top of page
This site was designed with the
.com
website builder. Create your website today.Start Now

 

The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries

​

Overview

 

The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries.

Products Affected

Installers of the following "The JPKI user's software" versions are affected:

  • The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier

  • The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)" Ver3.0.1 and earlier

  • The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier

 

Description

​

The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems (J-LIS) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.

Impact

Arbitrary code may be executed with the privilege of the user invoking the installer.

Solution

Use the latest installer of The Public Certification Service for Individuals "The JPKI user's software"
For users of Windows 7 and later:
Use the latest installer of The Public Certification Service for Individuals "The JPKI user's software" provided by J-LIS.

For users of Windows OS prior to Vista:
As of 2016 November 1, there are no updates available for Windows OS prior to Vista.
According to J-LIS, the updates will be released soon.
For more information, refer to the download page.

Do not invoke the installer of The Public Certification Service for Individuals "The JPKI user's software"
Users who have already installed The Public Certification Service for Individuals "The JPKI user's software" do not need to uninstall the application, because this vulnerability can be exploited only when installing the software.  Thus it is recommended to delete old installers of the software.

​

 

​

 

Verification of Windows New Security Features – LSA Protection Mode and Credential Guard

In most of the targeted attack cases, often multiple computers get infected by malware, rather than just a single computer, and attackers continue compromising other computers across the network, including important servers. For this “lateral movement” purpose, password hash is often targeted. In order to enhance protection against such information theft, LSA Protection Mode for Windows 8.1 etc. and Credential Guard for Windows 10 Enterprise have been introduced. In this entry, we will examine the protection effect of these features and the points to consider in reserving the effect.

Overview of LSA Protection Mode

LSA (Local Security Authority) is a subsystem related to Windows security. It manages user rights information and stores password hash etc. in the memory. In OS including Windows 8.1 and others, LSA Protection Mode serves to protect such information from being stolen.

In order to enable LSA Protection Mode, users need to edit the registry as instructed in Technet Library [1] and reboot the OS. Please note that LSA plug-ins which are not compatible with LSA Protection Mode will not function after enabling the mode. Such plug-ins can be identified by using Audit Mode before changing the Protection Mode.

LSA Protection Mode was first introduced in Windows 8.1 and Windows Server 2012 R2. For Windows 10, which was released after that, Build 10240 could not be started up properly with Protection Mode. However, we confirmed that Build 10586 (Version 1511, November Update, TH2) was successfully started up under the mode.

Verification of LSA Protection Mode with Artifacts Used in Actual Attacks

We verified the effect of LSA Protection Mode by attempting hash dump using 4 types of artifacts which have functions to dump password hash. All the artifacts were used in actual attacks. Functions of each artifact are described in Table 1. Figure 1-6 shows the dump results for each artifact, and Table 2 shows the results under LSA Protection Mode.

We conducted the verification using Windows 10 Build 10586 and Windows 8.1, and confirmed that the same results were derived.

Table 1: Artifacts that dump password hash

ArtifactCommand/OptionDumped Information

mimikatzsekurlsa::logonpasswordsLogged-on user information

gsecdump-uLogged-on user information

PwDump7N/ALocal user information

QuarksPwDump-dhlLocal user information

Table 2: Results of hash dump under LSA Protection Mode

ArtifactResult

mimikatzFailed (An error occurred)

gsecdumpFailed (An error occurred)

PwDump7Successful

QuarksPwDumpSuccessful

Under LSA Protection Mode, mimikatz and gsecdump observed an error as in Figure 2 and 4, and were unable to dump. On the other hand, when it is disabled, these two types of artifacts are able to dump logged-on domain user information as in Figure 1 and 3. Information of the domain user can be a hint to compromise other computers within the domain (e.g. pass-the-hash attack). LSA Protection Mode protects such domain user information from being stolen, and therefore it is expected to hinder lateral movement.

Figure 1: mimikatz (Protection Mode disabled)

 

Figure 2: mimikatz (Protection Mode enabled)

 

Figure 3: gsecdump (Protection Mode disabled)

 

Figure 4: gsecdump (Protection Mode enabled)

 

Figure 5: PwDump7

 

Figure 6: QuarksPwDump

 

As Figure 5 and 6 demonstrate, dumping with PwDump7 and QuarksPwDump is successful regardless of LSA Protection Mode since they dump information by reading disk devices or using registry API, instead of stealing information from LSA processes. However, the information that these two dump is local user information, not domain user. Note that the results here are derived solely from the commands/options in Table 1. (e.g. mimikatz also has a command to steal local user information just like QuarksPwDump etc.)

