We are pleased to announce the availability of CORE Impact v2013 R1.3 for our customers. This update builds upon the powerful 2013 R1 release and adds more than 40 new updates to the product. All customers can update to the new version from 2013 R1.0, R1.1, or R1.2 by simply performing a “Get Updates” from within their copy of CORE Impact.

So, what’s new in R1.3?

  • Ability to import the results of a Qualys Web Application Scanner output
  • Major update of CloudCypher dictionary
  • Ability to import identities from PWDUMP
  • Added DNS Channel support for Single-Stage Windows x86-64 agents
  • 30 new exploits including these significant ones:
    • Microsoft Internet Explorer CGenericElement Object Use-After-Free Exploit (CVE-2013-1347)
    • SAP Netweaver Message Server _MSJ2EE_AddStatistics Memory Corruption (CVE-2013-1592)
    • Microsoft Windows Win32k Buffer Overflow - MS13-046 (CVE-2013-1333)
    • Oracle Java Font Handling Remote Code Execution (CVE-2013-1491)
    • Wordpress W3 Total Cache PHP Remote Code Execution Exploit (CVE-2013-2010
  • Apple Mac OS X DirectoryService AllocFromProxyStruct Buffer Overflow (CVE-2013-0984)
  • Updates to the following modules:
    • Import Output from QualysGuard
    • SMB Identity Verifier
    • DCE-RPC SAMR Dumper
    • Import Output from Nmap
    • Additional maintenance and bug fixing modules.

So let me summarize how you can get additional value from CORE Impact thru these updates:

1- If you have Qualys WAS (Web Application Scanner) in your arsenal and you use it to fulfill your vulnerability management process, we can now import the web application vulnerabilities detected by WAS in order to thoroughly test the results to verify whether or not the vulnerability is indeed present and provide exploitation capabilities if needed.

2- Three actions were introduced to improve the value provided by CORE CloudCypher. First of all a new module was released allowing our customers to easily import identities from PWDUMP. If you usually use PWDUMP to obtain the identities stored in an audited host you can now import them into our “Identity Manager” by executing this new module. Second, we have updated the dictionary used by CORE CloudCypher in its “Dictionary-based attack” stage. The major update increases the effectiveness of this stage where the hashes submitted by our customers are tested against a comprehensive database of real world passwords. Third, we shared a guide on how to start using CORE CloudCypher (https://blog.coresecurity.com/2013/06/05/how-to-start-exploring-core-cloudcypher/) that we recommend you read to maximize your use of IMPACT.

3- DNS Channel support for Single-Stage Windows x86-64 agents was added. This enables you to target x64 Windows hosts using this very effective attack vector.

4- The constant flow of exploits from our full-time internal Exploit Writing Team ensures you always have the largest number of weapons in your arsenal. Within this DOT release we have included some very relevant exploits that you may be interested in:

-          Microsoft Internet Explorer CGenericElement Object Use-After-Free Exploit (CVE-2013-1347): As you may have heard the US Deparment of Labor was reported compromised in early May (http://www.eweek.com/security/zero-day-exploit-enabled-cyber-attack-on-us-labor-department/). CORE Impact enables you to test if your windows boxes are exposed to the aforementioned bug by running the related exploit.

-          SAP Netweaver Message Server _MSJ2EE_AddStatistics Memory Corruption (CVE-2013-1592): Resulting from our internal research activities. This exploit allows remotely compromising boxes running SAP by exploiting the bug and installing a CORE Impact agent. Additional information about the bug and the research itself is available here http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities

-          Apple Mac OS X DirectoryService AllocFromProxyStruct Buffer Overflow (CVE-2013-0984): Also resulting from our internal research activities this new exploit for Mac OS X was released after 5 months of coordinating the advisory with Apple. Additional information about the bug and the research itself is available here http://www.coresecurity.com/advisories/mac-osx-server-directoryservice-buffer-overflow.

Also it worth mentioning that in early April the Client Side exploit “Oracle Java Dynamic Binding Remote Code Execution Exploit” with CVE-2013-2423 was released. This vulnerability was highlighted as “Thread of the month” by SC Magazine in early June (http://www.scmagazine.com/threat-of-the-month-java-exploit/article/293351/) as it has been actively exploited on the wild.

Meantime, work is already underway on the next release. We are confident that you will find all the new features and improvements we are adding to CORE Impact to be useful, valuable, and interesting. We will be glad to share our ideas under development with you at Black Hat. We invite you to visit us in our booth. Our team will be ready to answer questions, share ideas and provide support.

For those of you who are not able to stop by at Black Hat, please send us your questions and suggestions that will help us to offer an even better solution to you. Your feedback and input are greatly appreciated.

Flavio de Cristofaro – Vice President of Engineering for Professional Products

To learn more about CORE Impact click here http://www.coresecurity.com/penetration-testing-overview