@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

• 12.2.1 - Microsoft Windows Kernel SafeSEH Security Bypass
• 12.2.2 - Microsoft Windows CSRSS Local Privilege Escalation
• 12.2.3 - Microsoft Windows ClickOnce Application Installer Remote Code Execution
• 12.2.4 - Microsoft Windows Object Packager Remote Code Execution

Other Microsoft Products

• 12.2.5 - Microsoft AntiXSS Library Sanitization Module Security Bypass
• 12.2.6 - Microsoft Windows Media Player Remote Code Execution

Third Party Windows Apps

• 12.2.7 - Siemens Tecnomatix FactoryLink ActiveX Arbitrary File Overwrite
• 12.2.8 - Hitachi Multiple IT Operations Products Unspecified Cross-Site Scripting

Linux

• 12.2.9 - Super Remote Buffer Overflow

Cross Platform

• 12.2.10 - Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
• 12.2.11 - OpenSSL Multiple Vulnerabilities
• 12.2.12 - Google Chrome Multiple Security Vulnerabilities
• 12.2.13 - FFmpeg Multiple Remote Vulnerabilities
• 12.2.14 - GnuTLS DTLS Information Disclosure
• 12.2.15 - ZNC "bouncedcc" Module Remote Denial of Service
• 12.2.16 - Adobe Acrobat and Reader Multiple Vulnerabilities
• 12.2.17 - PowerDNS Authoritative Server Remote Denial of Service

Web Application - Cross Site Scripting

• 12.2.18 - IBM Cognos TM1 Executive Viewer Multiple Cross-Site Scripting Vulnerabilities

Web Application

• 12.2.19 - IBM WebSphere Application Server Community Edition Tomcat Container Denial Of Service
• 12.2.20 - Yaws Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
• 12.2.21 - Moodle "/calendar/set.php" HTTP Response Splitting
• 12.2.22 - ImpressCMS Cross-Site Scripting and Local File Include Vulnerabilities
• 12.2.23 - PHPIDS ReDoS Filters Security Bypass
• 12.2.24 - eFront "download" Parameter Directory Traversal
• 12.2.25 - dl Download Ticket Service Authentication Bypass

Hardware

• 12.2.26 - HP LaserJet Printers Directory Traversal

PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/risk/#process

*************************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 2, 2012

(1) HIGH: Microsoft Products Multiple Security Vulnerabilities Affected: Microsoft Office Microsoft Windows Media Player Description: As part of its patch Tuesday program, Microsoft has released patches addressing multiple security vulnerabilities in its products. Patches for Microsoft Office address two problems with the Windows Object Packager, which is responsible for checking for unsafe objects embedded in Office files. The problem involves ClickOnce files, which are self-updating executables that are designed to be installed and run with minimal user interaction. Because these files are not considered unsafe by Windows Object Packager, they can be embedded into Office files. Another patch addresses an improper registry key used by Windows Object Package manager. By enticing a target to open a malicious file, an attacker can use either of these vulnerabilities to execute arbitrary code on a target's machine without any other interaction on the part of the target. Two vulnerabilities affecting Windows Media Player have also been addressed. By enticing a target to view a malicious MIDI or DirectShow file, an attacker can exploit these vulnerabilities in order to execute arbitrary code on the target's machine. Status: vendor confirmed, updates available References: Vendor Site http://www.microsoft.com Microsoft Security Bulletins http://technet.microsoft.com/en-us/security/bulletin/ms12-002 http://technet.microsoft.com/en-us/security/bulletin/ms12-005 SecurityFocus BugTraq IDs http://www.securityfocus.com/bid/51284 http://www.securityfocus.com/bid/51292 http://www.securityfocus.com/bid/51295 http://www.securityfocus.com/bid/51297

*************************************************************

(2) HIGH: Adobe Multiple Security Vulnerabilities Affected: Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh Description: Adobe has released patches for multiple unspecified security vulnerabilities and a signedness error in a component of Adobe Reader responsible for parsing BMP images. By enticing a target to view a malicious file, an attacker can exploit these vulnerabilities in order to corrupt memory and possibly execute arbitrary code on a target's machine. Status: vendor confirmed, updates available References: Vendor Site http://www.adobe.com Adobe Security Bulletin http://www.adobe.com/support/security/bulletins/apsb12-01.html SecurityFocus BugTraq IDs http://www.securityfocus.com/bid/51348 http://www.securityfocus.com/bid/51349 http://www.securityfocus.com/bid/51350 http://www.securityfocus.com/bid/51351

