Are You Still Using Window XP or Windows Server 2003?

As we know that Microsoft have stopped provide support for Windows XP & Windows Server 2003. But If you are still using these Operating system then you have to know about The Epic Turla Operation.

The Epic Turla Operation

Epic Turla is a massive cyber-espionage operation by Kaspersky. Epic Turla have infected several hundred computers in more than 45 countries including government institutions, embassies, military, education, research and pharmaceutical companies.

epic turla

The attacks in this campaign fall into several different categories depending on the vector used in the initial compromise.
• CVE-2013-5065 – Privilege escalation vulnerability in Windows XP and Windows 2003
• CVE-2013-3346 – Arbitrary code-execution vulnerability in Adobe Reader
• CVE-2012-1723 – Arbitrary code-execution vulnerability in Java

CVE-2013-5065 Detail

An elevation of privilege vulnerability exists in the NDProxy component of the Windows kernel due to improper validation of input passed from user mode to the kernel. The vulnerability could allow an attacker to run code in kernel mode. An attacker who successfully exploited this vulnerability could run a specially crafted application and take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full administrator rights.

Affected Software

Operating System Maximum Security Impact Aggregate Severity Rating Updates Replaced
Windows XP
Windows XP Service Pack 3
(2914368)
Elevation of Privilege Important 2440591 in MS10-099
Windows XP Professional x64 Edition Service Pack 2
(2914368)
Elevation of Privilege Important 2440591 in MS10-099
Windows Server 2003
Windows Server 2003 Service Pack 2
(2914368)
Elevation of Privilege Important 2440591 in MS10-099
Windows Server 2003 x64 Edition Service Pack 2
(2914368)
Elevation of Privilege Important 2440591 in MS10-099
Windows Server 2003 with SP2 for Itanium-based Systems
(2914368)
Elevation of Privilege Important 2440591 in MS10-099

Microsoft Security Advisory

If you are still running Windows XP & Server 2003 in your infratructure, you need to take steps now to plan and execute up-gradation strategy to protect your infrastructure.

CVE-2013-3346 Details

Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.Adobe
Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.02) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.4 and earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected software versions

• Adobe Reader XI (11.0.02) and earlier 11.x versions for Windows and Macintosh
• Adobe Reader X (10.1.6) and earlier 10.x versions for Windows and Macintosh
• Adobe Reader 9.5.4 and earlier 9.x versions for Windows, Macintosh and Linux
• Adobe Acrobat XI (11.0.02) and earlier 11.x versions for Windows and Macintosh
• Adobe Acrobat X (10.1.6) and earlier 10.x versions for Windows and Macintosh
• Adobe Acrobat 9.5.4 and earlier 9.x versions for Windows and Macintosh

Adobe Security Advisory

• Users of Adobe Reader XI (11.0.02) for Windows and Macintosh should update to Adobe Reader XI (11.0.03).
• For users of Adobe Reader X (10.1.6) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.03), Adobe has made available the update Adobe Reader X (10.1.7).
• For users of Adobe Reader 9.5.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.03), Adobe has made available the update Adobe Reader 9.5.5.
• Users of Adobe Reader 9.5.4 and earlier versions for Linux should update to Adobe Reader 9.5.5.
• Users of Adobe Acrobat XI (11.0.02) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.03).
• For users of Adobe Acrobat X (10.1.6) and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.03), Adobe has made available the update Adobe Acrobat X (10.1.7).
• For users of Adobe Acrobat 9.5.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.03), Adobe has made available the update Adobe Acrobat 9.5.5.

CVE-2013-1723 Detail

This threat uses a software vulnerability to download and run other files on your PC, including malware. It runs when you visit a hacked website and you have a vulnerable version of Java. A number of legitimate websites could be hacked to unwillingly host this threat.Java
Affected software versions
• JDK and JRE 7 Update 4 and earlier Java SE
• JDK and JRE 6 Update 32 and earlier Java SE
• JDK and JRE 5.0 Update 35 and earlier Java SE
• SDK and JRE 1.4.2_37 and earlier Java SE

JAVA Security Advisory

• Install all available Java updates.

You Must Also Read

FSRM – File Server Resource Manager

Leave a Reply

Your email address will not be published. Required fields are marked *