Microsoft Security Bulletin Coverage (July 14, 2015)

Microsoft က ထုံးစံအတိုင်း ဇူလိုင်လအတွက် Security Advisories ကို ထုတ်ပြန်လိုက်ပါတယ်။
အောက်က CVE ID တွေကို သင့် Security Device က Protect လုပ်နိုင် မနိုင်ဆိုတာကို စစ်ဆေးဖို့လိုပါလိမ့်မယ်။
တကယ်လို့ သင်က SonicWall Security Product တွေကို သုံးတာဆိုရင်တော့ စိတ်ချလက်ချပဲ နေလိုက်ပါ။
Dell SonicWall Security Team က Patch တွေ Release လုပ်ပေးထားလို့ပါပဲ။
Auto-update လုပ်တာမဟုတ်ရင်တော့ လဲ ကိုယ့်ဖာသာ လုပ်ပေါ့ဗျာ။

MS15-058 Vulnerabilities in SQL Server Could Allow Remote Code Execution
  • CVE-2015-1761 SQL Server Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-1762 SQL Server Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-1763 SQL Server Remote Code Execution Vulnerability
    There are no known exploits in the wild.
MS15-065 Security Update for Internet Explorer 
  • CVE-2015-1729 Internet Explorer Information Disclosure Vulnerability
    IPS: 5962 "Internet Explorer Cross-domain Information Disclosure (MS14-065) 2"
  • CVE-2015-1733 Internet Explorer Memory Corruption Vulnerability
    IPS: 11026 "Internet Explorer Memory Corruption Vulnerability (MS15-065) 10"
  • CVE-2015-1738 Internet Explorer Memory Corruption Vulnerability
    IPS: 11027 "Internet Explorer Memory Corruption Vulnerability (MS15-065) 11"
  • CVE-2015-1767 Internet Explorer Memory Corruption Vulnerability
    IPS: 11028 "Internet Explorer Memory Corruption Vulnerability (MS15-065) 12"
  • CVE-2015-2372 VBScript Memory Corruption Vulnerability
    IPS: 11029 "Internet Explorer Memory Corruption Vulnerability (MS15-065) 13"
  • CVE-2015-2383 Internet Explorer Memory Corruption Vulnerability
    IPS: 11030 "Internet Explorer Memory Corruption Vulnerability (MS15-065) 14"
  • CVE-2015-2384 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2385 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2388 Internet Explorer Memory Corruption Vulnerability
    IPS: 11031 "Internet Explorer Memory Corruption Vulnerability (MS15-065) 15"
  • CVE-2015-2389 Internet Explorer Memory Corruption Vulnerability
    IPS: 11032 "Internet Explorer Memory Corruption Vulnerability (MS15-065) 16"
  • CVE-2015-2390 Internet Explorer Memory Corruption Vulnerability
    IPS: 11033 "Internet Explorer Memory Corruption Vulnerability (MS15-065) 17"
  • CVE-2015-2391 Internet Explorer Memory Corruption Vulnerability
    IPS: 11034 "Internet Explorer Memory Corruption Vulnerability (MS15-065) 18"
  • CVE-2015-2397 Internet Explorer Memory Corruption Vulnerability
    IPS: 7638 "DOM Object Use-After-Free Attack 2"
  • CVE-2015-2398 Internet Explorer XSS Filter Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2401 Internet Explorer Memory Corruption Vulnerability
    IPS: 11036 "Internet Explorer Memory Corruption Vulnerability (MS15-065) 20"
  • CVE-2015-2402 Internet Explorer Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2403 Internet Explorer Memory Corruption Vulnerability
    IPS: 2175 "Internet Explorer Memory Corruption Vulnerability (MS15-065) 1"
  • CVE-2015-2404 Internet Explorer Memory Corruption Vulnerability
    IPS: 2190 "Internet Explorer Memory Corruption Vulnerability (MS15-065) 2"
  • CVE-2015-2406 Internet Explorer Memory Corruption Vulnerability
    IPS: 2191 "Internet Explorer Memory Corruption Vulnerability (MS15-065) 3"
  • CVE-2015-2408 Internet Explorer Memory Corruption Vulnerability
    IPS: 2192 "Internet Explorer Memory Corruption Vulnerability (MS15-065) 4"
  • CVE-2015-2410 Internet Explorer Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2411 Internet Explorer Memory Corruption Vulnerability
    IPS: 2198 "Internet Explorer Memory Corruption Vulnerability (MS15-065) 5"
  • CVE-2015-2412 Internet Explorer Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2413 Internet Explorer Information Disclosure Vulnerability
    IPS: 2207 "Internet Explorer Information Disclosure Vulnerability (MS15-065) 1"
  • CVE-2015-2414 Internet Explorer Information Disclosure Vulnerability
    IPS: 2208 "Internet Explorer Information Disclosure Vulnerability (MS15-065) 2"
  • CVE-2015-2419 Jscript9 Memory Corruption Vulnerability