Overview of Credential Guard

For Windows 10 Enterprise, you can also use a further advanced system to protect LSA, “Credential Guard”. It is based on a protection environment isolated from the OS by virtualisation using hardware. Therefore, when Credential Guard is enabled, secret data and parts of LSA process that store the secret data are isolated from the OS and then protected [2] [3]. Comparison of LSA Protection Mode and Credential Guard is described in Table 3.

Table 3: Comparison of LSA Protection Mode and Credential Guard

Applicable Windows version, editionProtection mechanismWhether LSA process on the OS stores/manages rights information

LSA Protection ModeWindows 8.1, Windows Server 2012 R2 and othersRestrict access to LSA process on the OSYes

Credential GuardWindows 10 Enterprise onlyIsolate secrets from OS on HypervisorNo (Isolated parts that protect the secrets do)

Credential Guard can be enabled in Group Policy Management Console. However, if Hyper-V Hypervisor is not enabled in advance, in some cases, Credential Guard may not be enabled until it is first enabled in the Console, and rebooted, and then rebooted again manually. Furthermore, Credential Guard does not function even if it looks enabled on Group Policy Management Console, in case the hardware requirements are not met or required functions are disabled by UEFI (BIOS) configurations. Whether Credential Guard is actually enabled can be checked by displaying system information [2].

Verification of Credential Guard with Artifacts Used in Actual Attacks

We conducted another verification test of hash dumping by using the same artifacts as in Table 1. The results of password hash for each artifact are shown in Table 4. The result outputs are shown in Figure 5-8.

Table 4: Results of password hash dump under Credential Guard

ArtifactResult

mimikatzFailed (incorrect hash value dumped)

gsecdumpFailed (incorrect hash value dumped)

PwDump7Successful (as in Figure 5)

QuarksPwDumpSuccessful (as in Figure 6)

As Table 4 describes, the dump results are similar to the verification under LSA Protection Mode (Table 2). In Figure 7 and 8, which shows the dump results with mimikatz and gsecdump under Credential Guard, there was no error observed (unlike Figure 2 and 4 under LSA Protection Mode). However, this is due to the fact that the protection mechanism is different in LSA Protection Mode and Credential Guard as in Table 3, and it does not mean that the password hash is stolen.

Figure 7: mimikatz (Credential Guard)

 

Figure 8: gsecdump (Credential Guard)

 

Compare Figure 1 which shows the dump results of mimikatz without LSA protection and Figure 7 with Credential Guard, and similarly Figure 3 and 8 for gsecdump. Although the same password is configured for all the cases, you will realise that the password hash value is different and it derives an incorrect password hash value under Credential Guard (Figure 7 and 8). This means that the password hash is not stolen when Credential Guard is enabled.

Local password hash dump using PwDump7 and QuarksPwDump succeeds because it does not use LSA as an information source (as described in the Verification of LSA Protection Mode above), even under Credential Guard.

Point to Consider - 1

If you compare Figure 1 which shows the dump results of mimikatz without LSA protection and Figure 6 of QuarksPwDump with LSA protection, you will see that the password hash (NTLM) for “user1” in Figure 1 and “localuser1” in Figure 6 are identical. This means that these users share the same password, and actually “user1” is a domain user and “localuser1” is a local user. In mimikatz environment, domain users’ password hash can be protected by using LSA Protection Mode or Credential Guard. However, with QuarksPwDump, these two protection features are not effective against password hash dump of local users.

Even under LSA Protection Mode or Credential Guard, local users’ password hash can be stolen using PwDump7 or QuarksPwDump etc. in an environment where a domain user and a local user share the same password, and this raises the risks of the domain being compromised. Make sure to configure a different password for domain users and local users within the domain.

Point to Consider - 2

By using QuarksPwDump which is capable of dumping under LSA Protection Mode or Credential Guard, it is possible to dump domain logon information that was cached on the local disk as follows:

Figure 9: QuarksPwDump –dhdc

 

This cache is for usage on a laptop PC which is temporally offline from a domain. Neither LSA Protection Mode nor Credential Guard can protect the information in the cache from being stolen. Computers that are constantly connected to the domain do not require cache function, and in such case this function can be disabled. In order to disable cache, edit Group Policy [4] or registry [5].

If you disable cache, domain passwords cannot be found even with QuarksPwDump as shown in Figure 10.

