[English] HP Conexant Keylogger! Urgent!


Some HP laptops are vulnerable due to a now known bug that has an enormous security fail:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8360

In simple words, Conexant the sound driver in the machines, keeps track of all the keystrokes in a text file named: MicTray.log

keyloggerhp

This file contains all the keystrokes that the user typed… It only takes to transcribe the key code to read it. You can find the codes that matches the keys here:

https://msdn.microsoft.com/fr-fr/library/windows/desktop/dd375731(v=vs.85).aspx

Example:

sample_conexant

and:

clip_image005

Here, the affected laptops:

  • § HP EliteBook 820 G3 Notebook PC
  • § HP EliteBook 828 G3 Notebook PC
  • § HP EliteBook 840 G3 Notebook PC
  • § HP EliteBook 848 G3 Notebook PC
  • § HP EliteBook 850 G3 Notebook PC
  • § HP ProBook 640 G2 Notebook PC
  • § HP ProBook 650 G2 Notebook PC
  • § HP ProBook 645 G2 Notebook PC
  • § HP ProBook 655 G2 Notebook PC
  • § HP ProBook 450 G3 Notebook PC
  • § HP ProBook 430 G3 Notebook PC
  • § HP ProBook 440 G3 Notebook PC
  • § HP ProBook 446 G3 Notebook PC
  • § HP ProBook 470 G3 Notebook PC
  • § HP ProBook 455 G3 Notebook PC
  • § HP EliteBook 725 G3 Notebook PC
  • § HP EliteBook 745 G3 Notebook PC
  • § HP EliteBook 755 G3 Notebook PC
  • § HP EliteBook 1030 G1 Notebook PC
  • § HP ZBook 15u G3 Mobile Workstation
  • § HP Elite x2 1012 G1 Tablet
  • § HP Elite x2 1012 G1 with Travel Keyboard
  • § HP Elite x2 1012 G1 Advanced Keyboard
  • § HP EliteBook Folio 1040 G3 Notebook PC
  • § HP ZBook 17 G3 Mobile Workstation
  • § HP ZBook 15 G3 Mobile Workstation
  • § HP ZBook Studio G3 Mobile Workstation
  • § HP EliteBook Folio G1 Notebook PC

All this to say that taking advantage of this bug is as easy as it is dangerous.

HP has put at disposal a new hotfix: SP80323.exe

If your laptop appears in this list, please urgently update it!

Another way of doing it is deleting the executable, the log and all kind of automatic launch to prevent from this fail. To do so, delete MicTray.exe or MicTray64.exe, MicTray.xml or MicTray64.xml (both can be found under System32), delete the log in the Public repertoire and restart the machine!

This link will show you a PowerShell script cleaning the system!

https://github.com/jolegape/RemoveConexantKeylogger/blob/master/Remove_Conexant_Keylogger.ps1

Have a blast with this patch,

Security first!

@RioJoubert

Publié dans Security, ENGLISH | Laisser un commentaire

[SPANISH] ¡HP Conexant Keylogger! ¡Urgente!


 

Por causa de un ‘bug’ hoy en día conocido, una falla de seguridad enorme vulnera algunos portátiles de HP:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8360

En pocas palabras: Conexant, el driver del sonido presente en estas máquinas, repertoria todas las introducciones de datos del teclado en un archivo de texto llamado: MicTray.log

keyloggerhp

El archivo MicTray.log contiene todas las teclas que el usuario de la maquina introdujo… basta con transcribir el código de la tecla para leerlo. Los códigos correspondientes a las teclas se consiguen aquí:

https://msdn.microsoft.com/fr-fr/library/windows/desktop/dd375731(v=vs.85).aspx

Ejemplo:

sample_conexant

y, en el archivo:

clip_image005

Las computadoras afectadas son las siguientes:

