Serious vulnerabilities in Microsoft Group Policy, Firefox, and Android

In today's episode of vulnerability, the use of which in the working environment could allow hackers to steal passwords from Group Policy. The development team responsible for the work and the development of Mozilla Firefox also have reasons to your satisfaction. A few days ago revealed vulnerabilities, the use of which may result in the theft of credentials from Windows and Linux systems. Within a few days there are also holes in the Android version 2.2 Froyo until the latest.

Microsoft Group Policy

Group Policy (Group Policy), that make it easier for administrators to manage the configuration of the computer and user settings in an Active Directory Directory service environment, contains a vulnerability that allows an attacker to elevate permissions if Group Policy for Active Directory is used to distribute passwords in the domain. An attacker can steal and decrypt the password stored in the Group Policy preferences. Marked vulnerability as "important" in Microsoft's bulletin MS14-025has already been patched and applies to Windows Vista, Windows 7, Windows 8 and Windows 8.1. The updates also include Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2.

Mozilla Firefox

In Firefox, Firefox ESR and firmware Firefox OS 2.2 found a hole in the built-in mechanism for viewing PDF files-PDF Viewer. Injected script with a malicious Web page could allow an attacker to take advantage of the vulnerability CVE-2015-4495 and read and steal sensitive local files from your computer, mainly passwords and logins, without leaving traces after the attack .

In Windows, the attacker can access not only to the stored credentials, but also for the configuration files and login to FTP servers with eight mail clients, with Filezilla. In Linux at risk were the data in the location/etc/passwd, where malicious script "interested" was .bash_history files,. mysql_history,. pgsql_history,. ssh, FileZilla client, application of Psi +, text files that contain the name " pass "and" access "and shell scripts.

Unless you do this automatically for all users we recommend that you update your Firefox to version 39.0.3 and Firefox ESR to 38.1.1.


Up to 95 percent of all devices running under Android can be prone to two serious errors.

1. security experts from Zimperium have discovered a bug in the versions of Android from 2.2 to the latest, which allow an attacker to remotely execute code by sending a crafted multimedia messages. A multimedia message should be automatically opened for example. By Hangouts or other system software and can lead to the execution of arbitrary commands, and even to take control of your phone.

Unfortunately, not all are available, because they depend on the manufacturer/operator. In the best position are those devices that receive updates straight from Google, and so the owners samrtfonów and tablets, Motorola and Google Nexus, who already after two days received security update on their phones. No worse they also have people who for various reasons have decided to use the Cyanogenmoda. Others, unfortunately, have to wait for the firmware update, which for sure will not happen quickly.

Interestingly, LG phone owners will not only update but the monthly security patches. This LG joins the companies Google and Samsung, which declared that security is so important that the firmaware updates will be made available on a monthly basis.

2. in turn, malware Analysts with Trend Micro found a vulnerability in Android, which allowed DoS attack. The vulnerability was found in the MediaServer. Vulnerable are systems from Android 4.0.1 Jelly Bean to 5.1.1 Lollipop, so according to the estimates of Trend Micro even 95 all Android devices.

The effects are not very dangerous, but can be very insistent. First, an attacker can exploit this vulnerability to install an application or visit a malicious Web page, secondly, malicious file MKV embedded in an HTML page and play may force the phone to process specially crafted file the media, which slowed the system, until the battery is not discharged or removed from the device.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.