Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
January 2007
 Right Arrow
Su M Tu W Th F Sa
 
 1 2 3 4 5 6
7
 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28
 29 30
31
      
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    January 1, 2007 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    January 3 IRS Phishing Scam and Identity Theft
    January 3 Proof-of-Concept Code for a Vulnerability in Apple QuickTime
    December 27Public Exploit Code Available for DoS Vulnerability in Microsoft Windows Workstation
    December 26Proof-of-Concept Code for Vulnerability in Microsoft Windows
    December 21 Mozilla Releases Security Advisories to Address Multiple Vulnerabilities
    December 19Microsoft Publishes New Information on the Three Word Vulnerabilities
    December 14Public Exploit Code Available for a Vulnerability in Microsoft Word
    December 13 Reports of Cross-Platform QuickTime Flaw
    December 13Quickspace Worm Exploits Cross-Site Scripting Vulnerability in MySpace
    December 12 Microsoft Releases December Security Bulletin
    December 11 Public Exploit Code Available for a New Vulnerability in Microsoft Word
    December 7Microsoft Releases Advance Notification for December Security Bulletin
    December 7 Windows Media Player ASX File Handling Vulnerability
    December 7 Updates Available for Multiple Vulnerabilities in Adobe Products
    December 6 Active Exploitation of a Vulnerability in Microsoft Word
    November 30 Adobe Reader and Acrobat ActiveX Vulnerabilities
    November 29 Apple Releases Security Update for Multiple Vulnerabilities
    November 29 Google Search Appliance Vulnerable to Cross-site Scripting
    November 29New Spybot Worm Targets Old Symantec Vulnerability


    IRS Phishing Scam and Identity Theft

    added January 3, 2007

    US-CERT continues to receive reports of phishing scams that target online users. Most recently, users have reported receiving emails that appear to be from the Internal Revenue Service (IRS). The phishing email claims to offer a tax refund and requests users to click on a link to provide personal and possibly sensitive information. Identity thieves could use this information to further compromise unsuspecting victims.

    A spokesperson for the IRS has confirmed that they do not solicit anything by email.

    US-CERT reminds users to remain cautious when receiving unsolicited email that could be a potential phishing email. US-CERT encourages users to report phishing incidents based on the following guidelines:

    • Federal agencies should report phishing incidents to US-CERT.
    • Non-federal agencies and other users should refer to OnGuard Online, a consortium of federal agencies, for information on reporting phishing incidents.

    Additionally, users are encouraged to take the following measures to prevent phishing attacks from occurring:

    1. Do not follow unsolicited web links received in email messages.
    2. Contact your financial institution and file a complaint with the Federal Trade Commission (FTC) immediately if you believe your account or financial information has been compromised.
    3. Review FTC's web site on how to protect yourself from identity theft.
    4. Review the OnGuard Online practical tips to guard against Internet fraud, secure your computer, and protect your personal information.
    5. Refer to the US-CERT Cyber Security Tip on Avoiding Social Engineering and Phishing Attacks.
    6. Refer to the CERT Coordination Center document on understanding Spoofed/Forged Email.

    Proof-of-Concept Code for a Vulnerability in Apple QuickTime

    added January 2, 2007 | updated January 3, 2007

    US-CERT is aware of proof-of-concept code for a buffer overflow vulnerability in Apple QuickTime. The flaw is in the way that QuickTime handles Real Time Streaming Protocol (RTSP) URL strings. By persuading a user to access a specially crafted QuickTime file, a remote attacker may be able to execute arbitrary code or cause a denial of service on a vulnerable system.

    Note: Apple iTunes installations are also affected by this vulnerability.

    More information about this vulnerability can be found in the following:

    • Vulnerability Note VU#442497 - Apple QuickTime RTSP buffer overflow

    Until a security fix or more information becomes available, US-CERT recommends the following action to help mitigate the security risks:

    • Do not access QTL files from untrusted sources.
    • Disable file association for QTL files.
    • Refer to the Securing Your Web Browser document to implement the following workarounds:
      • Disable QuickTime in your web browser.
      • Disable JavaScript.

