Critical. Customers who are up to date on their security updates are protected from known attacks related to this out-of-band release. …

1.) Internet Explorer (Microsoft Windows, Internet Explorer) – Critical (Remote Code Execution)
2.) Visual Studio (Visual Studio) – Moderate (Remote Code Execution)

Both bulletins are listed as requiring a restart.

Bulletin	KB number	Description	Severity	Impact	Software
MS09-034	972260	Cumulative Security Update for Internet Explorer	Remote Code Execution	Critical	Microsoft Windows, Internet Explorer
MS09-035	969706	Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution	Remote Code Execution	Moderate	Microsoft Visual Studio

Microsoft has released two Out of Band (OOB) bulletins and one advisory. The security advisory (973882) relates to issues discovered in Microsoft’s Active Template Library (ATL), which is included in Visual Studio. The first bulletin (MS09-035) describes how ATL is used, and some of the code within it that can lead to memory corruption information disclosure, and creation of object instances disregarding set security policy. A number of third party software packages will also have to be updated to reflect this change. The second bulletin (MS09-034) is a defense in depth mitigation for potential bypass of ActiveX killbits, commonly used to mitigate other vulnerabilities. Apply this patch ASAP. The impact of a user viewing an evil web page is arbitrary code execution. [4]

PATCH NOW:
NOW: MS09-036

LINKS:
[1] Microsoft Security Bulletin Advance Notification for July 2009 (2009-Jul-24) [MS]
[2] Advance Notification for July 2009 Out-of-Band Releases (2009-Jul-24) [MS:MSRC]
[3] Microsoft Out of Band Patch (2009-Jul-24) [SANS]
—
[4] MS released two OOB bulletins and an advisory (2009-Jul-28) [SANS]
[5] Microsoft Security Bulletin Summary for July 2009 udated (2009-Jul-28) [MS]
[6] Microsoft Security Advisory 973882, Microsoft Security Bulletins MS09-034 and MS09-035 Released (2009-Jul-28) [MS: MSRC]

CRP09-036

Zero-day in Adobe Flash player

A quick heads up about this one. It is in the wild, no patch, and low antivirus vendor detection.
If you see a machine misbehaving after opening an external Acrobat file, update the AV and scan.
(McAfee DAT5684 (2009.07.22) detects it as “New Malware.x”)

YA0D (Yet Another 0-Day) in Adobe Flash player [1]
… First, several AV companies reported that they detected this 0-day exploit in PDF files, so at first it looked like an Adobe Reader vulnerability. However, the vulnerable component is actually the Flash player or, better said, the code used by the Flash player which is obviously shared with Adobe Reader/Acrobat. This increases the number of vectors for this attack: the malicious Flash file can be embedded in PDF documents which will cause Adobe Reader to execute it OR it can be used to exploit the Flash player directly, making it a drive-by attack as well. …

Update: 24-Jul-09
Adobe Product Security Incident Response Team (PSIRT) advice;

We are in the process of developing a fix for the issue, and expect to provide an update for Flash Player v9 and v10 for Windows, Macintosh, and Linux by July 30, 2009 (the date for Flash Player v9 and v10 for Solaris is still pending). We expect to provide an update for Adobe Reader and Acrobat v9.1.2 for Windows, Macintosh, and UNIX by July 31, 2009.

Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat v9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF that contains SWF content. Depending on the product, the authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll or C:\Program Files\Adobe\Acrobat 9.0]\Acrobat\authplay.dll. Windows Vista users should consider enabling UAC (User Access Control) to mitigate the impact of a potential exploit. Flash Player users should exercise caution in browsing untrusted websites. Adobe is in contact with Antivirus and Security vendors regarding the issue and recommend users keep their anti-virus definitions up to date.

LINKS:
[1] YA0D (Yet Another 0-Day) in Adobe Flash player (2009-Jul-22) [SANS]
[2] Update on Adobe Reader, Acrobat and Flash Player Issue (2009-Jul-23) [Adobe PSIRT]

Jens Voigt Crash – Tour de France ‘09 – Stage 16

Good to hear Jens Voight, who crashed at the TDF today is in good shape. Only concussion, stitches and broken cheek. Watching the broadcast last night it looked like Jens may have suffered more extensive injuries.

Jens Voigt Crash Tour de France ‘09 Stage 16

It was horrifying to see Voigt crash out of this Tour de France on Tuesday, not only because he is smart and honest and loyal and funny and tireless, but also because it happened in a place where he is usually in his element, flying down a mountainside on a mission.
– Jens Voigt is the conscience of cycling (2009-Jul-21) [sports.espn]

Get well soon Jens, your are a legend and the rest of the mountain stages of this years tour will not be the same.

Jens Voigt of the CSC pro cycling team—the hardest working, most ass-kicking man in the peloton. Will this stuff make you faster? We make no guarantees, but next time you’re going up that 15% climb and want to quit, ask yourself: “What would Jens do?”

Firefox 3.0.12

Mozilla released Firefox 3.0.12 on July 21, 2009
Firefox 3.0.12 fixes several issues found in Firefox 3.0.11: fixed several security issues, fixed several stability issues.

Fixed in Firefox 3.0.12 [1]
MFSA 2009-40 Multiple cross origin wrapper bypasses
MFSA 2009-39 setTimeout loses XPCNativeWrappers
MFSA 2009-37 Crash and remote code execution using watch and __defineSetter__ on SVG element
MFSA 2009-36 Heap/integer overflows in font glyph rendering libraries
MFSA 2009-35 Crash and remote code execution during Flash player unloading
MFSA 2009-34 Crashes with evidence of memory corruption (rv:1.9.1/1.9.0.12)

Vulnerability ratings: 5 Critical, 1 High
Evaluation: Update now

Firefox 3.0.x will be maintained with security and stability updates until January, 2010. All users are encouraged to upgrade to Firefox 3.5 by downloading it from http://firefox.com/ or by selecting “Check for Updates…” from the Help menu when using Firefox 3.0.12. [4]

[1] Fixed in Firefox 3.0.12 [Mozilla]
[2] Mozilla Firefox 3.0.12 Release Notes [Mozilla]
[3] You’ve been updated to the latest version of Firefox. [Mozilla]
[4] Firefox 3.0.12 is Available (2009-Jul-22) [SANS]

CRP09-35

40th Anniversary of Moon Landing

LINKS:
[1] Apollo 11 anniversary Radio and TV Guide [ABC]
[2] Land on the Moon in Google Earth [Google]