[Nolug] Fwd: TA15-119A: Top 30 Targeted High Risk Vulnerabilities

From: Joey Kelly <joey_at_joeykelly.net>
Date: Wed, 29 Apr 2015 10:33:09 -0500
Message-ID: <5540F9B5.7060409@joeykelly.net>

FYI

--Joey

-------- Forwarded Message --------
Subject: TA15-119A: Top 30 Targeted High Risk Vulnerabilities
Date: Wed, 29 Apr 2015 10:08:51 -0500
From: US-CERT <US-CERT@ncas.us-cert.gov>
Reply-To: US-CERT@ncas.us-cert.gov
To: joey@joeykelly.net

TA15-119A: Top 30 Targeted High Risk Vulnerabilities

NCCIC / US-CERT

National Cyber Awareness System:

TA15-119A: Top 30 Targeted High Risk Vulnerabilities
<https://www.us-cert.gov/ncas/alerts/TA15-119A>
04/29/2015 12:00 AM EDT

Original release date: April 29, 2015

       Systems Affected

Systems running unpatched software from Adobe, Microsoft, Oracle, or
OpenSSL.

       Overview

Cyber threat actors continue to exploit unpatched software to conduct
attacks against critical infrastructure organizations. As many as 85
percent of targeted attacks are preventable [1]
<http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/tp-strtgs-eng.aspx>.

This Alert provides information on the 30 most commonly exploited
vulnerabilities used in these attacks, along with prevention and
mitigation recommendations.

It is based on analysis completed by the Canadian Cyber Incident
Response Centre (CCIRC) and was developed in collaboration with our
partners from Canada, New Zealand, the United Kingdom, and the
Australian Cyber Security Centre.

       Description

Unpatched vulnerabilities allow malicious actors entry points into a
network. A set of vulnerabilities are consistently targeted in observed
attacks.

       Impact

A successful network intrusion can have severe impacts, particularly if
the compromise becomes public and sensitive information is exposed.
Possible impacts include:

   * Temporary or permanent loss of sensitive or proprietary information,
   * Disruption to regular operations,
   * Financial losses relating to restoring systems and files, and
   * Potential harm to an organization’s reputation.

       Solution

       _Maintain up-to-date software._

The attack vectors frequently used by malicious actors such as email
attachments, compromised “watering hole” websites, and other tools often
rely on taking advantage of unpatched vulnerabilities found in widely
used software applications. Patching is the process of repairing
vulnerabilities found in these software components.

It is necessary for all organizations to establish a strong ongoing
patch management process to ensure the proper preventive measures are
taken against potential threats. The longer a system remains unpatched,
the longer it is vulnerable to being compromised. Once a patch has been
publicly released, the underlying vulnerability can be reverse
engineered by malicious actors in order to create an exploit. This
process has been documented to take anywhere from 24-hours to four days.
Timely patching is one of the lowest cost yet most effective steps an
organization can take to minimize its exposure to the threats facing its
network.

       _Patch commonly exploited vulnerabilities._

Executives should ensure their organization’s information security
professionals have patched the following software vulnerabilities.
Please see patching information for version specifics.

*Microsoft*

*CVE*

        

*Affected Products*

        

*Patching Information*

*​*CVE-2006-3227
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3227> ​
Internet Explorer ​Microsoft Malware Protection Encyclopedia Entry
<http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Exploit:HTML/Expascii.gen#tab=1>

CVE-2008-2244
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2244>

        

Office Word

        

Microsoft Security Bulletin MS08-042
<https://technet.microsoft.com/library/security/ms08-042>

CVE-2009-3129
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3129>

        

Office
Office for Mac
Open XML File Format Converter for Mac
Office Excel Viewer
Excel
Office Compatibility Pack for Word, Excel, and PowerPoint

        

Microsoft Security Bulletin MS09-067
<https://technet.microsoft.com/en-us/library/security/MS09-067>

​CVE-2009-3674
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3674> ​
Internet Explorer ​Microsoft Security Bulletin MS09-072
<https://technet.microsoft.com/library/security/ms09-072>
CVE-2010-0806​
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0806> ​
Internet Explorer ​Microsoft Security Bulletin MS10-018
<https://technet.microsoft.com/library/security/ms10-018>

CVE-2010-3333
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3333>

        

Office
Office for Mac
Open XML File Format Converter for Mac

        