    Public Exploit Code Available for DoS Vulnerability in Microsoft Windows Workstation

    added December 27, 2006

    US-CERT is aware of a publicly available exploit code for a buffer overflow vulnerability in Microsoft Windows Workstation. According to Secunia Advisory SA23487, there is a flaw in the way the Workstation service handles large RPC requests. By sending specially crafted data to the Workstation service, a remote attacker could cause a denial-of-service condition on a vulnerable system. Initial analysis indicates that Windows XP and Windows 2000 are vulnerable to this flaw.

    Until a security fix from Microsoft becomes available, US-CERT recommends the following action to help mitigate the security risks:

    • Block ports 139/tcp and 445/tcp at the firewall.

    US-CERT will continue to investigate and will provide additional information as it becomes available.


    Proof-of-Concept Code for Vulnerability in Microsoft Windows

    added December 26, 2006

    US-CERT is aware of publicly available proof-of-concept code for a local privilege escalation vulnerability in Microsoft Windows 2000, Windows Server 2003, Windows XP, and Windows Vista.

    More information concerning this flaw is available at the Microsoft Security Response Center Blog.

    US-CERT will continue to investigate and will provide additional information as it becomes available.


    Mozilla Releases Security Advisories to Address Multiple Vulnerabilities

    added December 20, 2006 | updated December 21, 2006

    Mozilla has released Security Advisories to correct multiple vulnerabilities in Firefox, Thunderbird, and SeaMonkey. If successfully exploited, these vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition on a vulnerable system.

    More information about these vulnerabilities can be found in the following:

    US-CERT strongly encourages users to take the following actions to help mitigate the security risks:


    Microsoft Publishes New Information on the Three Word Vulnerabilities

    added December 19, 2006

    Microsoft has published new information on its Security Response Center Blog addressing the latest Word vulnerabilities reported earlier this month.

    Until a security fix from Microsoft becomes available, US-CERT recommends that users follow the recommendations in Microsoft Security Advisory 929433 to help mitigate the security risks for all three Word vulnerabilities.


    Public Exploit Code Available for a Vulnerability in Microsoft Word

    added December 14, 2006

    US-CERT is aware of public exploit code that has been released for a potentially new vulnerability in Microsoft Word. This vulnerability is different from the two previous Word vulnerabilities reported earlier this month. The flaw is caused by a memory corruption error when handling a malformed Word document. By persuading a user to open a specially crafted Word document, a remote attacker could execute arbitrary code or launch a denial of service attack.

    More information about this vulnerability can be found in the following:

    • Vulnerability Note VU# 996892 - Microsoft Word malformed pointer vulnerability

    Until a security fix from Microsoft becomes available, US-CERT recommends the following actions to help mitigate the security risks:

    • Do not open untrusted Word documents or attachments from unsolicited email messages.
    • Disable automatic opening of Microsoft Office documents.
    • Do not rely on file name extensions as a way to securely filter against malicious files.
    • Install anti-virus software and keep its virus signature files up-to-date.
    • Save and scan any attachments before opening them.
    • Limit user privileges to NO administrator rights.

    Additionally, US-CERT strongly encourages users not to open unfamiliar or unexpected email attachments, even if sent by a known and trusted source. Users may wish to read Cyber Security Tip ST04-010 for more information on working with email attachments.

    US-CERT will continue to investigate this vulnerability and provide additional information as it becomes available.


    Reports of Cross-Platform QuickTime Flaw

    added December 13, 2006

    US-CERT is investigating reports of a new cross-platform flaw in Apple QuickTime affecting both Windows and Mac OS versions of the player. According to a recent security blog posting from F-Secure, the flaw affects any website that allows the embedding of QuickTime content.

    US-CERT will continue to investigate and will provide additional information as it becomes available.