Figure 10: QuarksPwDump –dhdc (Logon cache disabled)

 

If you cannot disable cache due to the network environment where the computer operates, it is better to configure stronger passwords (length, types of letters, hard to guess from dictionary). The cached password hash has a different format from data stolen from LSA, and it cannot be used for pass-the-hash attacks as is. However, some tools to crack the hash are already available, and it is possible to break weak and simple passwords.

Summary

We have verified that LSA Protection Mode and Credential Guard are one of the effective protection features against lateral movement in targeted attacks, by protecting domain password hash from being stolen. In order to enable the features, please make sure that your hardware and software meet the requirements and there is no impact on your driver or plug-ins. Also, it is important to check if your environment does not reduce the protection effect. We hope that these features help in constructing an even more secure Windows domain environment.

-Kenichi Imamatsu

(Translated by Yukako Uchida)

References

[1] Microsoft - Configuring Additional LSA Protection
     https://technet.microsoft.com/en-us/library/dn408187.aspx

[2] Microsoft - Protect derived domain credentials with Credential Guard
     https://technet.microsoft.com/en-us/itpro/windows/keep-secure/credential-guard

[3] FFRI - Windows 10 Research report on effects of reducing security risks - Phase 1 (Japanese only)
     http://www.ffri.jp/assets/files/research/research_papers/windows10_security_ja.pdf

[4] Microsoft - Interactive logon: Number of previous logons to cache (in case domain controller is not available)
     https://technet.microsoft.com/en-us/library/mt629048(v=vs.85).aspx

[5] Microsoft - Cached domain logon information
     https://support.microsoft.com/en-us/kb/172931

 

 

04/06/2016

CERT Guide to Insider Threats Named to Cybersecurity Canon

 

 

April 6, 2016—Palo Alto Networks has announced that the CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes will be inducted into the Cybersecurity Canon in 2016. The book was published by Addison-Wesley Professional in 2012. Two SEI CERT Division researchers, Randall Trzeciak and Andrew Moore, who coauthored the book with Dawn Cappelli, were recognized for their contributions to the field at the Ignite 2016 Cybersecurity Conference on April 4 in Las Vegas, Nevada.

Palo Alto Networks created the canon “to identify a list of must-read books for all cybersecurity practitioners -- be they from industry, government or academia -- where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete.”
Since 2001, the CERT Insider Threat Center has collected and analyzed information about hundreds of insider cybercrimes, ranging from national security espionage to theft of trade secrets. The CERT Guide to Insider Threats describes CERT's findings in practical terms, offering specific guidance and countermeasures that can be immediately applied by executives, managers, security officers, and operational staff within any private, government, or military organization.

“What makes the book valuable is that it is backed up with real data,” noted Palo Alto Networks’ Chief Security Officer Rick Howard. “After analyzing some 700 cases, the authors can make reasonable assertions about what might work. The epiphany for me was that the bulk of the recommendations do not fall within the technical realm. More than half fall into the administrative side, which may be why detecting the insider threat is so hard.” 

“We are truly honored by this induction into the Cybersecurity Canon,” said Trzeciak, technical manager of the SEI CERT Division’s Enterprise Threat and Vulnerability Management Team and the CERT Insider Threat Center, “and we are extremely pleased with the impact our work has had across the DoD, federal government, industry around the globe, and academia.”

Moore, lead researcher at the CERT Insider Threat Center, noted, “The book was the result of years of research by staff at CERT and our organizational partners dedicated to helping organizations understand and mitigate the risk of insider threat. Thanks to everyone who contributed to the research, to the Software Engineering Institute for their support, and to Palo Alto Networks for creating the canon and hosting the event.”

To learn more about the CERT Division’s work on insider threat, visit http://cert.org/insider-threat/.

 

Oversight of compliance and control responsibilities

Neil Ford January 11, 2016

 

 

The following is part of a series of instalments providing concise summaries of selected chapters from the New York Stock Exchange’s definitive cybersecurity guide, Navigating the Digital Age.

This blog summarizes Chapter 16: Oversight of compliance and control responsibilities by Elizabeth McGinn, Rena Mears, Stephen Ruckmanm, Tihomir Yankov, and Daniel Goldstein of Data Risk Solutions: BuckleySandler LLP & Treliant Risk Advisors LLC. Please refer to the original article for any direct quotations.