  • § HP EliteBook 820 G3 Notebook PC
  • § HP EliteBook 828 G3 Notebook PC
  • § HP EliteBook 840 G3 Notebook PC
  • § HP EliteBook 848 G3 Notebook PC
  • § HP EliteBook 850 G3 Notebook PC
  • § HP ProBook 640 G2 Notebook PC
  • § HP ProBook 650 G2 Notebook PC
  • § HP ProBook 645 G2 Notebook PC
  • § HP ProBook 655 G2 Notebook PC
  • § HP ProBook 450 G3 Notebook PC
  • § HP ProBook 430 G3 Notebook PC
  • § HP ProBook 440 G3 Notebook PC
  • § HP ProBook 446 G3 Notebook PC
  • § HP ProBook 470 G3 Notebook PC
  • § HP ProBook 455 G3 Notebook PC
  • § HP EliteBook 725 G3 Notebook PC
  • § HP EliteBook 745 G3 Notebook PC
  • § HP EliteBook 755 G3 Notebook PC
  • § HP EliteBook 1030 G1 Notebook PC
  • § HP ZBook 15u G3 Mobile Workstation
  • § HP Elite x2 1012 G1 Tablet
  • § HP Elite x2 1012 G1 with Travel Keyboard
  • § HP Elite x2 1012 G1 Advanced Keyboard
  • § HP EliteBook Folio 1040 G3 Notebook PC
  • § HP ZBook 17 G3 Mobile Workstation
  • § HP ZBook 15 G3 Mobile Workstation
  • § HP ZBook Studio G3 Mobile Workstation
  • § HP EliteBook Folio G1 Notebook PC

En definitiva, sacar provecho de este bug es muy fácil y el riesgo de este es elevadísimo.

HP ha proporcionado un nuevo hotfix: SP80323.exe

¡Si su portátil está en la lista, procure ponerlo al día con carácter de urgencia!

La otra manera, es suprimiendo el ejecutable, el historial, así como de todo lanzamiento automático para protegerse de esta falla: por lo cual suprima MicTray.exe o MicTray64.exe, MicTray.xml o MicTray64.xml (ambos se encuentran bajo el repertorio System32), suprima el historial que se encuentra en el repertorio Publico y reinicialice

¡En este enlace podrá ver como un script de PowerShell se encarga de depurar el sistema!

https://github.com/jolegape/RemoveConexantKeylogger/blob/master/Remove_Conexant_Keylogger.ps1

Deseándoles el mejor parche posible,

¡Seguridad a la vista!

@RioJoubert por PierrE

Publié dans Security, SPANISH | Laisser un commentaire

HP Conexant Keylogger !!! Urgent!


Certains portables HP sont vulnérables à cause d’ un « bug » qui est maintenant connu et présente une faille de sécurité énorme :

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8360

Explication grossiere: le pilote son CONEXANT, présent sur ces PCs, logue toutes les saisies clavier dans un fichier texte : MicTray.log

keyloggerhp

Ce fichier MicTray.log contient toutes les touches que les utilisateurs de la machine ont utilisé… Il suffit de transcrire le code de la touche pour le lire en allant chercher les correspondance ici :

https://msdn.microsoft.com/fr-fr/library/windows/desktop/dd375731(v=vs.85).aspx

Exemple :

sample_conexant

clip_image005

Les PCs ciblés sont :

  • HP EliteBook 820 G3 Notebook PC
  • HP EliteBook 828 G3 Notebook PC
  • HP EliteBook 840 G3 Notebook PC
  • HP EliteBook 848 G3 Notebook PC
  • HP EliteBook 850 G3 Notebook PC
  • HP ProBook 640 G2 Notebook PC
  • HP ProBook 650 G2 Notebook PC
  • HP ProBook 645 G2 Notebook PC
  • HP ProBook 655 G2 Notebook PC
  • HP ProBook 450 G3 Notebook PC
  • HP ProBook 430 G3 Notebook PC
  • HP ProBook 440 G3 Notebook PC
  • HP ProBook 446 G3 Notebook PC
  • HP ProBook 470 G3 Notebook PC
  • HP ProBook 455 G3 Notebook PC
  • HP EliteBook 725 G3 Notebook PC
  • HP EliteBook 745 G3 Notebook PC
  • HP EliteBook 755 G3 Notebook PC
  • HP EliteBook 1030 G1 Notebook PC
  • HP ZBook 15u G3 Mobile Workstation
  • HP Elite x2 1012 G1 Tablet
  • HP Elite x2 1012 G1 with Travel Keyboard
  • HP Elite x2 1012 G1 Advanced Keyboard
  • HP EliteBook Folio 1040 G3 Notebook PC
  • HP ZBook 17 G3 Mobile Workstation
  • HP ZBook 15 G3 Mobile Workstation
  • HP ZBook Studio G3 Mobile Workstation
  • HP EliteBook Folio G1 Notebook PC

Autant dire que l’exploitation du bug est simple et présente un risque plus qu’élevé.