*************************************************************

(3) HIGH: Apache Struts Multiple Security Vulnerabilities Affected: Description: Apache has released a patch addressing multiple security vulnerabilities in its Struts web application server. Struts is used to serve Java servlets, which are web applications written in Java. One vulnerability involves a problem in Strut's reporting during exception handling, when user-supplied parameter values are evaluated as OGNL expressions. OGNL, an expression language for Java, allows for only a subset of Java to be used, but this is still enough for arbitrary code execution. Another vulnerability involves unsafe evaluation of cookie names, which can be used by an attacker to access static methods. By sending a malicious request, an attacker can exploit these vulnerabilities in order to execute arbitrary code on a target's machine. Status: vendor confirmed, updates available References: Vendor Site http://www.apache.org Apache Security Bulletin http://struts.apache.org/2.x/docs/s2-008.html

*************************************************************

(4) MEDIUM: Google Chrome Multiple Security Vulnerabilities Affected: Google Chrome prior to 16.0.912.75 Description: Google has released a patch addressing multiple security vulnerabilities affecting its Chrome web browser. The vulnerabilities include a use-after-free issue in animation frames, a heap buffer overflow in libxml, and a stack-buffer overflow in glyph handling. Google has not provided technical information for these vulnerabilities, but because they are related HIGH, it is likely that some of them can be exploited to execute arbitrary code on a target's machine. To do so, an attacker would have to entice the target to view a malicious site. Status: vendor confirmed, updates available References: Vendor Site http://www.google.com Google Stable Channel Updates http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html SecurityFocus BugTraq IDs http://www.securityfocus.com/bid/51300

*************************************************************

• 12.2.1 - CVE: CVE-2012-0001
• Platform: Windows
• Title: Microsoft Windows Kernel SafeSEH Security Bypass
• Description: Microsoft Windows is exposed to a security bypass issue that affects the "Ntdll.dll" component. Specifically, this issue occurs due to the way the Windows kernel loads a structured exception handling table into the "Load Configuration" PE header during binary execution. x64-based editions of Windows XP and all supported editions of Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2 are affected.
• Ref: http://technet.microsoft.com/en-us/security/bulletin/MS12-001

• 12.2.2 - CVE: CVE-2012-0005
• Platform: Windows
• Title: Microsoft Windows CSRSS Local Privilege Escalation
• Description: Microsoft Windows is exposed to a local privilege escalation issue that exists in the Client/Server Run time Subsystem. Specifically, this issue occurs when processing a sequence of specially crafted Unicode characters. All supported editions of Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008 are affected.
• Ref: http://technet.microsoft.com/en-us/security/bulletin/MS12-003

• 12.2.3 - CVE: CVE-2012-0013
• Platform: Windows
• Title: Microsoft Windows ClickOnce Application Installer Remote Code Execution
• Description: Microsoft Windows is exposed to a remote code execution issue. This issue occurs because the ClickOnce application file type is not included in the Windows Packager unsafe file type list. This will allow attackers to embed ClickOnce applications into Microsoft Office documents. All supported releases of Microsoft Windows are affected.
• Ref: http://technet.microsoft.com/en-us/security/bulletin/MS12-005

• 12.2.4 - CVE: CVE-2012-0009
• Platform: Windows
• Title: Microsoft Windows Object Packager Remote Code Execution
• Description: Microsoft Windows is exposed to a remote code execution issue. This issue occurs because the application fails to properly register and implement the Windows Object Packager. All supported editions of Windows XP and Windows Server 2003 are affected.
• Ref: http://technet.microsoft.com/en-us/security/bulletin/MS12-002

• 12.2.5 - CVE: CVE-2012-0007
• Platform: Other Microsoft Products
• Title: Microsoft AntiXSS Library Sanitization Module Security Bypass
• Description: Microsoft Anti-Cross Site Scripting Library (AntiXSS) is an encoding library designed to protect ASP.NET web-based applications from XSS attacks. The library is exposed to a security bypass issue that affects the sanitization module. This occurs because the library fails to properly sanitize specially crafted HTML. Microsoft Anti-Cross Site Scripting Library version 3.x and 4.0 are vulnerable.
• Ref: http://technet.microsoft.com/en-us/security/bulletin/MS12-007

