Monday, September 27, 2010

ENHANCED MITIGATION EXPERIENCE TOOLKIT

Have you been struggling to mitigate the risks, prevent vulnerabilities from being exploited and minimize disruption of your environment of legacy products or third party applications? If yes, then


help is now available to you from Microsoft

free of charge through a tool Enhanced Mitigation Experience Toolkit (EMET). The goals for EMET are:

•Leverage the tool for vulnerabilities under active exploitation to help customers prevent themselves from being exploited.





•Give customers the ability to use newer mitigation technologies to help protect older applications that cannot be recompiled to opt into them.

•Provide a central interface to make it easier for users to manage both system and application mitigations



EMET provides users with the ability to deploy security mitigation technologies to arbitrary applications. Doing so helps to prevent vulnerabilities in those applications (especially line of business and 3rd party apps) from successfully being exploited. It also responds to requests from customers to help manage risk in older, legacy products while they are in the process of transitioning over to modern, more secure products. Beyond that it makes it easy for customers to try mitigations against any software. While EMET can be used by anybody, it is primarily targeted at protecting applications on machines that are at high risk for attack. It helps you to harden applications be it line of business applications on backend servers or browsers on the desktops.



I am sure you would be interested in this tool and you can click here to download the tool free of charge! Microsoft has also put together a video for you. The video gives an even more in-depth look at some of the security mitigations offered by the tool. You can watch the video online here.



EMET provides a total of six mitigations:-





•Dynamic Data Execution Prevention (DEP) - DEP has been available since Windows XP. However, current configuration options don't allow applications to be opted in on an individual basis unless they are compiled with a special flag. EMET allows applications compiled without that flag to also be opted.

•Structure Exception Handler Overwrite Protection (SEHOP) - This protects against currently the most common technique for exploiting stack overflows in Windows. This mitigation has shipped with Windows since Windows Vista SP1. Recently with Windows 7, the ability to turn it on and off per process was added. With EMET, Microsoft provides the Windows 7 capabilities on any platform back though Windows XP.

•Heap Spray Allocation - When an exploit runs, it often cannot be sure of the address where its shellcode resides and must make a case when taking control of the instruction pointer. To increase the odds of success, most exploits now use heapspray techniques to place copies of their shellcode at as many memory locations as possible. This mitigation blocks the use of addresses most common in today's exploits.

•Null Page Allocation - This is similar technology to the heap spray allocation, but designed to prevent potential null dereference issues in usermode. Currently there are no known ways to exploit them and thus this is a defense in depth mitigation technology.

•Export Address Table Access Filtering - This mitigation is designed to break nearly all shell code in use today. Before a piece of shellcode can do anything useful, it generally has to locate
EMET provides a total of six mitigations:-






•Dynamic Data Execution Prevention (DEP) - DEP has been available since Windows XP. However, current configuration options don't allow applications to be opted in on an individual basis unless they are compiled with a special flag. EMET allows applications compiled without that flag to also be opted.

•Structure Exception Handler Overwrite Protection (SEHOP) - This protects against currently the most common technique for exploiting stack overflows in Windows. This mitigation has shipped with Windows since Windows Vista SP1. Recently with Windows 7, the ability to turn it on and off per process was added. With EMET, Microsoft provides the Windows 7 capabilities on any platform back though Windows XP.

•Heap Spray Allocation - When an exploit runs, it often cannot be sure of the address where its shellcode resides and must make a case when taking control of the instruction pointer. To increase the odds of success, most exploits now use heapspray techniques to place copies of their shellcode at as many memory locations as possible. This mitigation blocks the use of addresses most common in today's exploits.

•Null Page Allocation - This is similar technology to the heap spray allocation, but designed to prevent potential null dereference issues in usermode. Currently there are no known ways to exploit them and thus this is a defense in depth mitigation technology.

•Export Address Table Access Filtering - This mitigation is designed to break nearly all shell code in use today. Before a piece of shellcode can do anything useful, it generally has to locate windows APIs first. This mitigation blocks a common current technique shellcode uses to do this.

