1. Introduction
MS KB2755399 addresses vulnerabilities in Adobe Flash Player’s ActiveX control. This update is important because unpatched systems are susceptible to remote code execution attacks, potentially allowing attackers to take full control of affected machines. Systems running vulnerable versions of Adobe Flash Player are typically at risk. A successful exploit could compromise confidentiality, integrity and availability.
2. Technical Explanation
The vulnerability stems from missing security update KB2755399 for the installed Adobe Flash ActiveX control. Attackers can exploit multiple flaws within this control to execute arbitrary code on a vulnerable system. Exploitation requires a user to visit a malicious webpage containing a crafted Flash object. The vulnerabilities are identified by CVE-2012-1535, CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4167 and CVE-2012-5054. For example, an attacker could host a webpage with a specially crafted Flash application that exploits a memory corruption error to gain control of the system.
- Root cause: The installed Adobe Flash ActiveX control is missing critical security patches provided by KB2755399.
- Exploit mechanism: An attacker delivers a malicious webpage containing an exploited Flash object, triggering code execution on the user’s machine.
- Scope: Systems running vulnerable versions of Adobe Flash Player with the affected ActiveX control installed are in scope.
3. Detection and Assessment
Confirming vulnerability involves checking for the presence of KB2755399 or identifying the installed Flash version. A quick check can be done via Windows Update history, while a thorough method requires reviewing installed updates.
- Quick checks: Check Windows Update History for successful installation of KB2755399.
- Scanning: Nessus plugin ID 68410 and OpenVAS scanner family ‘Adobe Flash Player Detection’ may identify vulnerable systems, but results should be verified.
- Logs and evidence: Review Application event logs for errors related to Adobe Flash Player.
wmic qfe list where hotfixid="KB2755399"4. Solution / Remediation Steps
The solution is to install Microsoft KB2755399. Follow the steps below for a safe and effective update process.
4.1 Preparation
- No services need to be stopped, but close all open applications during installation. Roll back is achieved by uninstalling KB2755399 through Windows Update history.
- A standard change window may be required depending on your organisation’s policies. Approval from the IT security team might be necessary.
4.2 Implementation
- Step 1: Open Windows Update by searching for “Windows Update” in the Start menu.
- Step 2: Click “Check for updates”.
- Step 3: If KB2755399 is not already installed, it should appear in the list of available updates. Select it and click “Install”.
- Step 4: Restart the system when prompted to complete the installation.
4.3 Config or Code Example
Before
wmic qfe list where hotfixid="KB2755399"After
wmic qfe list where hotfixid="KB2755399" | findstr /i "KB2755399"4.4 Security Practices Relevant to This Vulnerability
Practices that directly address this vulnerability include a robust patch management process and least privilege principles. For example, regularly patching software reduces the window of opportunity for attackers. Least privilege limits the impact if an exploit succeeds.
- Practice 1: Implement a regular patch cadence to ensure timely application of security updates.
- Practice 2: Enforce least privilege access controls to limit user permissions and reduce potential damage from exploits.
4.5 Automation (Optional)
# PowerShell example - use with caution!
# This script assumes you are using WSUS for patch management.
# Adjust as needed for your environment.
Get-WsusComputer | Where-Object {$_.KB2755399 -eq $false} | Install-WsusUpdate -KBArticleID 27553995. Verification / Validation
Confirm the fix by checking Windows Update history again and verifying that KB2755399 is listed as installed. A negative test involves attempting to exploit a known vulnerability related to Flash Player (use a safe testing environment).
- Post-fix check: Run `wmic qfe list where hotfixid=”KB2755399″` and confirm the output shows KB2755399 is installed.
- Smoke test: Verify that web browsing functionality, including Flash content playback on trusted sites, continues to work as expected.
- Monitoring: Monitor Application event logs for any new errors related to Adobe Flash Player following the update.
wmic qfe list where hotfixid="KB2755399" | findstr /i "KB2755399"6. Preventive Measures and Monitoring
Preventive measures include maintaining up-to-date security baselines, incorporating vulnerability scanning into CI/CD pipelines, and establishing a consistent patch management process. For example, regularly updating your CIS benchmark can help ensure systems are configured securely.
- Baselines: Update security baselines to reflect the latest patch requirements for Adobe Flash Player.
- Asset and patch process: Implement a regular patch review cycle (e.g., weekly) to assess and apply critical security updates.
7. Risks, Side Effects, and Roll Back
Potential risks include compatibility issues with older applications that rely on specific Flash Player versions. Roll back is achieved by uninstalling KB2755399 through Windows Update history.
- Risk or side effect 2: In rare cases, the update process might fail. Ensure sufficient disk space and system resources are available.
- Roll back: Step 1: Open Windows Update History. Step 2: Locate KB2755399. Step 3: Click “Uninstall”. Step 4: Restart the system when prompted.
8. References and Resources
- Vendor advisory or bulletin: http://www.adobe.com/support/security/bulletins/apsb1