Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Microsoft Patch Tuesday September 2012 – Update those Certs!

As we mentioned last week there are only two patches this month! Not to mention they are only rated 'Important' and not 'Critical' which is great since it means less work for all of us but that doesn't mean you shouldn't apply them if needed. So few patches means you can focus more on the optional (this month) non-security update (KB2661254). This update was first released last month but just about everyone ignored it then. KB2661254 will require users to employ certificates with an RSA key length of at least 1024 bits. Which for most of us shouldn't be that big of a deal as you really should be already using 1024 bit certs as a minimum by now anyway. But there are at least1% of you out there, according to the 2012 Trustwave Global Security Report that are still 1using 512-bitcertificates! While you are in the process of updating those old certs, and you have all this extra time this month from only needing to apply two patches, you might as well update your 1024 bit certs to a even more robust 2048 bits, 4096bits or higher.

There has been a lot of nasty malware out lately using spoofed certs, like the recent Flame malware. So while you have a little extra time this month root around in the back of your IT closet for that old server that never gets touched because "it just works" you know the one, the one you avoid, the one in the corner that the other department is protective about, the one that lives under that one guys desk, yeah that one. Go update it. If you are still using IIS 5 and 6 and not using Certificate Revocation Lists now would be a good time enable that feature, it is on by default in IIS 7.

Be warned though that updating key lengths might cause some error messages and will definitely require a reboot. Just because updating your key lengths is optional this month doesn't mean you should ignore it or put it off any longer than you need to because next month it will be required and stuff will start breaking if you don't have this update. Things like Internet Explorer tossing up error messages to your visitors saying your certs are untrusted. Things like Outlook not being able to encrypt or even sign email. Those issues are nothing though when you realize that Outlook 2010 won't even be able to connect to an Exchange Server using a cert with less than 1024 bits. So save yourself some headaches next month and update those key lengths now.

MS12-061 (KB 2719584)

IMPORTANT

Elevation of Privilege in Visual Studio Team Foundation Server

CVE-2012-1892

Visual Studio Team Foundation Server allows users to easily share project plans, work products, and progress assessments and a whole bunch of other stuff. There is are flecked XSS (Cross Site Scripting) vulnerability though that could allow a bad guy to inject a client side script into a web browser that is using Team Foundation Server web access. Basically that would allow the bad guy increased privileges if a user clicks a specially crafted link in an email or on a website. Once the script is installed the bad guy could then spoof content, steal information or do anything that the original user could do. If for some reason you can't apply this patch at the very least you should enable the XSS filter in local intranet security zone for IE 8 and 9. You can find this from the Tools menu -> Security Tab-> Local intranet -> Custom Level -> Settings -> Scripting ->Enable XSS filter. But it is so much easier to just apply the patch.

MS12-062 (KB 2741528)

IMPORTANT

Elevation of Privilege in System Center Configuration Manager

CVE-2012-2536

System Center Configuration Manager helps organizations maintain corporate compliance by managing physical, virtual, and mobile clients with things like application delivery, desktop virtualization, security and other cool stuff. However there is a vulnerability that can be exploited by tricking a user into visiting a specially crafted URL. Like MS12-061 this one is also a reflected XSS vulnerability, which could allow the bad guys code torun. Again if you can't install this patch be sure to at least enable the XSSfilter in IE 8 and 9.

Researchers at Trustwave Spiderlabs are actively investigating these bulletins thoroughly, using the information from Microsoft and other sources to develop protections for our customers against these threats as quickly as we can.

Now, go update those certs!

Latest SpiderLabs Blogs

Welcome to Adventures in Cybersecurity: The Defender Series

I’m happy to say I’m done chasing Microsoft certifications (AZ104/AZ500/SC100), and as a result, I’ve had the time to put some effort into a blog series that hopefully will entertain and inform you...

Read More

Trustwave SpiderLabs: Insights and Solutions to Defend Educational Institutions Against Cyber Threats

Security teams responsible for defending educational institutions at higher education and primary school levels often find themselves facing harsh lessons from threat actors who exploit the numerous...

Read More

Breakdown of Tycoon Phishing-as-a-Service System

Just weeks after Trustwave SpiderLabs reported on the Greatness phishing-as-a-service (PaaS) framework, SpiderLabs’ Email Security team is tracking another PaaS called Tycoon Group.

Read More