•Mandatory Address Space Layout Randomization (ASLR) - ASLR randomizes the addresses where modules are loaded to help prevent an attacker from leveraging data at predictable locations. The problem with this is that all modules have to use a compile time flag to opt into this. With EMET, we force modules to be loaded at randomized addresses for a target process regardless of the flags it was compiled with.









I would encourage you to go ahead and use this tool, harden your applications and minimize the disruptions in your environment.





Sanjay Bahl is the Chief Security Officer for Microsoft Corporation (India) Pvt. Ltd., and is a member of various security committees at national and International level.





What is the purpose of this alert?

This alert is to notify you that Microsoft has released Security Advisory 2416728 - Vulnerability in ASP.NET Could Allow Information Disclosure -- on September 17, 2010.



Summary

Microsoft is investigating a new public report of a vulnerability in ASP.NET. An attacker who exploited this vulnerability could view data, such as the View State, which was encrypted by the target server, or read data from files on the target server, such as web.config. This would allow the attacker to tamper with the contents of the data. By sending back the altered contents to an affected server, the attacker could observe the error codes returned by the server. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.



We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.



Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.





Mitigating Factors

•Microsoft has not identified any mitigations for this vulnerability.







Operating SystemComponent

Windows XP

Windows XP Media Center Edition 2005 and Windows XP Tablet PC Edition 2005 Microsoft .NET Framework 1.0 Service Pack 3

Windows XP Service Pack 3 Microsoft .NET Framework 1.1 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5 Service Pack 1

Microsoft .NET Framework 4.0

Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5 Service Pack 1

Microsoft .NET Framework 4.0

Windows Server 2003

Windows Server 2003 Service Pack 2Microsoft .NET Framework 1.1 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5 Service Pack 1

Microsoft .NET Framework 4.0

Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5 Service Pack 1

Microsoft .NET Framework 4.0

Windows Server 2003 with SP2 for Itanium-based SystemsMicrosoft .NET Framework 1.1 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5 Service Pack 1

Microsoft .NET Framework 4.0

Windows Vista

Windows Vista Service Pack 1Microsoft .NET Framework 1.1 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5 Service Pack 1

Microsoft .NET Framework 4.0

Windows Vista Service Pack 2Microsoft .NET Framework 1.1 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.5 Service Pack 1

Microsoft .NET Framework 4.0

Windows Vista x64 Edition Service Pack 1Microsoft .NET Framework 1.1 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5 Service Pack 1

Microsoft .NET Framework 4.0

Windows Vista x64 Edition Service Pack 2Microsoft .NET Framework 1.1 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.5 Service Pack 1

Microsoft .NET Framework 4.0

Windows Server 2008

Windows Server 2008 for 32-bit SystemsMicrosoft .NET Framework 1.1 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5 Service Pack 1

Microsoft .NET Framework 4.0

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2Microsoft .NET Framework 1.1 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.5 Service Pack 1

Microsoft .NET Framework 4.0

Windows Server 2008 for x64-based SystemsMicrosoft .NET Framework 1.1 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5 Service Pack 1

Microsoft .NET Framework 4.0

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2Microsoft .NET Framework 1.1 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.5 Service Pack 1

Microsoft .NET Framework 4.0

Windows Server 2008 for Itanium-based SystemsMicrosoft .NET Framework 1.1 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5 Service Pack 1

Microsoft .NET Framework 4.0

Windows Server 2008 for Itanium-based Systems Service Pack 2Microsoft .NET Framework 1.1 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.5 Service Pack 1

Microsoft .NET Framework 4.0

Windows 7

Windows 7 for 32-bit SystemsMicrosoft .NET Framework 3.5.1

Microsoft .NET Framework 4.0

Windows 7 for x64-based SystemsMicrosoft .NET Framework 3.5.1

Microsoft .NET Framework 4.0

Windows Server 2008 R2

Windows Server 2008 R2 for x64-based Systems Microsoft .NET Framework 3.5.1

Microsoft .NET Framework 4.0

Windows Server 2008 R2 for Itanium-based systems Microsoft .NET Framework 3.5.1

Microsoft .NET Framework 4.0







Recommendations

Review Microsoft Security Advisory 2416728 for an overview of the issue, details on affected components, mitigating factors, workarounds, suggested actions, frequently asked questions (FAQs), and links to additional resources.