• 12.2.6 - CVE: CVE-2012-0003,CVE-2012-0004
• Platform: Other Microsoft Products
• Title: Microsoft Windows Media Player Remote Code Execution
• Description: Microsoft Windows Media Player is a multimedia application available for the Windows operating system. The application is exposed to a remote code execution issue when handling specially crafted media content. Specifically, the issue affects the windows multimedia library ("winmm.dll") when parsing a specially crafted MIDI file. All supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows XP Media Center Edition 2005 Service Pack 3 and Windows Media Center TV Pack for Windows Vista are affected.
• Ref: http://technet.microsoft.com/en-us/security/bulletin/MS12-004

• 12.2.7 - CVE: CVE-2011-4056
• Platform: Third Party Windows Apps
• Title: Siemens Tecnomatix FactoryLink ActiveX Arbitrary File Overwrite
• Description: Siemens Tecnomatix FactoryLink is Supervisory Control and Data Acquisition software. The application is exposed to an arbitrary file overwrite issue because it fails to properly sanitize user-supplied input before saving files. Specifically, attackers can save data to an arbitrary file, overwriting the current content. Siemens Tecnomatix FactoryLink V8.0.2.54, V7.5.217 (V7.5 SP2) and V6.6.1 (V6.6 SP1) are affected.
• Ref: http://www.us-cert.gov/control_systems/pdf/ICSA-11-343-01.pdf http://www.securityfocus.com/bid/51267/references

• 12.2.8 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Hitachi Multiple IT Operations Products Unspecified Cross-Site Scripting
• Description: Hitachi IT Operations Director offers an all-in-one solution focused on key IT lifecycle management functions. Hitachi IT Operations Analyzer is software that monitors IT Infrastructure availability and performance. The two Products are exposed to an unspecified cross-site scripting issue because they fail to properly sanitize user-supplied input. Hitachi IT Operations Director 02-50-01 to 02-50-07, 03-00 to 03-00-04, Hitachi IT Operations Analyzer 02-01, 02-51 to 02-51-01 and 02-53 to 02-53-02 are affected.
• Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-001/inde
  x.html

• 12.2.9 - CVE: CVE-2011-2776
• Platform: Linux
• Title: Super Remote Buffer Overflow
• Description: Super is a Linux package used to allow users to execute scripts and commands as if they were root. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data before copying it to an insufficiently sized buffer. Specifically, the issue affects the syslog logging code. Super 3.30.0-2 is vulnerable and other versions may also be affected.
• Ref: http://www.securityfocus.com/bid/51319/references http://packages.debian.org/source/lenny/super

• 12.2.10 - CVE: Not Available
• Platform: Cross Platform
• Title: Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
• Description: Apache Struts is a framework for building Web applications. The framework is exposed to multiple issues. A remote command execution issue affects the "CookieInterceptor" class because the application fails to restrict access to certain static methods when handling cookie names. An arbitrary file overwrite issue exists because the "ParameterInterceptor" fails to properly sanitize user-supplied input before creating files. Versions prior to Apache Struts 2.3.1.1 are vulnerable and other versions may also be affected.
• Ref: http://struts.apache.org/2.x/docs/s2-008.html

• 12.2.11 - CVE:CVE-2012-0027,CVE-2011-4619,CVE-2011-4577,CVE-2011-4576,CVE-2011-4109,CVE-2011-4108
• Platform: Cross Platform
• Title: OpenSSL Multiple Vulnerabilities
• Description: OpenSSL is an open-source implementation of the SSL protocol, which is used by a number of other projects. OpenSSL is exposed to multiple issues. An information disclosure issue affects the CBC mode encryption of Datagram Transport Layer Security (DTLS). A memory corruption issue occurs due to a double-free condition in policy checks while using X509_V_FLAG_POLICY_CHECK. An information disclosure issue exists. Specifically, in each record, up to 15 bytes of uninitialized memory is encrypted and sent to the SSL peer. The issue exists because the library does not properly clear the bytes used as block cipher padding in SSL 3.0 records. A denial of service issue occurs due to an assertion failure when handling specially crafted RFC 3779 data in certificates. 5) A denial of service issue affects the support for handshake restarts for server gated cryptography (SGC). A denial of service issue affects the GOST ENGINE when processing specially crafted GOST parameters. Successful exploitation of these issues will cause the server to crash due to lack of error checking. OpenSSL versions 1.0.0x before 1.0.0f or 0.9.8x before 0.9.8s are affected.
• Ref: http://www.openssl.org/news/secadv_20120104.txt http://www.securityfocus.com/bid/51281/references