    IPS: 2209 "Internet Explorer JScript9 Memory Corruption Vulnerability (MS15-065)"
  • CVE-2015-2421 Internet Explorer ASLR Bypass
    IPS: 2210 "Internet Explorer ASLR Bypass Vulnerability (MS15-065)"
  • CVE-2015-2422 Internet Explorer Memory Corruption Vulnerability
    IPS: 2233 "Internet Explorer Memory Corruption Vulnerability (MS15-065) 6"
  • CVE-2015-2425 Internet Explorer Memory Corruption Vulnerability
    IPS: 2234 "Internet Explorer Memory Corruption Vulnerability (MS15-065) 7"
  • CVE-2015-2372 VBScript Memory Corruption Vulnerability
    IPS: 11029 "Internet Explorer Memory Corruption Vulnerability (MS15-065) 13"
  • CVE-2015-2398 Internet Explorer XSS Filter Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2402 Internet Explorer Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2419 Jscript9 Memory Corruption Vulnerability
    IPS: 2209 "Internet Explorer JScript9 Memory Corruption Vulnerability (MS15-065)"
  • CVE-2015-2421 Internet Explorer ASLR Bypass
    IPS: 2210 "Internet Explorer ASLR Bypass Vulnerability (MS15-065)"
MS15-066 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution
  • CVE-2015-2372 VBScript Memory Corruption Vulnerability
    There are no known exploits in the wild.
MS15-067 Vulnerability in RDP Could Allow Remote Code Execution 
  • CVE-2015-2373 Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability
    There are no known exploits in the wild.
MS15-068 Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution 
  • CVE-2015-2361 Hyper-V Buffer Overflow Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2362 Hyper-V System Data Structure Vulnerability
    There are no known exploits in the wild.
MS15-069 Vulnerabilities in Windows Could Allow Remote Code Execution 
  • CVE-2015-2368 Windows DLL Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2369 DLL Planting Remote Code Execution Vulnerability
    There are no known exploits in the wild.
MS15-070 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution 
  • CVE-2015-2376 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2377 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2379 Microsoft Office Memory Corruption Vulnerability
    SPY:3107 "Malformed-File doc.MP.24"
  • CVE-2015-2380 Microsoft Office Memory Corruption Vulnerability
    SPY:3106 "Malformed-File doc.MP.23"
  • CVE-2015-2415 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2424 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
MS15-071 Vulnerability in Netlogon Could Allow Elevation of Privilege 
  • CVE-2015-2374 Elevation of Privilege Vulnerability in Netlogon
    There are no known exploits in the wild.
MS15-072 Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege 
  • CVE-2015-2364 Graphics Component EOP Vulnerability
    SPY:3105 "Malformed-File swf.MP.234"
MS15-073 Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege 
  • CVE-2015-2363 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2365 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2366 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2367 Win32k Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2381 Win32k Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2382 Win32k Information Disclosure Vulnerability
    There are no known exploits in the wild.
MS15-074 Vulnerability in Windows Installer Service Could Allow Elevation of Privilege 
  • CVE-2015-2371 Windows Installer EoP Vulnerability
    There are no known exploits in the wild.
MS15-075 Vulnerabilities in OLE Could Allow Elevation of Privilege 
  • CVE-2015-2416 OLE Elevation of Privilege Vulnerability
    SPY:3105 "Malformed-File swf.MP.234"
  • CVE-2015-2417 OLE Elevation of Privilege Vulnerability
    SPY:3105 "Malformed-File swf.MP.234"
MS15-076 Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege 
  • CVE-2015-2370 Windows RPC Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
MS15-076 Vulnerability in ATM Font Driver Could Allow Elevation of Privilege 
  • CVE-2015-2387 ATMFD.DLL Memory Corruption Vulnerability
    There are no known exploits in the wild.

