Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Goodies released with Trustwave SWG Security Update 141

As cliché as it may sound, security is done in layers and so, using our generic rules, we were able to provide 0-day protection against the recent Internet Explorer 0-day CVE-2012-4792 with our Secure Web Gateway (SWG). You can read more in our previous blog posts:
exploit analysis and payload analysis.

With today's release of Security Update 141 for SWG we are
adding detection rule which is specific to CVE-2012-4792, named "Internet
Explorer CDwnBindInfo Object use-after-free vulnerability". This rule will
provide another layer of defense against exploits of this vulnerability.

TURKTRUST Inc., a trusted CA, has incorrectly created two subsidiary certificates which one of them was later used to generate a fraudulent digital certificate of Google. That certificate
was then used in an active attack. As a result, SU141 is removing SWG trust of the following certificates:

  • *.google.com issued by
  • e-islem.kktcmerkezbankasi.org
    issued by TURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri
  • *.EGO.GOV.TR issued by
    TURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri

For further information, see Microsoft's Security Advisory 2798897.

Security Update 141 comes with some more goodies. Here is a link to the release notes for further information.

Stay safe.