• 12.2.12 - CVE: CVE-2011-3922,CVE-2011-3921,CVE-2011-3919
• Platform: Cross Platform
• Title: Google Chrome Multiple Security Vulnerabilities
• Description: Google Chrome is a web browser for multiple platforms. The application is exposed to multiple security issues. A remote memory corruption issue occurs due to a use-after-free error in the animation frame. A buffer overflow issue occurs because it fails to perform adequate boundary checks when handling "glyph" data. A heap-based buffer overflow issue occurs because it fails to perform adequate boundary checks on user-supplied data in the "libxml" library. Versions prior to Chrome 16.0.912.75 are vulnerable.
• Ref: http://www.securityfocus.com/bid/51300/references http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3919 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3922 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3921 http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html

• 12.2.13 - CVE: Not Available
• Platform: Cross Platform
• Title: FFmpeg Multiple Remote Vulnerabilities
• Description: FFmpeg is a multimedia player. The application is exposed to multiple remote issues includinr multiple denial of service issues and multiple NULL pointer dereference errors that can be exploited to crash the application. FFmpeg versions prior to 0.9.1 are vulnerable.
• Ref: http://www.securityfocus.com/bid/51307/references http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=n0.9.1

• 12.2.14 - CVE: CVE-2012-0390
• Platform: Cross Platform
• Title: GnuTLS DTLS Information Disclosure
• Description: GNU Transport Layer Security Library is a library that implements the TLS 1.0 and SSL 3.0 protocols. The library is exposed to an information disclosure issue that affects the CBC mode encryption of Datagram Transport Layer Security. Specifically, the issue exists due to timing differences in the decryption process. Versions prior to 3.0.11 are vulnerable.
• Ref: http://www.gnu.org/software/gnutls/security.html http://www.securityfocus.com/bid/51322/references

• 12.2.15 - CVE: Not Available
• Platform: Cross Platform
• Title: ZNC "bouncedcc" Module Remote Denial of Service
• Description: ZNC is a bouncer application for Internet Relay Chat. The application is exposed to a remote denial of service issue in the "bouncedcc" module. This issue affects the "CBounceDCCMod:OnPrivCTCP()" function of the "modules/bouncedcc.cpp" file. The issue affects ZNC 0.202 and other versions may also be affected.
• Ref: https://github.com/znc/znc/commit/11508aa72efab4fad0dbd8292b9614d9371b20a9#modul
  es/bouncedcc.cpp

• 12.2.16 - CVE: CVE-2011-2462, CVE-2011-4369, CVE-2011-4370,CVE-2011-4371, CVE-2011-4372, CVE-2011-4373
• Platform: Cross Platform
• Title: Adobe Acrobat and Reader Multiple Vulnerabilities
• Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to multiple security issues. See reference for detailed information. Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh, Adobe Reader 9.4.7 and earlier 9.x versions for Windows, Adobe Reader 9.4.6 and earlier 9.x versions for Macintosh, Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh, Adobe Acrobat 9.4.7 and earlier 9.x versions for Windows, Adobe Acrobat 9.4.6 and earlier 9.x versions for Macintosh are affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb12-01.html

• 12.2.17 - CVE: CVE-2012-0206
• Platform: Cross Platform
• Title: PowerDNS Authoritative Server Remote Denial of Service
• Description: PowerDNS is a DNS nameserver available for various platforms. The application is exposed to a remote denial of service issue. This issue is due to design flaw in the way the authoritative server responds to response packets. PowerDNS Authoritative Server versions prior to 3.0.1 (with the exception of 2.9.22.5) are affected.
• Ref: http://wiki.powerdns.com/trac/changeset/2331 http://mailman.powerdns.com/pipermail/pdns-users/2012-January/008457.html http://www.securityfocus.com/bid/51355/references

• 12.2.18 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: IBM Cognos TM1 Executive Viewer Multiple Cross-Site Scripting Vulnerabilities
• Description: IBM Cognos TM1 Executive Viewer provides users with Web-based access to information from online analytical processing databases for analysis and reporting. The application is exposed to multiple cross-site scripting issues because the application fails to sufficiently sanitize user-supplied input to the "aspnet_client/" and "evserver/createcontrol.js" script. IBM Cognos TM1 Executive Viewer 9.4 is vulnerable and other versions may also be affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM26682 http://xforce.iss.net/xforce/xfdb/72198

