Trustwave SpiderLabs Uncovers Unique Cybersecurity Risks in Today's Tech Landscape. Learn More

Trustwave SpiderLabs Uncovers Unique Cybersecurity Risks in Today's Tech Landscape. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Microsoft Patch Tuesday September 2012 – Update those Certs!

As we mentioned last week there are only two patches this month! Not to mention they are only rated 'Important' and not 'Critical' which is great since it means less work for all of us but that doesn't mean you shouldn't apply them if needed. So few patches means you can focus more on the optional (this month) non-security update (KB2661254). This update was first released last month but just about everyone ignored it then. KB2661254 will require users to employ certificates with an RSA key length of at least 1024 bits. Which for most of us shouldn't be that big of a deal as you really should be already using 1024 bit certs as a minimum by now anyway. But there are at least1% of you out there, according to the 2012 Trustwave Global Security Report that are still 1using 512-bitcertificates! While you are in the process of updating those old certs, and you have all this extra time this month from only needing to apply two patches, you might as well update your 1024 bit certs to a even more robust 2048 bits, 4096bits or higher.

There has been a lot of nasty malware out lately using spoofed certs, like the recent Flame malware. So while you have a little extra time this month root around in the back of your IT closet for that old server that never gets touched because "it just works" you know the one, the one you avoid, the one in the corner that the other department is protective about, the one that lives under that one guys desk, yeah that one. Go update it. If you are still using IIS 5 and 6 and not using Certificate Revocation Lists now would be a good time enable that feature, it is on by default in IIS 7.

Be warned though that updating key lengths might cause some error messages and will definitely require a reboot. Just because updating your key lengths is optional this month doesn't mean you should ignore it or put it off any longer than you need to because next month it will be required and stuff will start breaking if you don't have this update. Things like Internet Explorer tossing up error messages to your visitors saying your certs are untrusted. Things like Outlook not being able to encrypt or even sign email. Those issues are nothing though when you realize that Outlook 2010 won't even be able to connect to an Exchange Server using a cert with less than 1024 bits. So save yourself some headaches next month and update those key lengths now.

MS12-061 (KB 2719584)

IMPORTANT

Elevation of Privilege in Visual Studio Team Foundation Server

CVE-2012-1892

Visual Studio Team Foundation Server allows users to easily share project plans, work products, and progress assessments and a whole bunch of other stuff. There is are flecked XSS (Cross Site Scripting) vulnerability though that could allow a bad guy to inject a client side script into a web browser that is using Team Foundation Server web access. Basically that would allow the bad guy increased privileges if a user clicks a specially crafted link in an email or on a website. Once the script is installed the bad guy could then spoof content, steal information or do anything that the original user could do. If for some reason you can't apply this patch at the very least you should enable the XSS filter in local intranet security zone for IE 8 and 9. You can find this from the Tools menu -> Security Tab-> Local intranet -> Custom Level -> Settings -> Scripting ->Enable XSS filter. But it is so much easier to just apply the patch.

MS12-062 (KB 2741528)

IMPORTANT

Elevation of Privilege in System Center Configuration Manager

CVE-2012-2536

System Center Configuration Manager helps organizations maintain corporate compliance by managing physical, virtual, and mobile clients with things like application delivery, desktop virtualization, security and other cool stuff. However there is a vulnerability that can be exploited by tricking a user into visiting a specially crafted URL. Like MS12-061 this one is also a reflected XSS vulnerability, which could allow the bad guys code torun. Again if you can't install this patch be sure to at least enable the XSSfilter in IE 8 and 9.

Researchers at Trustwave Spiderlabs are actively investigating these bulletins thoroughly, using the information from Microsoft and other sources to develop protections for our customers against these threats as quickly as we can.

Now, go update those certs!

Latest SpiderLabs Blogs

Zero Trust Essentials

This is Part 5 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here.

Read More

Why We Should Probably Stop Visually Verifying Checksums

Hello there! Thanks for stopping by. Let me get straight into it and start things off with what a checksum is to be inclusive of all audiences here, from Wikipedia [1]:

Read More

Agent Tesla's New Ride: The Rise of a Novel Loader

Malware loaders, critical for deploying malware, enable threat actors to deliver and execute malicious payloads, facilitating criminal activities like data theft and ransomware. Utilizing advanced...

Read More