News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
August 21, 2014, 04:05:42
Pages: 1 ... 6 7 [8] 9 10   Go Down
  Print  
Topic: Multiple AV vendor vulns / updates / issues  (Read 64911 times)
0 Members and 1 Guest are viewing this topic.
« Reply #105 on: September 30, 2011, 11:29:20 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8211



FYI...

MS flags Chrome as virus
- http://tech.slashdot.org/story/11/09/30/176230/microsoft-security-products-flag-google-chrome-as-a-virus
September 30, 2011 - "Reports poured in this morning that Microsoft's security products, namely Microsoft Security Essentials and Forefront Client Security, were flagging Google Chrome as a virus (PWS:Win32/Zbot) and removing the browser if users chose to clean and reboot their machines. Users reported that the only way to mitigate the problem was to set MSE and Forefront to 'always allow' Zbot, which is generally considered to be a bad idea... Microsoft has now pushed another update* to resolve the issue..."
* http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=PWS:Win32/Zbot&threatid=2147598479#summary_link
September 30th, 2011
___

- https://isc.sans.edu/diary.html?storyid=11701
Last Updated: 2011-09-30 19:19:10 UTC

 Sad  Exclamation
« Last Edit: September 30, 2011, 12:23:19 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #106 on: October 07, 2011, 05:30:44 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8211



FYI...

Symantec products KeyView Parsers multiple vulns
- https://secunia.com/advisories/44273/
Release Date: 2011-10-07
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution Status: Vendor Patch ...
Original Advisory: Symantec (SYM11-013):
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20111006_00

- http://www.securitytracker.com/id/1026155
- http://www.securitytracker.com/id/1026156
- http://www.securitytracker.com/id/1026157
CVE Reference: CVE-2011-0337, CVE-2011-0338, CVE-2011-0339, CVE-2011-1213, CVE-2011-1214, CVE-2011-1215, CVE-2011-1216, CVE-2011-1218, CVE-2011-1512
Oct 7 2011

 Exclamation
« Last Edit: October 10, 2011, 03:26:05 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #107 on: October 14, 2011, 08:44:19 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8211



FYI...

Norton blocks Facebook as 'phishing site'
- http://www.theregister.co.uk/2011/10/14/norton_blocks_facebook/
14th October 2011 - "Symantec has withdrawn an update to its Norton consumer security software that branded Facebook a phishing site on Wednesday. The snafu meant that users of Norton Internet Security were blocked from accessing the social networking site and were told a "fraudulent web page" had been blocked... Security firms update their signature definition files to detect either rogue applications or questionable websites at increasing frequency in order to keep up with malware production rates*. Plenty of effort is put into the quality assurance process across the industry but even so mistakes sometimes occur. False positives are a cross-industry problem that affects all vendors."

* http://www.av-test.org/en/statistics/malware/


 Sad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #108 on: October 18, 2011, 09:21:57 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8211



FYI...

ClamAV v0.97.3 released
- https://secunia.com/advisories/46455/
Release Date: 2011-10-18
Criticality level: Moderately critical
Impact: DoS, System access
Where: From remote
... vulnerability is reported in version 0.97.2. Prior versions may also be affected.
Solution: Update to version 0.97.3.
> http://www.clamav.net/lang/en/

- http://blog.clamav.net/2011/10/clamav-0973-has-been-released.html
October 17, 2011

- http://www.securitytracker.com/id/1026217
Oct 19 2011
Version: prior to 0.97.3

 Exclamation
« Last Edit: October 20, 2011, 03:36:21 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #109 on: October 20, 2011, 04:05:33 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8211



FYI...

Mac trojan disables XProtect updates
- http://www.f-secure.com/weblog/archives/00002256.html
October 19, 2011 - "... Recent analysis has revealed to us that Trojan-Downloader:OSX/Flashback.C disables the automatic updater component of XProtect, Apple's built-in OS X anti-malware application... wipes out certain files, thus, preventing XProtect from automatically receiving future updates. Attempting to disable system defenses is a very common tactic for malware — and built-in defenses are naturally going to be the first target on any computing platform..."

 Shocked Evil or Very Mad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #110 on: December 22, 2011, 13:06:13 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8211



FYI...

F-Secure 8 EOL...
- http://www.f-secure.com/weblog/archives/00002284.html
December 21, 2011 - "... our legacy software is approaching its end-of-life (EOL)... antivirus updates for F-Secure 8-series software will end on January 1st, 2012..."

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #111 on: January 20, 2012, 11:15:58 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8211



FYI...