Microsoft Security Bulletin MS10-087
<https://technet.microsoft.com/library/security/ms10-087>

CVE-2011-0101
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0101>

        

Excel

        
<https://technet.microsoft.com/library/security/ms11-021>

Microsoft Security Bulletin MS11-021
<https://technet.microsoft.com/library/security/ms11-021>

CVE-2012-0158
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0158>

        

Office
SQL Server
BizTalk Server
Commerce Server
Visual FoxPro
Visual Basic

        

Microsoft Security Bulletin MS12-027
<https://technet.microsoft.com/en-us/library/security/MS12-027>

CVE-2012-1856
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1856>

        

Office
SQL Server
Commerce Server
Host Integration Server
Visual FoxPro Visual Basic

        

Microsoft Security Bulletin MS12-060
<https://technet.microsoft.com/en-us/library/security/MS12-060>

​CVE-2012-4792
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4792> ​
Internet Explorer ​Microsoft Security Bulletin MS13-008
<https://technet.microsoft.com/en-us/library/security/MS13-008>
CVE-2013-0074
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0074>​ ​
Silverlight and Developer Runtime ​Microsoft Security Bulletin MS13-022
<https://technet.microsoft.com/en-us/library/security/MS13-022>
CVE-2013-1347
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1347> ​
Internet Explorer ​Microsoft Security Bulletin MS13-038
<https://technet.microsoft.com/en-us/library/security/MS13-038>
CVE-2014-0322​
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0322> ​​
Internet Explorer ​Microsoft Security Bulletin MS14-012
<https://technet.microsoft.com/library/security/ms14-012>

CVE-2014-1761
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1761>

        

Microsoft Word
Office Word Viewer
Office Compatibility Pack
Office for Mac
Word Automation Services on SharePoint Server
Office Web Apps
Office Web Apps Server

        
Microsoft Security Bulletin MS14-017
<https://technet.microsoft.com/library/security/ms14-017>
​CVE-2014-1776
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1776> ​
Internet Explorer ​Microsoft Security Bulletin MS14-021
<https://technet.microsoft.com/en-us/library/security/MS14-021>
CVE-2014-4114
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4114>
        ​Windows ​Microsoft Security Bulletin MS14-060
<https://technet.microsoft.com/library/security/ms14-060>

*Oracle*

*CVE*

        

*Affected Products*

        

*Patching Information*

CVE-2012-1723
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1723>

        

Java Development Kit, SDK, and JRE

        
Oracle Java SE Critical Patch Update Advisory - June 2012
<http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html>

CVE-2013-2465
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2465>

        

Java Development Kit and JRE

        

Oracle Java SE Critical Patch Update Advisory - June 2013
<http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html>

*Adobe*

*CVE*

        

*Affected Products*

        

*Patching Information*

​CVE-2009-3953
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3953>
Reader
Acrobat ​
        Adobe Security Bulletin APSB10-02​
<http://www.adobe.com/support/security/bulletins/apsb10-02.html>
​CVE-2010-0188
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0188>
​Reader
Acrobat
        ​Adobe Security Bulletin APSB10-07
<http://www.adobe.com/support/security/bulletins/apsb10-07.html>
​CVE-2010-2883
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2883>
Reader
Acrobat ​
        ​Adobe Security Bulletin APSB10-21
<http://www.adobe.com/support/security/bulletins/apsb10-21.html>
​CVE-2011-0611
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0611>
​Flash Player
AIR
Reader
Acrobat
        
Adobe Security Bulletin APSB11-07
<http://www.adobe.com/support/security/bulletins/apsb11-07.html>
Adobe Security Bulletin APSB11-08​
<http://www.adobe.com/support/security/bulletins/apsb11-07.html>
​CVE-2011-2462
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2462>
Reader
Acrobat ​
        ​Adobe Security Bulletin APSB11-30
<http://www.adobe.com/support/security/bulletins/apsb11-30.html>
​CVE-2013-0625
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0625>
ColdFusion​ ​Adobe Security Bulletin APSB13-03
<http://www.adobe.com/support/security/bulletins/apsb13-03.html>
​CVE-2013-0632
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0632> ​
ColdFusion ​Adobe Security Bulletin APSB13-03
<http://www.adobe.com/support/security/bulletins/apsb13-03.html>
​CVE-2013-2729
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2729>
​Reader
Acrobat
        ​Adobe Security Bulletin APSB13-15
<http://www.adobe.com/support/security/bulletins/apsb13-15.html>
​CVE-2013-3336
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3336> ​
ColdFusion ​Adobe Security Bulletin APSB13-13
<http://www.adobe.com/support/security/bulletins/apsb13-13.html>
​CVE-2013-5326
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5326>
        ​ColdFusion ​Adobe Security Bulletin APSB13-27
<http://www.adobe.com/support/security/bulletins/apsb13-27.html>

