Patch Tuesday coming, NTP DDoS here, Ruby 1.9.3 going – Security Snippets


  • Next Tuesday, Patch Tuesday: A friendly reminder that next Tuesday sees 147 Oracle patches (Java (CVSS 10),VirtualBox (6.8), MySQL(10)), 5 Microsoft Bulletins and Adobe Reader and Acrobat priority 1 fixes all rolling out on the same day. The 2014 patch season is open for business.

  • NTP DDoS Mitigation: It seems DNS reflection attacks (getting DNS servers to send unsolicited data at an IP address) are out and the new reflection is NTP reflection. This abuses the Network Time Protocol’s monlist command which sends a list of the last 600 machines an NTP server has talked to to a particular address. Prod enough NTP servers sends that list to a victim and you have your DDoS attack. Cloudflare’s blog has a post on how to mitigate these attacks – It’s worth checking out as over Christmas it seems some big game sites got slapped with the NTP reflection hammer.

  • Ruby 1.9.3 gets a dead date: Pencil February 23 2015 in as the date Ruby 1.9.3 shufffles off its mortal coil. More imminently, February 23 2014 is when Ruby 1.9.3 goes into security fix only mode so get your Ruby 2.x migration plans in order now.

Microsoft and Adobe’s October Patch Tuesday – Security Snippets


  • Microsoft’s Monthly: It’s remote code execution holes all the way down in this months Patch Tuesday. From a bundle of Internet Explorere fixes in MS13-080 to a crunchy critical remote code execution and extra ‘important’ privilege escalation holes in Windows drivers, MS13-081 going all the way back to XP SP3 and all the way up to Windows 8. But wait, there’s more according to the cumulative advisory, MS13-Oct. Critical remote code execution holes in .NET Framework (MS13-082) and Windows Common Control Library (MS13-083) and “Important” remote code execution holes SharePoint Server (MS13-084), Excel (MS13-085 and Word (MS13-086) are also reported. There’s also an information disclosure hole in SilverLight (MS13-087). Fixes available from your friendly Microsoft Update service.
  • Adobe patches help up: Adobe’s fixes for this month have also been released. As well as the usual Reader and Acrobat fixes, developers who use Adobe’s RoboHelp will want to check out APSB13-24 as its a critical hole which could enable code execution. Adobe are priority rating 3, as it’s “not historically been a target for attackers”, but there’s always a first time.