HP a mis a disposition un nouveau hotfix: SP80323.exe

Il faut mettre à jour de toute urgence vos machines si ces dernieres sont sur la liste!!!

Une autre solution est de supprimer l’executable et le log, et tout lancement automatique afin de se prémunir contre cette faille: pour cela suprimez MicTray.exe ou MicTray64.exe, MicTray.xml ou MicTray64.xml (Ils sont tous deux sous le répertoire System32) et le log qui est dans le repertoire Public! et redémarrez!

regardez ici: https://github.com/jolegape/RemoveConexantKeylogger/blob/master/Remove_Conexant_Keylogger.ps1 pour un script powershell faisant le ménage!

Bon patch à tous….

Sacré Weekend pour la sécurité!!!

PierrE

Publié dans Audit, Scripting, Security | Tagué , , , , , , | Laisser un commentaire

Microsoft Security Advisory Notificaion


********************************************************************

Title: Microsoft Security Advisory Notification

Issued: May 11, 2017

********************************************************************

Security Advisories Released or Updated Today ==============================================

* Microsoft Security Advisory 4021279

– Title: Vulnerabilities in .NET Core, ASP.NET Core Could Allow

Elevation of Privilege

https://technet.microsoft.com/library/security/4021279.aspx

– Reason for Revision: Advisory revised to include a table of

issue CVEs and their descriptions. This is an informational

change only.

– Originally posted: May 9, 2017

– Updated: May 11, 2017

– Bulletin Severity Rating: N/A

– Version: 1.1

Rappellez vous de maintenir vos serveurs à jour … Votre sécurité en dépend!

PierrE.

Publié dans Uncategorized | Laisser un commentaire

Patch Tuesday, Mai 2017


Une bonne dose de patchs aujourd’hui Smile

This summary lists security updates released for May 2017.

Complete information for the May 2017 security update release can Be found at <https://portal.msrc.microsoft.com/en-us/security-guidance>.

Critical Security Updates

============================

Critical Adobe Flash Player

Critical Internet Explorer 10

Critical Internet Explorer 11

Critical Internet Explorer 9

Critical Microsoft Edge

Critical Microsoft Business Productivity Servers 2010

Critical Microsoft Office 2007 Service Pack 3

Critical Microsoft Office 2010 Service Pack 2 (32-bit editions)

Critical Microsoft Office 2010 Service Pack 2 (64-bit editions)

Critical Microsoft Office 2013 RT Service Pack 1

Critical Microsoft Office 2013 Service Pack 1 (32-bit editions)

Critical Microsoft Office 2013 Service Pack 1 (64-bit editions)

Critical Microsoft Office 2016 (32-bit edition)

Critical Microsoft Office 2016 (64-bit edition)

Critical Microsoft Office 2016 for Mac

Critical Microsoft Office Compatibility Pack Service Pack 3

Critical Microsoft Office for Mac 2011

Critical Microsoft Office Web Apps 2010 Service Pack 2

Critical Microsoft Office Web Apps 2013 Service Pack 1

Critical Microsoft Office Word Viewer

Critical Microsoft Office Web Apps Server 2013

Critical Microsoft Office Online Server

Critical Microsoft Project Server 2013

Critical Microsoft SharePoint Enterprise Server 2016

Critical Microsoft SharePoint Foundation 2013 Service Pack 1

Critical Microsoft SharePoint Server 2010

Critical Microsoft SharePoint Foundation 2013

Critical Microsoft SharePoint Enterprise Server 2013

Critical Word Automation Services

Critical Microsoft Word 2007 Service Pack 3

Critical Microsoft Word 2010 Service Pack 2 (32-bit editions)

Critical Microsoft Word 2010 Service Pack 2 (64-bit editions)