CVE-2014-0564
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0564>

        

Flash Player
AIR
AIR SDK & Compiler

        

Adobe Security Bulletin APSB14-22
<https://helpx.adobe.com/security/products/flash-player/apsb14-22.html>

*OpenSSL*

*CVE*

        

*Affected Product*

        

*Patching Information*

CVE-2014-0160
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160>

        

OpenSSL

        

CERT Vulnerability Note VU#720951 <http://www.kb.cert.org/vuls/id/720951>

       _Implement the following four mitigation strategies._

As part of a comprehensive security strategy, network administrators
should implement the following four mitigation strategies, which can
help prevent targeted cyber attacks.

*Ranking*

        

*Mitigation Strategy*

        

*Rationale*

1

        

Use *application whitelisting* to help prevent malicious software and
unapproved programs from running.

        

Application whitelisting is one of the best security strategies as it
allows only specified programs to run, while blocking all others,
including malicious software.

2

        

*Patch applications* such as Java, PDF viewers, Flash, web browsers and
Microsoft Office.

        

Vulnerable applications and operating systems are the target of most
attacks. Ensuring these are patched with the latest updates greatly
reduces the number of exploitable entry points available to an attacker.

3

        

*Patch operating system* vulnerabilities.

4

        

*Restrict administrative privileges* to operating systems and
applications based on user duties.

        

Restricting these privileges may prevent malware from running or limit
its capability to spread through the network.

It is recommended that users review US-CERT Security Tip (ST13-003)
<https://www.us-cert.gov/ncas/tips/ST13-003> and CCIRC’s Mitigation
Guidelines for Advanced Persistent Threats
<http://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2011/tr11-002-eng.aspx> for

additional background information and to assist in the detection of,
response to, and recovery from malicious activity linked to advance
persistent threats [2
<http://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2011/tr11-002-eng.aspx>,
3 <https://www.us-cert.gov/ncas/tips/ST13-003>].

       References

   * [1] Canadian Cyber Incident Response Centre, Top 4 Strategies to
     Mitigate Targeted Cyber Intrusions
 
<http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/tp-strtgs-eng.aspx>
   * [2] Canadian Cyber Incident Response Centre, TR11-002, Mitigation
     Guidelines for Advanced Persistent Threats
 
<http://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2011/tr11-002-eng.aspx>
   * [3] US-CERT Security Tip (ST13-003): Handling Destructive Malware
     <https://www.us-cert.gov/ncas/tips/ST13-003>

       Revision History

   * April 29, 2015: Initial release

------------------------------------------------------------------------

This product is provided subject to this Notification
<http://www.us-cert.gov/privacy/notification> and this Privacy & Use
<http://www.us-cert.gov/privacy/> policy.

------------------------------------------------------------------------
OTHER RESOURCES:
Contact Us <http://www.us-cert.gov/contact-us/> | Security Publications
<http://www.us-cert.gov/security-publications> | Alerts and Tips
<http://www.us-cert.gov/ncas> | Related Resources
<http://www.us-cert.gov/related-resources>

STAY CONNECTED:
Sign up for email updates
<http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new>

SUBSCRIBER SERVICES:
Manage Preferences
<http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true>
  |
Unsubscribe
<https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.60fe4bc19c5c3cf84380256e09ea6a67&destination=joey@joeykelly.net>
  |
Help <https://subscriberhelp.govdelivery.com/>

------------------------------------------------------------------------
This email was sent to joey@joeykelly.net using GovDelivery, on behalf
of: United States Computer Emergency Readiness Team (US-CERT) · 245
Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870 Powered
by GovDelivery <http://www.govdelivery.com/portals/powered-by>

___________________
Nolug mailing list
nolug@nolug.org
Received on 04/29/15

This archive was generated by hypermail 2.2.0 : 05/05/15 CDT