McAfee SaaS Endpoint Protection - update
- https://secunia.com/advisories/47520/
Last Update: 2012-01-19
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerability is reported in version 5.2.0.603. Other versions may also be affected.
Solution: ...

- https://kc.mcafee.com/corporate/index?page=content&id=SB10018&pmv=print&viewlocale=en_US
Security Bulletins ID: SB10018
Last Modified: January 20, 2012
Affected Software: McAfee SaaS Endpoint Protection 5.2.3 and earlier
Description: This update fixes an issue in the Rumor technology utilized by McAfee’s SaaS Endpoint Protection.  Rumor is a Peer-to-Peer technology used to allow several machines on a closed network to quickly distribute updates from a single network connection.   The result of the misuse of the Rumor service is that an attacker could use an affected machine as a proxy.  This can result in spam being sent as the machine acts similar to an “open relay”.
Remediation: Ensure that your systems are online and available to recieve updates. Patches and other updates for SaaS Endpoint are automatically sent through a phased roll-out from the McAfee Network Operations Center (NOC). This patch is being sent on an expedited schedule and should be delivered to all endpoint systems before January 30, 2012..."

- http://h-online.com/-1418006
20 January 2012
___

- http://www.theinquirer.net/inquirer/news/2140015/mcafee-admits-flaws-saas-total-protection
Jan 19 2012

 Exclamation
« Last Edit: January 21, 2012, 09:22:58 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #112 on: February 15, 2012, 02:16:53 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8211



FYI...

MS AV flags Google.com as Malware...
- https://krebsonsecurity.com/2012/02/microsoft-av-flags-google-com-as-malware/
Feb0 14, 2012 9:29 pm - "Computers running Microsoft‘s antivirus and security software may be flagging google.com — the world’s most-visited Web site — as malicious, apparently due to a faulty Valentine’s Day security update shipped by Microsoft. Microsoft's antivirus software flagged google.com as bad. Not long after Microsoft released software security updates on Tuesday, the company’s Technet support forums lit up with complaints about Internet Explorer sounding the malware alarm when users visited google.com. The alerts appear to be the result of a “false positive” detection shipped to users of Microsoft’s antivirus and security products, most notably its Forefront technology and free “Security Essentials” antivirus software..."
>> http://answers.microsoft.com/en-us/protect/forum/protect_scanning/removing-exploitjsblacolebw/c67c86e9-7f4e-43e8-beb5-eeafdfdab469
"... def. version 1.119.1988.0... Google is no longer detected as a virus. .."
Latest MSE definition updates
- https://www.microsoft.com/Security/portal/Definitions/HowToMSE.aspx
Latest antivirus definition version: 1.119.1998.0
Released: Feb 15, 2012 05:30 AM UTC

 Shocked Sad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #113 on: February 28, 2012, 06:42:37 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8211



FYI...

ASLR to be mandatory - Firefox extensions
- http://h-online.com/-1443131
27 Feb 2012 - "A patch that was recently introduced to the Firefox repository is designed to make the browser more secure by forcing certain binary extensions to use ASLR (Address Space Layout Randomisation) under Windows. The Mozilla developers say that the change, which will prevent XPCOM (Cross Platform Component Object Module) component DLLs without ASLR from loading, should be included in Firefox 13 "if no unexpected problems arise". This could, for example, affect products from anti-virus firms Symantec and McAfee. As recently as last year, these products were noted installing DLLs (Dynamic Link Libraries) that were compiled without ASLR in the browser, enabling malware to predict with relative ease the memory addresses that are used for heap and stack areas by the DLLs. ASLR is designed to randomise all memory addresses, so that the program components in question will be placed in different locations each time they start..."

 Shocked
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #114 on: April 16, 2012, 14:45:03 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8211



FYI...

McAfee DAT trouble ...
- https://isc.sans.edu/diary.html?storyid=13003
Last Updated: 2012-04-16 21:11:18 UTC - "... McAfee has confirmed that incremental DAT 6682 may trigger message scan failures and a system crash in GroupShield Exchange (MSME), GroupShield Domino, and McAfee Email Gateway 7 (MEG).  McAfee recommends that customers do NOT upload DAT 6682.
More information will be available on the McAfee KnowledgeBase* ..."

Issue with DAT 6682 and McAfee email products
* https://kc.mcafee.com/corporate/index?page=content&id=KB70380
Last Modified: April 17, 2012

 Sad
« Last Edit: April 17, 2012, 02:36:23 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #115 on: April 23, 2012, 10:12:57 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8211



FYI...