Source : SonicWall Security Center

ပျော်ရွှင်ပါစေဗျာ။

(Be knowledgeable, pass it on then)

Adobe Flash Player Heap Zero-Day Vulnerability CVE-2015-3133

User level မှာ Software installation, update တွေပေးမလုပ်တဲ့ အဖွဲ့အစည်းတွေအနေနဲ့ Adobe Flash Player ကို လဲ Admin ကနေ update လုပ်ပေးဖို့လိုပါတယ်။

Adobe Flash Player မှာ Heap Zero-Day Vulnerability ဆိုတာ ကို  Dell SonicWall Product တွေအတွက် Update Patch ထုတ်ပေးထားပါတယ်။

Update Patch File  ကတော့ "1040 Malformed-File swf.MP.228" ပါတဲ့။

ဒီ အားနည်းချက်ကြောင့် လုံခြုံရေးကျိုးပေါက်တာတော့ မတွေ့ရသေးဘူးလို့ဆိုပါတယ်။
ကျိုးပေါက်ခဲ့ရင်တော့ ချိုးဖောက်ခံရတဲ့ စနစ်ကို ဖောက်ထွင်းတဲ့သူက ထိန်းချုပ်နိုင်ပါတယ်တဲ့။

ဖြစ်နိုင်တဲ့ System တွေကတော့ Windows 7 နဲ့ သူ့အောက်က Internet Explorer, Windows XP ထဲက Firefox တွေမှာပါတဲ့။

အောက်က Software Versions တွေမှာ ဖြစ်နိုင်ပါတယ်တဲ့။

  • Adobe Flash Player 18.0.0.161 and earlier versions for Windows and Macintosh
  • Adobe Flash Player Extended Support Release version 13.0.0.292 and earlier 13.x versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.466 and earlier 11.x versions for Linux

CVE ID အနေနဲ့ သိချင်သေးရင် အောက်ကလင့်မှာ သွားကြည့်နိုင်ပါတယ်။

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3113

ပျော်ရွှင်ပါစေဗျာ။
(Be knowledgeable, pass it on then)

Steps to configure Site to Site VPN between SonicWalls


SonicWall Firewall ၂ ခု ကို IKEv2 Mode သုံးပြီး Site to Site IPSec VPN Tunnel ဆောက်ပုံလေး ဝေမျှချင်ပါတယ်။

Local Firewall နဲ့ Remote Firewall မှာ အောက်က အဆင့်တွေကို လုပ်ပါ။

- သက်ဆိုင်ရာ Zone အလိုက် Firewall Address Object တွေကို Create လုပ်ပြီး Assign လုပ်ပါ။
- VPN Setting ကို Enable လုပ်ပါ။ Default က Disable ဖြစ်နေပါတယ်။
- VPN Policy ကို Add ပါ။
( ဒီအချက် လေးတွေကို မှန်အောင် လုပ်ပါ။
၁။ Policy Type က Site to Site
၂။ Authentication Method က IKE using Preshared Secret
၃။ Name ကိုတော့ မိမိ အဆင်ပြေသလိုပေးနိုင်ပါတယ်။
၄။ IPSec Primary Gateway Name or Address နေရာမှာ Remote Firewall ရဲ့ WAN IP ထည့်ပါ။
၅။ Shared Secret ကို ထည့်ပါ။
၆။ IKEv2 Mode သုံးမယ်ဆိုရင် IKE ID နေရာတွေမှာ Firewall တွေရဲ့ WAN IP တွေထည့်ပါ။ Local နဲ့ Peer (Remote) IKE ID များမှန်ပါစေ။
၇။ Network Section မှာ Local နဲ့ Destination (Remote) Network Subnet များမှန်ပါစေ။
၈။ Phase 1 , Phase 2 Proposal များ Firewall ၂ ခုလုံးမှာ မှန်ပါစေ။
၉။ Keep Alive ကို Enable လုပ်ဖို့မမေ့ပါနဲ့။
၁၀။ VPN အတွက် Access Rule ရှိနေပါစေ။ Default အနေနဲ့ Auto Added ပါ။ မရှိခဲ့ရင် Manual Add ပါ။)

အပေါ်က အချက်တွေ အားလုံး Local and Remote Firewall တွေမှာ ပြည့်စုံမှန်ကန်ပြီဆိုရင် IPSec Site to Site VPN Tunnel Up and Running ဖြစ်နေတာကို တွေ့ရမှာပဲ ဖြစ်ပါတယ်။

နမူနာအနေနဲ့ Local Site Firewall ရဲ့ Configuration တွေကို ပြပေးထားပါတယ်။

အခုမှ SonicWall ကို စထိတွေ့ရမယ့်သူများအနေနဲ့ အသုံးဝင်မယ်လို့ ယုံကြည့်ပါတယ်။











ပျော်ရွှင်ပါစေဗျာ။
(Be knowledgeable, pass it on then)