Customers who believe they are affected can contact Customer Service and Support (CSS) in North America for help with security update issues or viruses at no charge using the PC Safety line (866) PCSAFETY. International customers can contact Customer Service and Support by using any method found at http://www.microsoft.com/protect/worldwide/default.mspx.





Additional Resources

•Microsoft Advisory 2416728 - Vulnerability in ASP.NET Could Allow Information Disclosure



•Microsoft Security Response Center (MSRC) Blog

•Microsoft Security Research & Defense (SRD) Blog

•Microsoft Malware Protection Center (MMPC) Blog





Regarding Information Consistency

We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft's security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft's web-based security content, the information in Microsoft's web-based security content is authoritative.



Thank you,

Microsoft CSS Security Team
 
Sincerely
Gurbinder Sharma
Partner Microsoft Online

Tuesday, September 21, 2010

VMWare Take over Suse Linux

Hi Guys
VMWare win the game of Open Source Stratgey and takes over officially the SuSe Linux . Now Wait and watch What Should Happen , After Novell's Death.Will It Effect Open Source ? or Make our life Easy.

Saturday, September 11, 2010

THE NEAR EARTH ASTEROIDS 2010 SEP



Hi Guys These Are the Potentially Dangerous Astreoids For Our Planet .This Picture Clearly Show you how lucky we were but if one of them will  change his direction due to some reason
You can see , how already they are close to earth  when they pass our planet one simple technical
mistake in calculations will destroy the earth.

Wednesday, September 8, 2010

Subject: khas khas (poppy seeds) upto 20 years in jail

Yesterday only I came to know of a case from a friend of mine which is very scary. One of his friends was traveling to UK via Dubai. Unfortunately he was carrying a packet of Khas Khas which is a commonly used spice in some Indian curries and sweets. Khas Khas is also known as poppy seed which can be sprouted to grow narcotics (afeem etc.).
This innocent person did not know that recently the laws in UAE and other Gulf countries have been revised and carrying Khas Khas is punishable with minimum 20 years of imprisonment or even worse with death penalty. Currently, the person is in a jail in Dubai for the last two weeks. His friends are frantically trying hard for his release but are finding that this has become a very very serious case. Lawyers are asking huge fees amounting to AED 100,000 even to appear in the court to plead for his innocence.
Please forward this email to all you know specially in Panjab. They should know the seriousness of this matter and should never ever carry even minutest quantities of the following items when traveling to Gulf countries:
1. Khas Khas whether raw, roasted or cooked.

2. Paan

3. Beetle nut (supari and its products, e.g. Paan Parag etc.)



The penalties are very severe and it could destroy the life of an innocent person.
I appeal you to create the awareness by forwarding this email to all you know.



Thanks and Best Regards
Gurbinder Sharma
CCHR

Wednesday, September 1, 2010

Infectious Disease, Critical Care Medicine, Internal Medicine

Infectious Disease, Critical Care Medicine, Internal Medicine


ISSUE:  We were reminded healthcare professionals of an increased mortality risk associated with the use of the intravenous antibacterial Tygacil (tigecycline) compared to that of other drugs used to treat a variety of serious infections. The increased risk was seen most clearly in patients treated for hospital-acquired pneumonia, especially ventilator-associated pneumonia, but was also seen in patients with complicated skin and skin structure infections, complicated intra-abdominal infections and diabetic foot infections. FDA has updated sections of the Tygacil drug label to include information regarding increased mortality risk of Tygacil.



BACKGROUND: Tygacil is approved by FDA for the treatment of complicated skin and skin structure infections, complicated intra-abdominal infections, and community acquired pneumonia. Tygacil is not approved for the treatment of hospital-acquired pneumonia (including ventilator-associated pneumonia) or diabetic foot infection. The increased risk was determined using a pooled analysis of clinical trials. See the Data Summary section of the FDA Drug Safety Communication for additional details.

RECOMMENDATION: Alternatives to Tygacil should be considered in patients with severe infections. Healthcare professionals and patients are encouraged to report adverse events or side effects related to the use of this product to the FDA's MedWatch Safety Information and Adverse Event Reporting Programme.
Sincerely
Gurbinder Sharma