EMC DDoS vuln ...
- http://www.securitytracker.com/id/1026956
Date: Apr 20 2012
CVE Reference:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0406 - 7.8 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0407 - 5.0
Impact:  Denial of service via network
Fix Available: Yes  Vendor Confirmed: Yes 
Version(s): Server and Collector 5.5, 5.5 SP1, 5.6, 5.6 SP1, 5.7, 5.7 SP1, 5.8, 5.8 SP1
Description: Two vulnerabilities were reported in EMC Data Protection Advisor. A remote user can cause denial of service conditions...
Impact: A remote user can consume excessive CPU resources or cause a process crash on the target system.
Solution: The vendor has issued a fix (Security Hotfix DPA-14718)...
- http://www.emc.com/contact-us/contact/product-security-response-center.htm
1-866-438-3622

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #116 on: May 09, 2012, 03:22:55 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8211



FYI...

Symantec False Positive for signature Bloodhound.Exploit.459
- https://isc.sans.edu/diary.html?storyid=13162
Last Updated: 2012-05-08 17:30:11 UTC - "... false-positive alerts on .xls files..."

> http://www.symantec.com/business/support/index?page=content&id=TECH188271
Updated: 2012-05-10 - "... Rapid Release definitions are now available which resolve this behavior... Certified definitions Sequence Number: 134131 Extended Version: 5/8/2012 rev. 18..."

 Exclamation Sad
« Last Edit: May 10, 2012, 14:05:24 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #117 on: May 15, 2012, 14:09:35 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8211



FYI...

Avira update blocks Windows apps
- http://news.cnet.com/8301-1009_3-57434926-83/avira-update-blocked-windows-applications/
May 15, 2012

> https://www.avira.com/en/proactiv-application-blocking
"Issue details: On May 14 and 15, 2012, following the release of Service Pack 0 (SP0) for Avira Version 2012, the ProActiv feature blocked legitimate Windows applications on customers’ PCs.
Affected products: Avira Pro Security, Avira Internet Security 2012, Avira Antivirus Premium 2012
We deeply regret any difficulties this has caused you. Thank you for your patience and understanding.
If you still encounter the issue: In the unlikely event that applications continue to be blocked by ProActiv, please update your software as follows:
    Open the Avira Control Center.
    Click on Update › Start product update.
No further steps are required.

To Disable ProActiv in the future:
    Open the Avira Control Center.
    Press the "F8" button to open the Avira Configuration window.
    Enable the Expert Mode in the upper left corner.
    Open the following options in the PC Protection menu: "Realtime Protection › ProActiv".
    Disable the ProActiv component.
    Close the Avira Configuration window by clicking the OK button.
    Restart your computer.
For step-by-step instructions, please see our knowledge base article*."

* https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1257
___

- http://h-online.com/-1576614
16 May 2012 - "... the problem does not affect Avira Free Antivirus or users who run a 64-bit version of Windows..."

 Sad   Frustrated
« Last Edit: May 16, 2012, 08:23:13 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #118 on: May 23, 2012, 09:40:54 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8211



FYI...

Symantec Endpoint Protection...
- https://secunia.com/advisories/49248/
Release Date: 2012-05-23
Criticality level: Moderately critical
Impact: Manipulation of data, System access
Where: From local network
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0289 - 7.2 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0294 - 5.8
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0295 - 9.3 (HIGH)
... vulnerability is reported in versions 12.1 prior to 12.1 RU1-MP1.
Solution: Update to version 12.1 RU1-MP1...
Original Advisory: SYM12-008:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01

- https://secunia.com/advisories/49221/
Release Date: 2012-05-23
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1821 - 5.0
... vulnerability only affects applications running with Network Threat Protection module on Windows Server 2003 SP2 and prior... see the vendor's advisory for a list of affected versions.
Solution: Update to version 11.0 RU7 MP2.
Original Advisory: SYM12-007:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_00

 Exclamation Exclamation
« Last Edit: May 25, 2012, 03:49:47 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #119 on: June 12, 2012, 14:23:42 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8211



FYI...

Symantec Web Gateway - Metasploit module available
- http://h-online.com/-1616463
12 June 2012 - "The GUI for the administration front end of Symantec Web Gateway 5.0 allows a series of attacks to occur which can, at worst, let attackers execute their own commands or code on the gateway. Demonstration exploits and a Metasploit module that implements the attacks are already publicly available. Symantec has now provided Symantec Web Gateway 5.0.3*, which fixes the four vulnerabilities: two highly rated code/command injection flaws and two medium rated flaws related to file download/deletion and exposure to cross-site scripting."
* http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00
SYM12-006

- http://www.symantec.com/web-gateway

 Exclamation Shocked
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: 1 ... 6 7 [8] 9 10   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.984 seconds with 20 queries.