October 09, 2006 - Current Activity

Microsoft Releases Advance Notification for October Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that their October release cycle will contain eleven bulletins, some of which have a maximum severity rating of Critical. The notification further states that six of the bulletins are for Windows, four are for Office, and one is for their .NET framework. The release is scheduled for Tuesday, October 10th.

We will provide additional information as it becomes available.

Mozilla Posts Statement Regarding Firefox JavaScript Vulnerability

At the recent Toorcon conference, two presenters claimed to have discovered a new vulnerability in the Mozilla Firefox JavaScript engine that could allow malicious code execution. The report was never confirmed and just yesterday, one of the presenters issued a statement to Mozilla that they had not successfully exploited the vulnerability, nor did they know of anyone who had.

Mozilla has released additional information regarding this report and is continuing to investigate the issue.

• Update: Possible Vulnerability Reported at Toorcon

Updates for Multiple Apple OS X Vulnerabilities

Apple has released Security Update 2006-006 to address multiple vulnerabilities in Apple products. The impacts of these vulnerabilities include execution of arbitrary code, bypassing security restrictions, and denial of service. This security update also addresses previously known vulnerabilities in Adobe Flash Player for Apple OS X.

More information about these vulnerabilities can be found in the following:

• Technical Cyber Security Alert: TA06-275A - Multiple Vulnerabilities in Apple and Adobe Products
• Apple Security Update 2006-006
• Adobe Security Bulletin APSB06-11

Apple has also released Mac OS X 10.4.8 Update (Intel). This update includes security fixes for Intel-based Apple systems.

We recommend the following actions to help mitigate the security risks:

• Apply the appropriate updates as prescribed in the Apple Security Update 2006-006.
• Intel-based Apple users should upgrade to Mac OS X 10.4.8.

We will continue to monitor this issue and provide additional information as it becomes available.

Microsoft Releases Workaround for WebViewFolderIcon ActiveX Control Vulnerability

Microsoft has released Security Advisory 926043 to address the new, unpatched vulnerability in Microsoft Internet Explorer. Public exploit code is available. The exploit code targets a vulnerability in the Microsoft WebViewFolderIcon ActiveX control.

More information about this vulnerability can be found in the following:

• Technical Cyber Security Alert: TA06-270A - Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability
• Cyber Security Alert: SA06-270A - Microsoft Internet Explorer ActiveX Vulnerability
• Vulnerability Note VU#753044 - Microsoft Windows WebViewFolderIcon ActiveX integer overflow
• Microsoft Security Advisory 926043

Until an update, patch, or more information becomes available, we strongly recommend the following:

• Review the workarounds described in Microsoft Security Advisory 926043.
• Disable ActiveX as specified in the Securing Your Web Browser document and the Malicious Web Scripts FAQ.
• Do not follow unsolicited links.
• Review the steps described in Microsoft's document to improve the safety of your browser.

We will continue to monitor this issue and provide additional information as it becomes available.

Update for Multiple OpenSSL Vulnerabilities

A recent update to the OpenSSL software distribution includes fixes for several vulnerabilities. The impacts of these vulnerabilities for applications using OpenSSL range from denial of service to potential remote code execution.

More information about the vulnerabilities can be found in these Vulnerability Notes and in the OpenSSL Security Advisory.

We recommend that users apply the vendor-supplied patches or upgrades referred to in the individual Vulnerability Notes for these issues.

We will continue to monitor this issue and provide additional information as it becomes available.

Active Exploitation of a Vulnerability in Microsoft PowerPoint

We are aware of active exploitation of a remote code execution vulnerability in Microsoft PowerPoint. Successful exploitation may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

More information about this vulnerability can be found in the following:

• Vulnerability Note VU#231204- Microsoft PowerPoint contains an unspecified remote code execution vulnerability
• Microsoft Security Advisory 925984

We recommend the following actions to help mitigate the security risks:

• Do not open attachments from unsolicited email messages.
• Install anti-virus software, and keep its virus signature files up-to-date.
• Save and scan any attachments before opening them.

We strongly encourage users not to open unfamiliar or unexpected email attachments, even if sent by a known and trusted source. Users may wish to read Cyber Security Tip ST04-010 for more information on working with email attachments.

We will continue to monitor this issue and provide additional information as it becomes available.

Microsoft Releases Update for Internet Explorer VML Vulnerability

Microsoft has released Security Bulletin MS06-055 to address a vulnerability in the way Internet Explorer handles Vector Markup Language (VML).

This vulnerability is being actively exploited. By persuading a user to access a specially crafted HTML document, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user or cause a denial of service condition in Internet Explorer.

More information about this vulnerability can be found in the following:

• Vulnerability Note VU#416092 - Microsoft Internet Explorer VML stack buffer overflow
• Technical Cyber Security Alert TA06-262A - Microsoft Internet Explorer VML Buffer Overflow
• Microsoft Security Bulletin MS06-055
• Microsoft Security Advisory 925568

We recommend the following actions to help mitigate the security risks:

• Apply the appropriate updates, patches, or fixes as prescribed in the Microsoft Security Bulletin MS06-055.
• Disable Active Scripting as specified in the Securing Your Web Browser document and the Malicious Web Scripts FAQ.
• Review the workarounds described in Microsoft Security Advisory 925568.
• Do not follow unsolicited links.
• Review the steps described in Microsoft's document to improve the safety of your browser.