• 12.2.19 - CVE: Not Available
• Platform: Web Application
• Title: IBM WebSphere Application Server Community Edition Tomcat Container Denial Of Service
• Description: IBM WebSphere Application Server Community Edition is a web server. The application is exposed to a denial of service issue. Specifically, this issue occurs because of an unspecified error within the Tomcat container. Attackers can exploit this issue by sending specially crafted requests with many parameters to the vulnerable server. WebSphere Application Server Community Edition v3.0.0.0, v2.1.x.x prior to 2.1.1.6 and v1.1.x.x are affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21577274 http://www-01.ibm.com/support/docview.wss?uid=swg21575700 http://www.securityfocus.com/bid/51345/references

• 12.2.20 - CVE: CVE-2011-5025
• Platform: Web Application
• Title: Yaws Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
• Description: Yaws is an application web server. The application is exposed to multiple issues. Multiple cross-site scripting issues affect the following scripts and parameters: "editTag.yaws" : "tag", "showOldPage.yaws" : "index" and "allRefsToMe.yaws" : "node". An HTML-injection issue affects an unknown parameter of the "editPage.yaws" script. Yaws 1.88 is vulnerable and other versions may be affected.
• Ref: http://www.securityfocus.com/bid/51276/references https://sitewat.ch/Advisory/View/4 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5025

• 12.2.21 - CVE: CVE-2011-4203
• Platform: Web Application
• Title: Moodle "/calendar/set.php" HTTP Response Splitting
• Description: Moodle is a content manager for online courseware, it is implemented in PHP. The application is exposed to an HTTP response splitting issue because it fails to sufficiently sanitize input submitted to the "$url" variable of the "/calendar/set.php" script in the Calendar component before using it in HTTP headers. Moodle 1.9.x versions prior to 1.9.15, 2.0.x versions prior to 2.0.6, 2.1.x versions prior to 2.1.3 and 2.2 are affected.
• Ref: http://www.securityfocus.com/bid/51264/references http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4203

• 12.2.22 - CVE: Not Available
• Platform: Web Application
• Title: ImpressCMS Cross-Site Scripting and Local File Include Vulnerabilities
• Description: ImpressCMS is a PHP-based e-commerce application. The application is exposed to multiple input validation issues includeing multiple cross-site scripting issues and a local file include issue that affects the "icmsConfigPlugins[sanitizer_plugins]" parameter of the "edituser.php" script. ImpressCMS 1.3 Final is vulnerable and other versions may also be affected.
• Ref: http://www.securityfocus.com/archive/1/521112 http://community.impresscms.org/modules/smartsection/item.php?itemid=579

• 12.2.23 - CVE: CVE-2011-5021
• Platform: Web Application
• Title: PHPIDS ReDoS Filters Security Bypass
• Description: PHPIDS is a PHP-based web application. The application is exposed to a security bypass issue. Specifically, the issue occurs due to improper implementation of Regular Expression Denial of Service filters. PHPIDS versions before 0.7 are affected.
• Ref: http://www.securityfocus.com/bid/51277/references http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5021 https://sitewat.ch/Advisory/View/7

• 12.2.24 - CVE: Not Available
• Platform: Web Application
• Title: eFront "download" Parameter Directory Traversal
• Description: eFront is a PHP-based e-learning application. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input submitted to the "download" parameter of the "student.php" script. eFront 3.6.10 is vulnerable and other versions may also be affected.
• Ref: http://www.efrontlearning.net/download http://www.securityfocus.com/bid/51302/references

• 12.2.25 - CVE: Not Available
• Platform: Web Application
• Title: dl Download Ticket Service Authentication Bypass
• Description: dl Download Ticket Service is a PHP-based ticket management system. The application is exposed to an authentication bypass issue because an attacker can log in as an arbitrary user by forging an authorization header. dl Download Ticket Service 0.3 to 0.9 is vulnerable and other versions may also be affected.
• Ref: http://www.thregr.org/~wavexx/software/dl/NEWS.html http://www.securityfocus.com/bid/51347/references

• 12.2.26 - CVE: CVE-2011-4785
• Platform: Hardware
• Title: HP LaserJet Printers Directory Traversal
• Description: HP LaserJet printers are network attached printers. The devices are exposed to a directory traversal issue because they fail to sufficiently sanitize user-supplied input. HP LaserJet P3015 with firmware prior to 07.080.3 are affected.
• Ref: http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c0
  3140700&ac.admitted=1326170524652.876444892.492883150

(c) 2012. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit https://www.sans.org/account