INTERNET STORM CENTER SPOTLIGHT
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers.
https://isc.sans.edu/about.html
Critical OpenSSL 3.0 Update Released. Patches CVE-2022-3786, CVE-2022-3602
(Johannes Ullrich | 2022-11-01)
As preannounced, OpenSSL released version 3.0.7, which patches two related vulnerabilities rated as "High." Initially, as part of a preannouncement, the vulnerability was rated "Critical." OpenSSL 3.0 was initially released in September of last year.
The update patches a buffer overrun vulnerability that happens during the certificate verification. The certificated needs to contain a malicious Punycode encoded name, and the vulnerability is only triggered AFTER the certificate chain is verified. An attacker first needs to be able to have a malicious certificate signed by a certificate authority the client trusts. This does not appear to be exploitable against servers. For servers, this may be exploitable if the server requests a certificate from the client (mTLS) [1] . OpenSSL also published a blog post with details here: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
In short: While this is a potential remote code execution vulnerability, the requirements to trigger the vulnerability are not trivial, and I do not see this as a "Heartbleed Emergency". Patch quickly as updated packages become available, but beyond this, no immediate action is needed…
Sysinternals Updates: Process Explorer v17.0, Handle v5.0, Process Monitor v3.92 and Sysmon v14.11
(Didier Stevens | 2022-10-30)
Sysinternals tools updates have been released for
Process Explorer v17.0
Handle v5.0
Process Monitor v3.92
Sysmon v14.11
Make sure to update sysmon, as it includes a bug fix.
I like the update to the Handles and DLLs view: it's multitab now, making it easier to switch (unless you are used to the control keys to switch) …