Critical Microsoft Word 2013 RT Service Pack 1

Critical Microsoft Word 2013 Service Pack 1 (32-bit editions)

Critical Microsoft Word 2013 Service Pack 1 (64-bit editions)

Critical Microsoft Word 2016 (32-bit edition)

Critical Microsoft Word 2016 (64-bit edition)

Critical Skype for Business 2016

Critical Windows 7 for 32-bit Systems Service Pack 1

Critical Windows 7 for x64-based Systems Service Pack 1

Critical Windows 8.1 for 32-bit systems

Critical Windows 8.1 for x64-based systems

Critical Windows RT 8.1

Critical Windows 10 for 32-bit Systems

Critical Windows 10 for x64-based Systems

Critical Windows 10 Version 1511 for 32-bit Systems

Critical Windows 10 Version 1511 for x64-based Systems

Critical Windows 10 Version 1607 for 32-bit Systems

Critical Windows 10 Version 1607 for x64-based Systems

Critical Windows 10 Version 1703 for 32-bit Systems

Critical Windows 10 Version 1703 for x64-based Systems

Critical Windows Server 2008 for 32-bit Systems Service Pack 2

Critical Windows Server 2008 for 32-bit Systems Service Pack 2

(Server Core installation)

Critical Windows Server 2008 for Itanium-Based Systems Service

Pack 2

Critical Windows Server 2008 for x64-based Systems Service

Pack 2

Critical Windows Server 2008 for x64-based Systems Service

Pack 2 (Server Core installation)

Critical Windows Server 2008 R2 for Itanium-Based Systems

Service Pack 1

Critical Windows Server 2008 R2 for x64-based Systems Service

Pack 1

Critical Windows Server 2008 R2 for x64-based Systems Service

Pack 1 (Server Core installation)

Critical Windows Server 2012

Critical Windows Server 2012 (Server Core installation)

Critical Windows Server 2012 R2

Critical Windows Server 2012 R2 (Server Core installation)

Critical Windows Server 2016

Critical Windows Server 2016 (Server Core installation)

Important Security Updates

============================

Important Microsoft .NET Framework 2.0 Service Pack 2

Important Microsoft .NET Framework 3.5

Important Microsoft .NET Framework 3.5.1

Important Microsoft .NET Framework 4.5.2

Important Microsoft .NET Framework 4.6

Important Microsoft .NET Framework 4.6.1

Important Microsoft .NET Framework 4.6.2

Important Microsoft .NET Framework 4.6/4.6.1

Important Microsoft .NET Framework 4.7

 

et si vous avez encore du temps, il y a aussi:

********************************************************************

Title: Microsoft Security Advisory Notification

Issued: May 8, 2017

********************************************************************

Security Advisories Released or Updated Today ==============================================

* Microsoft Security Advisory 4022344

– Title: Security Update for Microsoft Malware Protection Engine

https://technet.microsoft.com/library/security/4022344.aspx

– Reason for Revision: Microsoft is releasing this security advisory

to inform customers that an update to the Microsoft Malware

Protection Engine addresses a security vulnerability that was

reported to Microsoft.

– Originally posted: May 8, 2017

– Updated: N/A

– Version: 1.0

 

patchez vite vos systèmes, la faille est publiée….

PierrE.

Publié dans Security, WSUS | Laisser un commentaire

SCCM CB 1702 disponible en téléchargement (Stand Alone)


Si vous vous apprêtez à installer une nouvelle plateforme SCCM, ce post est pour vous Smile

Les binaires d’installation complète sont disponibles sur MSDN depuis ce jour!

image

Bonnes Installations!

PierrE.

Publié dans System Center | Tagué , , , | Laisser un commentaire

5 jours, 5 challenges, 5 opportunités d’apprendre, Gratuitement!


Voila une super opportunité, 5 jours de training gratuit, enfin, une vidéo, un cours et un challenge par jour, depuis le confort de votre bureau, offerts par Paula Januszkiewicz , experte en sécurité. Et suivez la sur twitter: @PaulaCqure

Ywa8WXJy

Merci Paula!!!

PierrE.

Publié dans ENGLISH, Event, Formation, Security | Tagué , , , , , , , | Laisser un commentaire