Microsoft Word Remote Code Execution Vulnerability (CVE-2015-0097)



Remote code execution vulnerability exists in Microsoft Office software and is caused when the Office improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code CVE-2015-0097 .
 
To exploit this vulnerability the user has to be tricked into visiting the attacker's website by clicking on a link. Another scenario could be downloading and opening specially crafted MS office email attachment. Microsoft Word, Excel and Powerpoint contains a remote code execution vulnerability because it is possible to reference documents such as Works document (.wps) as HTML. It will process HTML and script code in the context of the local machine zone of Internet Explorer which leads to arbitrary code execution. 

Once the user opens the office document the attacker is able to perform actions in security context of the logged in user. 


When the user opens that crafted document the code is executed. The code connects to attacker's server and downloads a file which is saved as .hta in the \appdata\roaming\microsoft\windows\start menu\programs\startup\ directory. 


So when the user reboots the machine this malicious file which is saved in the startup directory is executed. This allows remote attacker to execute arbitrary code via crafted office document aka "Microsoft Word Local Zone Remote Code Execution Vulnerability."

That's why you might need to check whether your Security Devices are updated in Signature to protect this kind of vulnerability.

Have a good time.
(Be knowledgeable, pass it on then)

NTP Daemon Vulnerabilities




NTP is a protocol designed to synchronize the clocks of computers over a network. The NTP Project produces a reference implementation of the NTP protocol and implementation documentation through a largely volunteer effort. NTP uses a hierarchical, semi-layered system of time sources. Each level of this hierarchy is termed a "stratum" and is assigned a number starting with zero at the top.
The NTP Project conducts Research and Development in NTP and produces the Official Reference Implementation of NTP along with the Implementation Documentation. A few weeks ago, ntp-4.2.8p4 was released which fixed multiple vulnerabilities.
  • "NTP Daemon Arbitrary File Overwrite", which addresses CVE-2015-7703
Description: If ntpd is configured to allow for remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password, it's possible for an attacker to use the "pidfile" or "driftfile" directives to potentially overwrite other files.
  • "NTP Daemon Assertion Failure DoS", which addresses CVE-2015-7855
Description: If ntpd is fed a crafted mode 6 or mode 7 packet containing an unusually long data value where a network address is expected, the decodenetnum() function will abort with an assertion failure instead of simply returning a failure condition.
  • "NTP Daemon Crypto-NAK Authentication Bypass 1" and
    "NTP Daemon Crypto-NAK Authentication Bypass 2", which address CVE-2015-7871
Description: Crypto-NAK packets can be used to cause ntpd to accept time from unauthenticated ephemeral symmetric peers by bypassing the authentication required to mobilize peer associations. This vulnerability appears to have been introduced in ntp-4.2.5p186 when the code handling mobilization of new passive symmetric associations was refactored.
The most critical one in the above list is the crypto-NAK bug. Administrators are urged to upgrade ntpd to the latest version to protect their servers.
Source: Dell SonicWall Security Center

Have a good time.
(Be knowledgeable, pass it on then)

How to stop "Wireless SSID" from broadcasting in Ruckus ZoneDirector and remove from APs

If you want to disable the Wireless SSID from broadcasting and remove on all Access Points, please follow below steps in your Ruckus ZoneDirector.
- Login to ZoneDirector
- Click "Configure" and go to "WLANs"
- Fine "WLAN Groups" under "WLANs" Section
- If you are using "System Default Group", just select it and edit. Then uncheck the SSID which you want to disable from bradcast and remove from all APs and Click "OK".
- If you are using "Custom Group", just same as above step.

Now your SSID has been disabled and removed from all Access Points.
You can verify by going to Dashboard and checking "Most Recent System Activities".

That's all.

Have a good time.
(Be knowledgeable, pass it on then)

Troubleshooting unable to PING issue on Cisco RV215W

I had to configure and install one Meg@POP router at site office.
Configuration is very simple. Just WAN, LAN and Static Routing.
After all configuration was done, I can PING from router and client to SingTel Side IP and HQ side IP but not from them.
I had to reviewed simple configuration repeatedly and unable to find any wrong.
But after check the Firewall setting since this router has security feature included.
Then realized "Block WAN Request" option checkbox was checked and need to uncheck.
After I unchecked it and save, SingTel and HQ can PING to this router successfully.

Thanks God.

So if you are having same issue like me while configuring Cisco RV215W Wireless VPN Router, just do no forget to uncheck that "Block WAN Request" and save to able to PING from outside.



Have a good time.
(Be knowledgeable, pass it on then)