    Quickspace Worm Exploits Cross-Site Scripting Vulnerability in MySpace

    added December 7, 2006 | updated December 13, 2006

    US-CERT is aware of a cross-site scripting (XSS) vulnerability in the MySpace web site. There is a flaw in the way the MySpace web site filters user-supplied scripts. The QuickSpace worm exploits this flaw by using an Apple QuickTime feature to execute an XSS attack. The impacts of this vulnerability include disclosure of sensitive information (user credentials, email addresses), modification of MySpace profile, worm propagation to other MySpace profiles, or covert redirection to a malicious web site.

    More information about this vulnerability can be found in the following:

    • Vulnerability Note VU#885665 - MySpace fails to properly filter user-supplied content

    Until a security fix becomes available, US-CERT recommends the following actions to help mitigate the security risks:

    • Disable scripting as specified in Securing Your Web Browser.
    • Validate web site addresses as described in the US-CERT Cyber Security Tip ST04-014.
    • Validate web site certificates as described in US-CERT Cyber Security Tip ST05-010.

    Microsoft Releases December Security Bulletin

    added December 12, 2006

    Microsoft has released updates to address vulnerabilities in Microsoft Windows and Visual Studio as part of the Microsoft Security Bulletin Summary for December 2006.

    We strongly encourage users to review the bulletins and follow best-practice security policies to determine what updates should be applied.

    Additionally, more information about these vulnerabilities can be found in the Vulnerability Notes Database and Technical Cyber Security Alert TA06-346A.


    Public Exploit Code Available for a New Vulnerability in Microsoft Word

    added December 11, 2006

    US-CERT is aware of a new vulnerability in Microsoft Word. Reports indicate that the issue is caused by a flaw in the way Word handles malformed data structures. By persuading a user to open a specially crafted Word document sent as an email attachment or from a malicious web site, a remote attacker could execute arbitrary code with the privileges of the user.

    This vulnerability is different from the Word vulnerability reported on December 6, that was also reported in Microsoft Security Advisory 929433.

    According to Microsoft, the following products are vulnerable: Windows 2003 SP0 - SP1, Word XP, Word 2000, Word 2002, Word 2003, and the Word Viewer 2003. Word 2007 is NOT affected by the vulnerability.

    More information about this vulnerability can be found in the following:

    • Vulnerability Note VU#166700 - Microsoft Word malformed data structure vulnerability

    Until a security fix from Microsoft becomes available, US-CERT recommends the following actions to help mitigate the security risks:

    • Do not open untrusted Word documents or attachments from unsolicited email messages.
    • Disable automatic opening of Microsoft Office documents.
    • Do not rely on file name extensions as a way to securely filter against malicious files.
    • Install anti-virus software and keep its virus signature files up-to-date.
    • Save and scan any attachments before opening them.
    • Limit user privileges to no administrator rights.

    Additionally, US-CERT strongly encourages users not to open unfamiliar or unexpected email attachments, even if sent by a known and trusted source. Users may wish to read Cyber Security Tip ST04-010 for more information on working with email attachments.

    US-CERT will continue to investigate this vulnerability and provide additional information as it becomes available.


    Microsoft Releases Advance Notification for December Security Bulletin

    added December 7, 2006

    Microsoft has issued a Security Bulletin Advance Notification indicating that their December release cycle will contain six bulletins, some of which have a maximum severity rating of Critical. The notification further states that five of the bulletins are for Windows, and one is for Visual Studio. The release is scheduled for Tuesday, December 12th.

    We will provide additional information as it becomes available.


    Windows Media Player ASX File Handling Vulnerability

    added December 7, 2006

    US-CERT is aware of a heap buffer overflow vulnerability in Windows Media Player. The flaw occurs when the Windows Media Playback/Authoring library (WMVCORE.DLL) processes malformed ASX Playlist files. By persuading a user to access a specially crafted HTML document (e.g., a web page or an HTML email message), a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user or cause a denial of service.

    Until a security fix from Microsoft becomes available, US-CERT recommends the following actions to help mitigate the security risks:

    US-CERT will continue to investigate this vulnerability and provide additional information as it becomes available.


