|By PR Newswire||
|February 27, 2014 06:00 AM EST||
VIENNA, February 27, 2014 /PRNewswire/ --
"SAS for Windows" is part of a software for statistical analysis, data-mining and business intelligence. The software was shipped by the manufacturer SAS Institute Inc. containing a critical vulnerability . The vulnerabilities were discovered in a routine security crash test by experts of the SEC Consult Vulnerability Lab (http://www.sec-consult.com).
The vulnerability enables state-sponsored or criminal hackers to create a malicious SAS-file, which gives an attacker full control over the attacked computer if the file gets processed with "SAS for Windows". An attacker can send phishing mails containing such a manipulated SAS-file to subsequently attack the internal corporate network via a compromised client computer.
The experts of the SEC Consult Vulnerability Lab were able to successfully exploit the vulnerability during a crash test, bypass current mitigation techniques on a standard Windows 7 installation (including firewall and anti-virus software) and control the attacked computer remotely over the Internet.
SEC Consult experts recommend immediately installing the update, released by the vendor to counter these vulnerabilities . SEC Consult advises that customers of SAS products should demand from the vendor exhaustive security tests by (European) security experts before the implementation of the respective software product.
SAS 9.4 TS 1M0 - http://ftp.sas.com/techsup/download/hotfix/HF2/L08.html#L08004
SAS 9.3 TS 1M2 - http://ftp.sas.com/techsup/download/hotfix/HF2/I22.html#I22069
SAS 9.2 TS 2M3 - http://ftp.sas.com/techsup/download/hotfix/HF2/B25.html#B25260
For further information please contact:
Johannes Greil, MSc
Head of SEC Consult Vulnerability Lab
mailto: [email protected]
SOURCE SEC Consult Unternehmensberatung GmbH
Oct. 24, 2016 05:00 AM EDT Reads: 849
Oct. 24, 2016 05:00 AM EDT Reads: 3,062
Oct. 24, 2016 05:00 AM EDT Reads: 5,526
Oct. 24, 2016 05:00 AM EDT Reads: 2,495
Oct. 24, 2016 04:45 AM EDT Reads: 3,324
Oct. 24, 2016 04:30 AM EDT Reads: 1,298
Oct. 24, 2016 04:30 AM EDT Reads: 2,497
Oct. 24, 2016 04:00 AM EDT Reads: 1,471
Oct. 24, 2016 04:00 AM EDT Reads: 1,716
Oct. 24, 2016 03:45 AM EDT Reads: 958
Oct. 24, 2016 03:45 AM EDT Reads: 884
Oct. 24, 2016 03:30 AM EDT Reads: 1,046
Oct. 24, 2016 03:30 AM EDT Reads: 9,669
Oct. 24, 2016 03:15 AM EDT Reads: 1,284
Cloud based infrastructure deployment is becoming more and more appealing to customers, from Fortune 500 companies to SMEs due to its pay-as-you-go model. Enterprise storage vendors are able to reach out to these customers by integrating in cloud based deployments; this needs adaptability and interoperability of the products confirming to cloud standards such as OpenStack, CloudStack, or Azure. As compared to off the shelf commodity storage, enterprise storages by its reliability, high-availabil...
Oct. 24, 2016 02:45 AM EDT Reads: 1,100