Keep patching. Especially if you use Internet Explorer and Adobe PDF reader

 In ITC's Threat of the Week

It may seem to you that we protest too much about patching, and patching Internet Explorer specifically, but it would be negligent of us to stop beating this particular drum.

This week was ‘Patch Tuesday’ week and Microsoft patched no fewer than 59 (got to love a prime number) vulnerabilities in Internet Explorer, the majority of which are rated as critical: https://technet.microsoft.com/en-us/library/security/MS14-035

Given the amount of patches that have been released for IE, it looks like they should probably be addressing the root cause (dev security standards and compliance maybe?)  and considering ripping it up and rewriting the browser from the ground up. Then we woke up.

If you really have to use IE, it is imperative that you implement these patches which of course will not be updated to XP if you are mental or adventurous enough to still be sailing the old ship.

We did see this interesting hack for XP which persuades Microsoft into thinking the system is running Windows Embedded POSReady 2009, a variant of XP that’s used by ATMs and cash registers and will therefore be updated:

http://www.zdnet.com/registry-hack-enables-continued-updates-for-windows-xp-7000029851/

Maybe you are running XP (32 bit only) and want to give the above hack a go? Let us know the outcome if you do and we will arrange some counselling with one of our therapists.

In other patching news, a very clever developer (Claes Spett, security researcher at SecRecon) has released a tool which enables you to craft pdf files embedded with your very own nastiness (URLs which will be automatically opened for instance).

Obviously this tool has been released for testing purposes only!!  It is effective (apparently) against Adobe Reader and Acrobat versions 8.x prior to 8.2.1 and 9.x before 9.3.1.

The tool can be downloaded here: https://drive.google.com/folderview?id=0BxK09co0m6-_Q05RWmRCTHNYMjQ&usp=sharing

You can test your own Adobe security and patch levels using this tool (perhaps after England’s exit from the World Cup), but more worryingly anybody out there can now create naughty PDFs and combine them with a phishing tool such as PhishPoll and try to get under your skin with minimum skills.

With patching becoming increasingly complex, arduous and important, we think it is imperative that you can look at your estate in real time, identify vulnerable machines, unpatched or running old versions of critical code such as Java, Adobe or even core Microsoft patches and take evasive action such as moving them to remediation VLANS with limited or no access to corporate resources.

We advise our clients to implement network access control, a core component of our NetSure360 security management platform. We advocate ForeScout technology which we have integrated in order to be able to identify not only unpatched or out of date devices but devices misbehaving, running hacking tools for instance.

If you haven’t seen it, take a look at our demo video showcasing the application of NetSure360 Mobile which extends the functionality described above into the mobile device: https://itcsecure.com/2014/04/netsuremobile-video/

If you would like to discuss patching or anything more interesting (aka – anything), please do not hesitate to get in touch.

Contact us at [email protected]

Author: Kevin Whelan

Recent Posts

Leave a Comment

Tel:
+44 (0) 20 7517 3900

 

Contact ITC Secure

If you have a question, request, comment or requirement, please send us an email now and we will get back to you by return