    Updates Available for Multiple Vulnerabilities in Adobe Products

    added December 7, 2006

    Adobe has released updates to address vulnerabilities in Adobe Download Manager, Adobe Reader, and Adobe Acrobat 7. US-CERT recommends that users review the updates and follow the instructions provided in the following:

    More information about this vulnerability can be found in the following:

    • Vulnerability Note VU#448569 - Adobe Download Manager buffer overflow
    • Vulnerability Note VU#198908 - Adobe Acrobat AcroPDF ActiveX control fails to properly handle malformed input

    Active Exploitation of a Vulnerability in Microsoft Word

    added December 6, 2006 | updated December 6, 2006

    US-CERT is aware of reports of active exploitation of a new vulnerability in Microsoft Word. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the user running Word.

    More information about this vulnerability can be found in the following:

    • Vulnerability Note VU#167928 - Microsoft Word malformed string vulnerability
    • Microsoft Security Advisory 929433

    US-CERT recommends that users take the following actions to mitigate the security risks:

    • Do not open attachments from unsolicited email messages.
    • Install anti-virus software, and keep its virus signature files up-to-date.
    • Limit user privileges to no administrator rights.
    • Save and scan any attachments before opening them.

    Additionally, US-CERT strongly encourages users not to open unfamiliar or unexpected email attachments, even if sent by a known and trusted source. Users may wish to read Cyber Security Tip ST04-010 for more information on working with email attachments.

    US-CERT will continue to investigate this vulnerability and provide additional information as it becomes available.


    Adobe Reader and Acrobat ActiveX Vulnerabilities

    added November 29, 2006 | updated November 30, 2006

    US-CERT is aware of a report of multiple vulnerabilities that affect the ActiveX control for Adobe Reader and Acrobat.

    More information about these vulnerabilities can be found in the following:

    • Vulnerability Note VU#198908 - Adobe Acrobat AcroPDF ActiveX control fails to properly handle malformed input
    • Adobe Security Advisory APSA06-02

    Until an official update, patch, or more information becomes available, we recommend the following actions to help mitigate the security risks:

    • Disable ActiveX as specified in the Securing Your Web Browser document.
    • Follow the workarounds suggested in Adobe Security Advisory APSA06-02.
    • Do not follow unsolicited links.

    Apple Releases Security Update for Multiple Vulnerabilities

    added November 29, 2006

    Apple has released Security Update 2006-007 to correct multiple vulnerabilities in Mac OS X and related products.

    More information about the vulnerabilities can be found in these Vulnerability Notes and Technical Cyber Security Alert TA06-333A.

    US-CERT encourages users to apply the appropriate updates as soon as possible.

    US-CERT will continue to investigate these vulnerabilities and provide additional information as it becomes available.


    Google Search Appliance Vulnerable to Cross-site Scripting

    added November 29, 2006

    US-CERT is aware of a cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini devices. Specifically, the flaw exists in the way that Google Search Appliance and Google Mini devices handle UTF-7 (Unicode Transformation Format) encoded URIs (Uniform Resource Identifier).

    Until an official update, patch, or more information becomes available, we recommend the following actions to help mitigate the security risks:


    New Spybot Worm Targets Old Symantec Vulnerability

    added November 28, 2006 | updated November 29, 2006

    Symantec has confirmed reports of a new worm attempting to exploit previously patched flaws in Microsoft Windows and Symantec Client Security and Antivirus Corporate Edition. The worm, named W32.Spybot.ACYR, spreads through Internet Relay Chat (IRC) channels and to network shares with weak passwords. Successful exploitation could allow a remote unauthenticated attacker to execute arbitrary code with SYSTEM privileges.

    According to Symantec in its Security Response Weblog, the impact of the attack is minimal thus far. Symantec further states that customers who have applied the patch are not susceptible to this new attack.

    More information about the vulnerabilities in the Symantec products can be found in the following:

    • Vulnerability Note VU#404910 - Symantec products vulnerable to buffer overflow
    • Symantec Advisory SYM06-010

    US-CERT recommends that users to take the following actions to mitigate the security risks:

    • Update all Symantec products to the latest available security updates.
    • Apply all relevant patches that are available.
    • Block port 2967/tcp at the firewall if patching is not an option.

    US-CERT will continue to investigate and provide additional information as it becomes available.