We will continue to monitor this issue and provide additional information as it becomes available.

Apple AirPort Wireless Drivers Vulnerabilities

Apple has released Security Update 2006-005 to correct multiple vulnerabilities affecting Apple AirPort wireless drivers. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Note that because device drivers execute with kernel (ring 0) privileges, exploitation of device drivers can lead to full, unrestricted access to the vulnerable system.

More information about the vulnerabilities can be found in these Vulnerability Notes and Apple Security Update 2006-005.

We recommend applying the updates in Apple Security Update 2006-005.

We will continue to monitor this issue and provide additional information as it becomes available.

Adobe Releases Security Bulletin for Flash Player

Adobe has released Security Bulletin APSB06-11 to address multiple vulnerabilities in Flash Player.

Additionally, Microsoft has released Microsoft Security Advisory 925143 to alert users that affected versions of Flash Player were distributed with Microsoft Windows XP Service Pack 1, Windows XP Service Pack 2, and Windows XP Professional x64 Edition.

More information about the vulnerabilities can be found in these Vulnerability Notes.

US-CERT recommends the following actions to help mitigate the security risks:

• Review the workarounds described in Microsoft Security Advisory 925143.
• Upgrade to Flash Player 9.0.16.0.

Note: Users who are unable to upgrade to a more recent version of Flash Player, should refer to Adobe's Flash Player TechNote.

US-CERT will continue to investigate these vulnerabilities and provide additional information as it becomes available.

Public Exploit Code for Microsoft DirectAnimation Path ActiveX Control Vulnerability

US-CERT is aware of a public exploit for a vulnerability in Microsoft Internet Explorer. The exploit code targets a vulnerability in the Microsoft DirectAnimation Path ActiveX control. By persuading a user to access a specially crafted HTML document, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user or cause a denial of service condition in Internet Explorer.

More information about this vulnerability can be found in the following:

• Vulnerability Note VU#377369 - Microsoft DirectAnimation Path ActiveX control fails to validate input
• Microsoft Security Advisory 925444

Until an update, patch, or more information becomes available, US-CERT strongly recommends the following:

• Disable ActiveX as specified in the Securing Your Web Browser document and the Malicious Web Scripts FAQ.
• Do not follow unsolicited links.
• Review the steps described in Microsoft's document to improve the safety of your browser.

US-CERT will continue to monitor this issue and provide additional information as it becomes available.

Apple Releases Security Update for QuickTime

Apple has released Apple QuickTime 7.1.3 to address several vulnerabilities in the way different types of image and media files are handled.

More information about the vulnerabilities can be found in these Vulnerability Notes and Technical Cyber Security Alert TA06-256A.

US-CERT encourages Quicktime users to upgrade to Quicktime 7.1.3.

US-CERT will continue to investigate these vulnerabilities and provide additional information as it becomes available.

Microsoft Re-Releases Windows Server Service Security Bulletin MS06-040

Microsoft has released a new version of Security Bulletin MS06-040 and the associated security updates. The new version corrects the problem described in Microsoft Knowledge Base Article 921883. Programs that request large amounts of contiguous memory running on Windows Server 2003 SP1 and Windows XP Professional x64 Edition systems with the previous version of the MS06-040 update installed could crash.

US-CERT strongly encourages affected users to apply the updates in the newly released Security Bulletin MS06-040 as soon as possible.

Microsoft Releases September Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for September 2006.

US-CERT strongly encourages users to review and apply these updates as soon as possible.

Additionally, more information about these vulnerabilities can be found in these Vulnerability Notes and Technical Cyber Security Alert TA06-255A.

US-CERT will provide additional information as it becomes available.

Active Exploitation of a Vulnerability in Microsoft Word 2000

US-CERT is aware of active exploitation of a memory corruption vulnerability in Microsoft Word 2000. Successful exploitation could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running Word 2000.

More information about this vulnerability can be found in the following:

• Vulnerability Note: VU#806548 - Microsoft Word 2000 malformed string vulnerability

• Microsoft Security Advisory 925059

Additionally, US-CERT recommends the following actions to help mitigate the security risks:

• Download and install the freely available Office Document Open Confirmation Tool for Office 2000, and then follow the prompts to Open, Save, or Cancel before opening your document.
• Download and install the freely available Word Viewer 2003, and then use it to open and view files. According to Microsoft Security Advisory (925059), Word Viewer 2003 is not affected by this vulnerability.
• Do not open attachments from unsolicited email messages.
• Install anti-virus software, and keep its virus signature files up-to-date.
• Limit user privileges to no administrator rights.
• Save and scan any attachments before opening them.

US-CERT strongly encourages users not to open unfamiliar or unexpected email attachments, even if sent by a known and trusted source. Users may wish to read Cyber Security Tip ST04-010 for more information on working with email attachments.

US-CERT will continue to monitor this issue and provide additional information as it becomes available.