 

Summary

 

Corporate cybersecurity is no longer the sole realm of the IT department: Nowadays, data is recognized as a core business asset, valuable to companies and cyber criminals alike. The enterprise risk caused by cyber threats to data therefore requires a holistic approach to cybersecurity; oversight of cybersecurity compliance and controls must be a C-suite, boardroom, and senior management responsibility.

 

Cybersecurity oversight is risk management oversight

 

Risk management aims to identify the risks a company faces and mitigate them to a level determined by the company’s risk appetite. As data risk encompasses the risk of financial losses; business disruption; the loss or compromise of assets and information; the failure to meet legal, regulatory or contractual requirements; and reputational damage, effective oversight of cybersecurity is essential to corporate oversight of risk management.

Two core components of a corporate cybersecurity program must be overseen at the highest levels of management to actively confirm that they go beyond mechanical application of generic cybersecurity rules and standards:

  • Compliance – The company’s program for ensuring adherence to internal cybersecurity policies and relevant external privacy and data protection laws and regulations.

  • Controls – The company’s systems and processes for protecting data.

Cybersecurity risks are partially an extension of data retention risks, so the board and senior management must approach the oversight of cybersecurity compliance and controls from a broader risk management vantage point that considers the value of the data asset.

 

Board of directors’ role in oversight of compliance and controls

 

Monitoring the management of data risk associated with cybersecurity is part of the board’s fiduciary duty to the corporation, so it must build cybersecurity oversight into its general strategy for overseeing risk management from day one – not the moment data is actually put at risk – and be well informed about how cybersecurity is managed at all stages of the company’s data risk management lifecycle (identification, design and implementation, monitoring, evaluation, and reporting and reassessment).

All oversight activities must be properly documented so that the board can demonstrate that it is carrying out its fiduciary duties.

 

Building blocks of effective oversight of cybersecurity compliance

 

Cybersecurity compliance must support compliance with appropriate rules and regulations, as well as organizational policies and procedures, by:

  1. identifying risks

  2. preventing risks though the design and implementation of controls

  3. monitoring and reporting on the effectiveness of those controls

  4. resolving compliance difficulties as they occur

  5. advising and training.

In order to do this, the C-suite should implement an enterprise-wide approach to compliance risk management across the company’s entire ecosystem – including third parties. This should include a cybersecurity risk management plan that is reviewed by the board and regularly updated, and matches what the company actually does rather than being aspirational or hyper-specific.

The cybersecurity compliance team should be independent of the company’s IT and business units, the C-suite should make sure it can test compliance effectively and communicate the results to the board, and the board should make cybersecurity compliance a priority.

 

Building blocks of effective oversight of cybersecurity controls

 

When implementing cybersecurity controls, many companies focus on prevention and detection and fail to address remediation – such as incident response plans. Boards should recommend the appointment of a permanent incident response team.

They should also oversee the lines of communication between the business areas that use the cybersecurity controls, prioritize regular staff training on cybersecurity threats, and ensure that cybersecurity controls are properly funded.

 

Implementation challenges

 

Drafted policies and procedures are often disconnected from operational practices and technology infrastructure; cybersecurity policies and procedures are, however, effective only if they are tailored specifically to the company.

Boards should also be aware that the Federal Trade Commission (FTC) views the disconnect between cybersecurity policies and procedures and their actual implementation as unfair trade practices under Section 5 of the FTC Act.

The cybersecurity program should be monitored and its effectiveness evaluated. The metrics used must be clearly defined and meaningful, and should measure progress against a clearly stated objective.

Data security is no longer a cost of doing business but a core component of remaining in business. Resources must therefore be appropriately allocated to meet risks. Budgeting must enable the company to deploy the right people, processes, and technology to truly address the company’s security needs.

The human element is frequently the weakest link in an otherwise solid data security program so resources must be dedicated to personnel training. Staff must both be proactive in safeguarding data and recognize attempts by unauthorized parties (via phishing attacks, for example) to gain network access.

Once implemented, a cybersecurity program needs active management to maintain success.

 

Conclusion

 

The C-suite must strive to employ strong cybersecurity compliance and control measures that go beyond mechanical satisfaction of applicable legal rules, and the board has an obligation to ensure that these measures are adopted. Only with consistent C-suite involvement and strong board oversight — informed by an understanding of data risk as a central enterprise risk — can cybersecurity challenges be handled effectively.

 

 

 

List of data breaches and cyber attacks in November 2015

Lewis Morgan 25th November 2015

 

 

It’s a big list this month. I was hoping that the longest section of the list would be the ‘Fighting back against cyber crime’ section, but a spate of DDoS attacks has attempted to overshadow the successes of law enforcement agencies around the world.

