Priveon Labs Security Blog

Microsoft support for Windows XP SP2 and Windows 2000 ends on July 13, 2010. After this date, MS will stop supporting windows XP SP2 and windows 2000 including security updates. Windows 2003 SP3 will be supported until at least 2014.

MS Formal End of Support Announcement

Windows Stream Blog

Ars Technica Article

MS Windows 2000 End of Support Solution Center

A recent Symantec Security Response whitepaper was released specifically addressing FireFox browser extension security. The whitepaper discusses:

• FireFox extension overview
• Potential of using previously trusted XPI extensions in attacks
• Update attacks
• Vulnerabilities in individual extensions
• Mitigation and known "real-world" examples of FireFox extension threats

While not necessarily groundbreaking, the whitepaper provides a good overview of FireFox extension and add-on security.

The whitepaper can be found here.

Cisco formally released NAC version 4.7.1 yesterday. This latest software release contains several enhancements - the major ones being support for both Windows7 and OS X 10.6:

Cisco NAC Windows Agent Version 4.7.1.511

In Cisco NAC Appliance Release 4.7(1), the Cisco NAC Agent version 4.7.1.511 has been enhanced to feature support for the Windows 7 client machine operating systems:

• Windows 7 Professional (32- and 64-bit)
• Windows 7 Ultimate (32- and 64-bit)
• Windows 7 Enterprise (32- and 64-bit)
• Windows 7 Home Premium (32- and 64-bit)
• Windows 7 Home Basic

Mac OS X Agent Version 4.7.1.505

In Cisco NAC Appliance Release 4.7(1), the Mac OS X Agent version 4.7.1.505 has been enhanced to feature login and posture assessment support for 32- and 64-bit Mac OS 10.6 (Snow Leopard) client machines.

See Release Notes for additional details.

MetaSploit 3.3 was recently released. Some of the summarized 3.3 enhancements include:

• New SQL and Oracle support enhancements (brute force and new drivers/support for both)
• OSVDB references added to exploits
• automated client-side exploitation has been overhauled using browser_autopwn (as presented at DefCon and discussed in previous Priveon blog entries)
• TCP based exploits can now be launched through SOCKS4/5 and HTTP proxies
• Improved AV signature bypass through msfencode
• 64-bit windows, 64-bit Linux (PPC) target support
• Improved AIX target support
• You can now configure # of retries for reverse_tcp stager
• reverse_tcp_allports can cycle through all outbound ports (for firewalls)
• Support for JSP payloads
• Simple fuzzer API added
• airpwn and dnspwn modules integrated
• Meterpreter improvements including improved VNC injection, improved traffic capturing and keystroke logging, full SSl support for post-staging (including a fake HTTP request for mimicking browser traffic – awesome!)
• POSIX target support for BSD/Linux
• New Metepreter scripts

MetaSploit 3.3 can be downloaded from http://www.metasploit.com/framework/download/ or upgraded from previous versions of the MetaSploit 3.x by typing svn update in MSFConsole

Cisco's AnyConnect Client version 2.4 now runs on the following new platforms:

• Microsoft Windows 7 (32-bit and 64-bit)
• Mac OS X 10.6 and 10.6.1 (both 32-bit and 64-bit)

This is good news for those of who have made the jump to the new OSs, but make sure you are aware of some potential DNS issues if you're a Mac user.  In the AnyConnect 2.4 release notes [Published: November 17, 2009], a caveat is mentioned: "Mac OS X releases 10.6.0, 10.6.1, and 10.6.2 do not tunnel DNS queries; however, we expect that a fix release will resolve this issue (CSCtc54466)."

Later on in the release-notes Cisco also mentions:

"Mac OS X 10.6 Sends All DNS Queries in the Clear -- With split-DNS enabled, Mac OS X 10.6 sends all DNS queries in the clear. It should send DNS queries targeting split-DNS domains over the VPN session. Apple plans to resolve this issue in an upcoming update."

Just a heads up for those running OS X 10.6 and the AnyConnect 2.4 client with split-DNS configured.  For troubeshooting purposes clearing the local cache can sometimes help (dscacheutil -flushcache).