|By PR Newswire||
|February 27, 2014 06:00 AM EST||
VIENNA, February 27, 2014 /PRNewswire/ --
"SAS for Windows" is part of a software for statistical analysis, data-mining and business intelligence. The software was shipped by the manufacturer SAS Institute Inc. containing a critical vulnerability . The vulnerabilities were discovered in a routine security crash test by experts of the SEC Consult Vulnerability Lab (http://www.sec-consult.com).
The vulnerability enables state-sponsored or criminal hackers to create a malicious SAS-file, which gives an attacker full control over the attacked computer if the file gets processed with "SAS for Windows". An attacker can send phishing mails containing such a manipulated SAS-file to subsequently attack the internal corporate network via a compromised client computer.
The experts of the SEC Consult Vulnerability Lab were able to successfully exploit the vulnerability during a crash test, bypass current mitigation techniques on a standard Windows 7 installation (including firewall and anti-virus software) and control the attacked computer remotely over the Internet.
SEC Consult experts recommend immediately installing the update, released by the vendor to counter these vulnerabilities . SEC Consult advises that customers of SAS products should demand from the vendor exhaustive security tests by (European) security experts before the implementation of the respective software product.
SAS 9.4 TS 1M0 - http://ftp.sas.com/techsup/download/hotfix/HF2/L08.html#L08004
SAS 9.3 TS 1M2 - http://ftp.sas.com/techsup/download/hotfix/HF2/I22.html#I22069
SAS 9.2 TS 2M3 - http://ftp.sas.com/techsup/download/hotfix/HF2/B25.html#B25260
For further information please contact:
Johannes Greil, MSc
Head of SEC Consult Vulnerability Lab
mailto: [email protected]
SOURCE SEC Consult Unternehmensberatung GmbH
According to Forrester Research, every business will become either a digital predator or digital prey by 2020. To avoid demise, organizations must rapidly create new sources of value in their end-to-end customer experiences. True digital predators also must break down information and process silos and extend digital transformation initiatives to empower employees with the digital resources needed to win, serve, and retain customers.
Dec. 10, 2016 04:15 AM EST Reads: 1,378
Amazon has gradually rolled out parts of its IoT offerings in the last year, but these are just the tip of the iceberg. In addition to optimizing their back-end AWS offerings, Amazon is laying the ground work to be a major force in IoT – especially in the connected home and office. Amazon is extending its reach by building on its dominant Cloud IoT platform, its Dash Button strategy, recently announced Replenishment Services, the Echo/Alexa voice recognition control platform, the 6-7 strategic...
Dec. 10, 2016 04:15 AM EST Reads: 518
Organizations planning enterprise data center consolidation and modernization projects are faced with a challenging, costly reality. Requirements to deploy modern, cloud-native applications simultaneously with traditional client/server applications are almost impossible to achieve with hardware-centric enterprise infrastructure. Compute and network infrastructure are fast moving down a software-defined path, but storage has been a laggard. Until now.
Dec. 10, 2016 04:00 AM EST Reads: 5,514
We're entering the post-smartphone era, where wearable gadgets from watches and fitness bands to glasses and health aids will power the next technological revolution. With mass adoption of wearable devices comes a new data ecosystem that must be protected. Wearables open new pathways that facilitate the tracking, sharing and storing of consumers’ personal health, location and daily activity data. Consumers have some idea of the data these devices capture, but most don’t realize how revealing and...
Dec. 10, 2016 04:00 AM EST Reads: 5,311
Dec. 10, 2016 03:15 AM EST Reads: 419
Dec. 10, 2016 02:45 AM EST Reads: 2,267
Dec. 10, 2016 02:15 AM EST Reads: 788
Dec. 10, 2016 02:00 AM EST Reads: 1,988
Dec. 10, 2016 02:00 AM EST Reads: 588
Dec. 10, 2016 01:30 AM EST Reads: 764
Dec. 10, 2016 01:30 AM EST Reads: 3,999
Dec. 10, 2016 01:15 AM EST Reads: 1,220
Dec. 10, 2016 01:00 AM EST Reads: 1,263
Dec. 10, 2016 12:45 AM EST Reads: 491
Dec. 10, 2016 12:30 AM EST Reads: 619