There haven’t been as many payment card breaches as I expected there to be in November, but with Christmas coming up I imagine we’ll see a spike in the number of POS malware discoveries in the next few months.

Be sure to share this article with your colleagues, and let them know of the impressive list of this month’s stories about fighting back against cyber crime.

 

Fighting back against cyber crime

 

  • Teenage Brit charged with denial-of-service attacks, and bomb threats

  • Fighting talk from Great Britain as it says it will hit back against internet attacks

  • Jail for British DDoS attacker, who said too much on Twitter

  • Try to hire a hacker on CraigsList to wipe out your court fines? Get sent to prison

  • Federal Legislation Targets “Swatting” Hoaxes

  • Arrests in JP Morgan, eTrade, Scottrade Hacks

  • eBay scammer steals identity of agent investigating him

  • Cyber thief who stole nude images for revenge porn king gets 2 years

  • Hospital clerk fined $36,000 for selling patient records

  • Feds round up 50 suspects in latest ID theft-tax fraud sweep in South Florida

  • Hacker jailed for eight months after attacking police, council, charity and porn websites

 

Cyber attack and DDoS

 

Norwich International Airport website hacked

ProtonMail hit by mystery DDoS attack, preventing customers from accessing their secure email

JPMorgan Hackers Breached Anti-Fraud Vendor G2 Web Services

Extortionists target CCN in a DDoS attack; 5 bitcoins bounty

U.S. Government Officials Targeted by Iranian Hackers

UK pummelled with DDoS after ISIS cyber attack warning

Cyber attack disrupts dog rescue group’s server

Security blogger Graham Cluley’s website suffers DDoS attack

vBulletin enforces password reset after website attack

Jewish school website defaced with pro-Islam messages

Salt Lake schools hit with DDoS attack

Zoho services under criminal attack

Hushmail outages resulting from denial-of-service incidents

DDoS Attacks on Runbox

Swedbank smacked by DDoS attack

Neomailbox DDoS Attack

FastMail suffers DDoS attack

Breach at IT Automation Firm LANDESK

 

Data breach

 

Breach at Securus Technologies exposes 70 million prison phone calls

NYC doctor’s office emails spreadsheet containing personal info for 15k patients

Georgia data breach could affect 6.2 million voters’ personal information

Comcast customer data leaked online – Comcast insists it’s not their fault

Touchnote hacked – tells users to reset their passwords

North Carolina DHHS reports second email incident in two months

Utah student information compromised over six-year period

Social networking site xat hacked; user database acquired by hacker(s)

Brazilian Army gets hacked

Queensland TAFE student data exposed in hack

Data breach at biz that manages Cisco, F5 certs plus many others

Linux Australia suffers another data leak

Austin dumpster diver finds A-list actors’ private info

DHHS discloses second Medicaid data breach

Nutmeg customers caught in data breach

 

Payment information

 

Hilton Hotels admits hackers planted malware and stole customer card details

Payment card data breach affects 54 Starwood Hotels

ShowTix4U ticket website customers warned following data breach

Bank card slurping malware discovered in casino chain’s tills

KAIST students’ credit card information stolen

Noble House Hotels and Resorts notifies customers at six luxury hotels of payment card breach

Maine’s Yellowfront Grocery hit by payment card breach

Common Market in Maine notifies customers of payment card breach

 

Other

 

Flaws found in LastPass password manager by security researchers

Chipotle Serves Up Chips, Guac & HR Email

 

 

 

THE ASIA PACIFIC COMPUTER EMERGENCY

RESPONSE TEAM (APCERT) AND ASIA-PACIFIC

NETWORK INFORMATION CENTRE (APNIC) SIGNS A MEMORANDUM OF UNDERSTANDING
 

 

Asia Pacific Computer Emergency Response Team (APCERT) has signed a Memorandum of Understanding (MoU) with the Asia Pacific Network Information Centre (APNIC). The agreement was formalised during the APCERT Annual General Meeting and Conference 2015, held recently from 6-10 September in Kuala Lumpur, Malaysia.


CERT Australia, the newly elected Chair of APCERT, said, “The MoU between APCERT and APNIC formalises our longstanding relationship with APNIC, and provides a valuable framework for deepening collaboration between our two organisations and our member economies. It is a very positive outcome for improving cyber security across the Asia Pacific region and we look forward to working even more closely with APNIC and its Members.”


