Educause Security Discussion mailing list archives
Re: Adobe Flash
From: "Shalla, Kevin" <kshalla () UIC EDU>
Date: Thu, 23 Jul 2015 14:48:04 +0000
Could you set EMET to application Opt Out to cover that? Has anyone set EMET up that way? Kevin From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad Judy Sent: Thursday, July 23, 2015 9:06 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Adobe Flash The problem with EMET and Flash is that the Flash executable name includes the version number, so the EMET policy needs to be updated with each Flash update. EMET only lets you use wildcards in the path, not in the actual executable name. Brad Judy Director of Information Security University Information Systems University of Colorado 1800 Grant Street, Suite 300 Denver, CO 80203 Office: (303) 860-4293 Fax: (303) 860-4302 www.cu.edu<http://www.cu.edu> [cu-logo_fl] From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tevlin, Dave Sent: Thursday, July 23, 2015 7:24 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Adobe Flash Deploy Microsoft Enhanced Mitigation Experience Toolkit (EMET) along side Flash and Java deployments where there is a need for Flash or Java. If you are a VMware shop you can't get away from Flash as it is part of vSphere administration. EMET is one of only three tools that I know of that block the attack methods instead of relying on heuristic or signature based detection which always require someone else to find it first. One of the last Flash 0 day attacks used a Heap-Spay method for the attack, which EMET is built to counter. I have no information if it would have worked on this specific attack through. EMET is free, and controllable through GPO. It is Windows only though. The list of tools in the market that work on mitigating the method of attack, that I know of are: Microsoft EMET (Free) https://technet.microsoft.com/en-us/security/jj653751 Malwarebytes Anti-Exploit ($) https://www.malwarebytes.org/antiexploit/premium/ Palo Alto Traps Endpoint Security ($$$) https://www.paloaltonetworks.com/products/endpoint-security.html Dave Tevlin, MS Network/ Systems Administrator Georgetown Visitation Prep School dtevlin () visi org<mailto:dtevlin () visi org> On Wed, Jul 22, 2015 at 12:53 PM, Kevin Reedy <KReedy () excelsior edu<mailto:KReedy () excelsior edu>> wrote: Flash is a tough one for us, since most of our online offerings utilize it we can't simply disable it. I am keeping an eye on all the Cryptolocker type IDS alerts, as well as 'emergency' patching as soon as is reasonable after the fix is released. I am putting quite a bit of faith in our URL classification subscription as well as the Palo Alto 'wild fire' detections, but obviously if the content is on a compromised but otherwise good page it will be a problem. Long term solution is to move away from Flash in our offerings, and while we had already been doing that, this will hasten the timeline. -Kevin Kevin Reedy Executive Director, Information Security Excelsior College (518) 464-8720<tel:%28518%29%20464-8720> From: Chris Green <CGreen () UTTYLER EDU<mailto:CGreen () UTTYLER EDU>> To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>, Date: 07/22/2015 12:17 PM Subject: [SECURITY] Adobe Flash Sent by: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> All, I just wanted to reach out and see if anyone might be willing to share if and what has been done at your respective institutions in response to the multiple zero day vulnerabilities that have been exposed within Adobe Flash. Thank you for your feedback! -C. Chris Green Information Security Officer University of Texas at Tyler cgreen () uttyler edu<mailto:cgreen () uttyler edu> This message and any attachments contain confidential Excelsior College information intended for the specific individual and purpose. If you are not the intended recipient, you should notify the College and delete this message. Any disclosure, copying, distribution or inappropriate use of this message is strictly prohibited.
Current thread:
- Adobe Flash Chris Green (Jul 22)
- Re: Adobe Flash Greg Williams (Jul 22)
- Re: Adobe Flash Kevin Reedy (Jul 22)
- Re: Adobe Flash Tevlin, Dave (Jul 23)
- Re: Adobe Flash James Farr (Jul 23)
- Re: Adobe Flash H Morrow Long (Jul 23)
- Re: Adobe Flash Brad Judy (Jul 23)
- Re: Adobe Flash Shalla, Kevin (Jul 23)
- Re: Adobe Flash Tevlin, Dave (Jul 23)
- Re: Adobe Flash Greg Williams (Jul 23)
- Re: Adobe Flash Tevlin, Dave (Jul 23)