21 апр. 2011 г.

Итак, компанию RSA взломали через уязвимость Microsoft Excel + Adobe Flash (на английском интересней описание)- в принципе модный способ взлома безопасных компаний. Достаточно сложный и изощренный, мало кто из обычных компаний был готов к такому, RSA тоже оказалась не готова. Обновлять софт никто не успевает - слишком быстро там находят дырки и слишком быстро пищут эксплойты. Системы предотвращения атак использовать начнут, но сколько должно быть компаний сломано до этого? Страшно представить...

Кстати говоря, сработает ли IPS против этой атаки? ДА! Чтобы остановить эту атаку нужно лишь чтобы сработал фильтр номер 10920 'SMTP: Malicious Adobe Shockwave Flash Player File Download' который отвечает в HP TippingPoint IPS за CVE-2011-0609

http://threatlinq.tippingpoint.com/blog/?p=1997

On March 14, 2011 Adobe Systems Incorporated released a notification related to the existence of a critical vulnerability in its Adobe Flash Player 10.2.152.33. The vulnerability in question also had certain implications on other, earlier versions of the tool. A complete list of the versions of the Adobe tool and corresponding operating systems affected can be seen below:

• Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
• Adobe Flash Player 10.2.154.18 and earlier for Chrome users
• Adobe Flash Player 10.1.106.16 and earlier for Android
• The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.
The resultant condition associated with this vulnerability (CVE-2011-0609) may result in application / system crashes or allow for an attacker to seize control of an affected system. Reports of this vulnerability having been exploited in the wild have been noted as part of targeted attacks via a Flash (.swf) file embedded within a Microsoft Excel (.xls) file that is delivered to its targeted as an email attachment. While the team at Adobe Systems Incorporated works to finalize its fix for this vulnerability we wanted to ensure that our customer base was aware that HP DVLabs is working on a filter to address it. Our intent is to release the filter Thursday March 17, 2011 barring no unforeseen quality assurance (QA) issues. We encourage you to continue visiting this blog for information regarding this vulnerability and filter. We encourage you to monitor the following blog for the latest on Adobe Systems Incorporate vulnerability information.

Комментариев нет:

Отправить комментарий