|
|
|
Secure
Web Gateway Web Appliances Series Security Update 106 - Release Notes
Table of Contents
Overview of Security Updates
Secure Web Gateway Web Appliance
Series customers will receive constant updates from M86 Security, based on
M86 Security Malware Lab findings.
This update includes the following objects:
Vulnerability Anti.dote Rules
- These rules emphasize
protection of the Operating System and application security bugs.
- Vulnerability Anti.dote rules
allow M86 Security to provide its customers with a "virtual patch"
for any vulnerability covered by the rule. This means that M86 Security
customers who have installed this update will not be attacked by threats
utilizing these vulnerabilities.
- There are two types of
vulnerabilities covered by M86 Security:
1. Vulnerabilities known to the security community, whereby some are patched and some are not. M86 Security customers receive a "virtual patch" thus protecting them from vulnerabilities before patches are even available to the public.
2. Vulnerabilities known exclusively to M86 Security Malware Lab, who report the technical details to the relevant operating system and/or application vendors. As such, M86 Security customers are protected from vulnerabilities which are obviously not patched at the time of the Security Update.
- Security updates may also
include changes to, or the deletion of, existing Vulnerability Anti-dote rules
as part of system optimization.
Behavior Based Rules
- These rules are distributed in
two instances:
1. M86 Security Malware Lab determines that certain code may be used illegitimately in a web context.
2. A new type of attack has been detected by the M86 Security Malware Lab and therefore behavior based rules need to be extended to include this attack.
- Security updates may also
include changes to, or the deletion of, existing Behavior Profile rules as
part of system optimization.
Spyware
- Security updates may include
the following anti Spyware measures:
1. Spyware URL Black List
2. Active Content Lists of Spyware
objects
Details of this Security Update
This Security Update is compatible with OS
Versions 8.5.0, 9.x.
The following changes are delivered with
this update:
|
ID |
Name |
Severity |
Security Engine |
Description |
|
1. |
Registry OCX ActiveX Vulnerability |
Medium |
Vulnerability Anti.dote |
Registry OCX ActiveX control is prone to a buffer-overflow
vulnerability because it fails to properly bounds-check user-supplied data
before copying it into an insufficiently sized memory buffer. |
|
2. |
Cisco Secure Desktop CSDWebInstaller ActiveX Vulnerability |
Critical |
Vulnerability Anti.dote |
The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure
Desktop (CSD) does not properly verify the signatures of downloaded programs,
which allows remote attackers to force the download and execution of
arbitrary files via a crafted web page. |
|
3. |
Microsoft Internet Explorer Transfer Of Control Vulnerability |
Critical |
Vulnerability Anti.dote |
A vulnerability in the instantiation of three specific ActiveX
controls in a particular order results in a transfer of control to
unallocated memory which can be leveraged by remote attackers to execute
arbitrary code. |
|
4. |
Image22 ActiveX Vulnerability |
Medium |
Vulnerability Anti.dote |
A vulnerability in Image22 ActiveX control caused due to a
boundary error in the handling of the "DrawIcon()" method when processing
the file extension argument can be exploited to cause a stack-based buffer
overflow. |
|
5. |
FathFTP ActiveX Vulnerability |
Medium |
Vulnerability Anti.dote |
Multiple buffer overflows in the FathFTP ActiveX control allow
remote attackers to execute arbitrary code via the GetFromURL member or a
long argument to the RasIsConnected method. |
|
6. |
RSP MP3 Player OCX Vulnerability |
Medium |
Vulnerability Anti.dote |
Buffer overflow in the RSP MP3 Player OCX 3.2 ActiveX control
could allow remote attackers to execute arbitrary code using the “OpenFile()”
method. |
Installing this Update
By
default, Secure Web Gateway Web Appliances are delivered with the option to
automatically install updates. If you have disabled automatic installation of
security updates it is highly recommended to install the security update as
soon as it is available in the available updates list. For more information, see
the M86 Secure Web Gateway
3000/5000/7000
Management Console Reference Guide.
Release Notes - Secure Web Gateway
Web Appliance Series - Security Update 106
ISR VSNG.SU106RN 25July2010 EN
M86 Security Release Notes: Copyright
© Copyright 2010. M86 Security. All rights
reserved
All text and figures included in this publication are the exclusive property of
M86 Security. This document may not, in whole or in part, be copied, published
or reproduced without prior written consent from M86 Security. Every effort has
been made to ensure the accuracy of the content contained in this document.
Such content is provided “as is” without warranty of any kind. M86 Security
disclaims all warranties and conditions with regard to this content, including
all expressed or implied warranties and conditions of merchantability, and
fitness for a particular purpose. The company shall not under any circumstance
be liable for any errors or damages of any kind (including but not limited to
compensatory, special, indirect or consequential damages) in connection with
the document’s contents. Any information in this document is subject to change
without notice.
M86 Security, the M86 Security logo and
M86-branded products are registered trademarks under license by M86 Security.
All other product and company names mentioned herein are trademarks or
registered trademarks of their respective companies. All rights reserved.