APNIC Security Specialist Adli Wahid said, “Cyber security is an important issue in the Asia Pacific region, and it is also an issue no one organization can solve independently. Since its establishment in 2003, APCERT has been doing a lot of good work in the area of security response and inter-regional collaboration for mitigating the impact of security incidents. APNIC is proud to have a formal collaborative agreement with APCERT.”


Through the MoU, both parties agreed to further strengthen its existing cooperative relationship and collaboration in information sharing in technical know-how, capacity building and joint activities such as workshops and trainings.

 

About APCERT
APCERT was established by leading and national Computer Security Incident Response Teams (CSIRTs) from the economies of the Asia Pacific region to improve cooperation, response and information sharing among CSIRTs in the region. APCERT Operational Members consist of 28 CSIRTs from 20 economies. Further information about APCERT can be found at www.apcert.org/.


About APNIC
APNIC is the member-based, not-for-profit regional Internet registry for the 56 economies of the Asia Pacific region. It provides number resource allocation and registration services to support the global operation of the Internet. APNIC is also actively involved in the development of Internet infrastructure throughout the region. This includes providing training and education services, supporting technical activities such as root server deployments, and collaborating with other regional and international organizations. Further information about APNIC is available at https://www.apnic.net/.

 

- Chair: CERT Australia (2015-2016)
- Deputy Chair: MyCERT (2015-2016)
- SC: JPCERT/CC, MOCERT, MyCERT (2015-2017)
  (CERT Australia, CNCERT/CC, KrCERT/CC and TWNCERT remain until 2016)
- Secretariat: JPCERT/CC (2015-2017)

 

 

 

JPCERT-AT-2015-0040 JPCERT/CC 2015-11-11

<<< JPCERT/CC Alert 2015-11-11 >>>

 

 

Vulnerabilities in Adobe Flash Player (APSB15-28)

https://www.jpcert.or.jp/english/at/2015/at150040.html

 

I. Overview

 

Adobe Flash Player contains multiple vulnerabilities. A remote attacker may cause Adobe Flash Player to crash or execute arbitrary code by convincing a user to open specially crafted contents leveraging these vulnerabilities. For more information on the vulnerabilities, please refer to the information provided by Adobe Systems.

Security Updates Available for Adobe Flash Player https://helpx.adobe.com/security/products/flash-player/apsb15-28.html

 

II. Affected Products

 

The following versions are affected by these vulnerabilities: - Adobe Flash Player 19.0.0.226 and earlier (Internet Explorer, Microsoft Edge, Google Chrome, Mozilla Firefox, etc

 

III. Solution

 

Please update Adobe Flash Player to the latest version listed below:

 

- Adobe Flash Player 19.0.0.245

(Internet Explorer, Microsoft Edge, Google Chrome, Mozilla Firefox, etc)

 

Note that the following browsers contain Adobe Flash Player by default.

 

- Internet Explorer 10 (Windows 8)

- Internet Explorer 11 (Windows 8.1 and Windows 10)

- Microsoft Edge (Windows 10)

- Google Chrome

 

For Internet Explorer and Microsoft Edge, the latest version of Adobe Flash Player will be applied through Windows Update etc. Also, the latest version of Adobe Flash Player will be updated when Google Chrome is updated. For more information, please refer to the following:

 

Adobe Flash Player Download Center

https://get.adobe.com/flashplayer/

 

Microsoft Security Advisory (2755801)

Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge https://technet.microsoft.com/en-us/library/security/2755801.aspx

 

Google Chrome Releases

Stable Channel

Update http://googlechromereleases.blogspot.jp/2015/11/stable-channel-update.html

 

Users can check the version of Adobe Flash Player that they are using at the following link:

 

Adobe Flash Player Version Information

https://www.adobe.com/software/flash/about/

 

* Even if you use a web browser other than Internet Explorer, there are software that use Adobe Flash Player installed for Internet Explorer, such as Microsoft Office, so please update Adobe Flash Player for Internet Explorer.

 

IV. References

 

Microsoft Security Advisory (2755801) Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge https://technet.microsoft.com/en-us/library/security/2755801.aspx Google Chrome Releases Stable Channel Update http://googlechromereleases.blogspot.jp/2015/11/stable-channel-update.html If you have any information regarding this alert, please contact JPCERT/CC. JPCERT

 

Coordination Center (JPCERT/CC)

MAIL: info@jpcert.or.jp

TEL: +81-3-3518-4600 FAX: +81-3-3518-4602

https://www.jpcert.or.jp/english/

bottom of page