Mailing Lists & Feeds
Current Activity Calendar
| April 04, 2007 - Current ActivityThis is an archived copy of current activity, if you would like to see the most recent version, please click here.Multiple Vulnerabilities in MIT Kerberos 5added April 3, 2007US-CERT is aware of multiple vulnerabilities affecting the MIT Kerberos 5 implementation. The most severe of these vulnerabilities may allow a remote attacker to execute arbitrary code on a Kerberos Distribution Center (KDC), which may result in a compromise of the Kerberos key database. More information about these vulnerabilities can be found in the following:
US-CERT recommends users apply the patches as described in MIT krb5 Security Advisories 2007-001, 2007-002, and 2007-003. Microsoft Releases Security Bulletin to Patch Animated Cursor Vulnerabilityadded April 3, 2007Microsoft has released updates to address several vulnerabilities in Microsoft Windows as part of Microsoft Security Bulletin MS07-017. Note that update addresses the animated cursor ANI header stack buffer overflow vulnerability addressed in Vulnerability Note VU#191609. Microsoft noted in the Microsoft Security Bulletin Summary for April 2007 that they will update the bulletin summary with any other security bulletins published during the scheduled release cycle on April 10 or any other day of the month. More information about these vulnerabilities can be found in the Vulnerability Notes Database and Technical Cyber Security Alert TA07-093A. US-CERT strongly encourages users to review the bulletin and follow best-practice security policies to determine what updates should be applied. Microsoft Releases Advance Notification for Critical Security Bulletinadded April 2, 2007Microsoft has issued a Security Bulletin Advance Notification indicating that they will be releasing a single critical Security Bulletin affecting Microsoft Windows. This release falls outside of Microsoft's normal release schedule for security updates, and is scheduled for Tuesday, April 3, 2007. US-CERT will provide additional information as it becomes available. Active Exploitation of an Unpatched Vulnerability in Microsoft Windows ANI Handlingadded March 29, 2007 | updated April 2, 2007US-CERT is aware of a new, unpatched vulnerability in Microsoft Windows that could allow an attacker to execute arbitrary code. This vulnerability is caused by Windows failing to properly handle specially crafted animated cursor (ANI) files. According to public reports, this vulnerability is actively being exploited via Internet Explorer. Specifically, the reports claim that browsing to a specially crafted web page with Microsoft Internet Explorer results in exploitation. More information about this vulnerability can be found in the following:
Note: Configuring Outlook Express to read email in plaintext will not protect against this vulnerability. Outlook Express in plaintext mode will download and parse a malicious .ANI file referenced in the email message without prompting. US-CERT will continue to investigate this vulnerability and provide more information as it becomes available. Fake Internet Explorer 7 Installer Phishing Attacksadded March 30, 2007US-CERT is aware of reports of malware using social engineering to propagate. Spam appearing to come from "admin@microsoft.com" contains a link to a malicious file that claims to be an installer for Internet Explorer 7. Typically the file is named "IE7.0.exe" and if executed installs a rootkit on the target machine. US-CERT encourages users to take the following preventative measures to help mitigate this risk:
US-CERT will continue to investigate and provide additional information as it becomes available. Publicly Available Exploit for Computer Associates BrightStor ARCserve Backup Vulnerabilityadded March 30, 2007US-CERT is aware of publicly available exploit code for vulnerability in Computer Associates' BrightStor ARCserve Backup software. The vulnerability is caused by an unspecified error in the way that the "mediasvr.exe" process handles crafted RPC requests. Successful exploitation of the vulnerability allows an attacker to gain shell access to the target machine. Until a fix becomes available, US-CERT recommends that users restrict access to RPC. US-CERT will continue to investigate and provide additional information as it becomes available. Cisco Releases Security Advisory to Address Multiple Vulnerabilities in Unified CallManager and Presence Serveradded March 30, 2007Cisco Systems has released Security Advisory cisco-sa-20070328-voip to address multiple vulnerabilities in the Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS). The advisory indicates that the following attack vectors could be used against a vulnerable system:
There are no workarounds for these vulnerabilities; however, Cisco has released free software to address the flaws described in this report. More information, including links to the fixes, can be found in Cisco Security Advisory cisco-sa-20070328-voip - Multiple Cisco Unified CallManager and Presence Server Denial of Service Vulnerabilities. Microsoft Releases Security Advisory for Attack Against Web Proxy Automatic Discovery (WPAD)added March 27, 2007Microsoft has released Security Advisory 934864 to address a new, recently disclosed attack method against the Microsoft Web Proxy Automatic Discovery (WPAD) protocol. An attacker with the ability to register a WPAD entry in a Domain Name System (DNS) or Windows Internet Naming Service (WINS) server may be able to cause a WPAD-configured client to resolve to an arbitrary host and retrieve the malicious WPAD.dat file. This may allow the attacker access to the client's traffic by routing it through a malicious proxy server. US-CERT recommends that network administrators reserve static WPAD DNS host names and WPAD WINS name records as described in Microsoft Security Advisory 934864. Exploit Code Available for Microsoft ADODB.Connection ActiveX Control Vulnerabilityadded March 26, 2007US-CERT is aware of publicly available exploit code for a vulnerability in the Microsoft ADODB.Connection ActiveX Control. The vulnerability in the ADODB.Connection ActiveX object causes memory corruption, and may allow a remote, unauthenticated attacker to cause Internet Explorer to crash or potentially execute arbitrary code. More information about this vulnerability can be found in the following:
US-CERT recommends the following actions to help mitigate the security risks:
Vulnerability in NETxAutomation NETxEIB OPC Serveradded March 26, 2007US-CERT is aware of a vulnerability that affects the NETxAutomation NETxEIB OPC Server. Specifically, the server fails to properly verify OPC server handles. An attacker with access to the NETxEIB OPC Server may be able to arbitrarily access server process memory and potentially execute arbitrary code or cause a denial of service. More information about this vulnerability can be found in the following:
US-CERT recommends the following actions to help mitigate the security risks:
Gozi Trojan Targets Microsoft Internet Explorer Vulnerabilitiesadded March 22, 2007SecureWorks recently issued a report detailing their findings of a Russian Trojan program called Gozi that is responsible for stealing user account and password information from more than 5,200 hosts and 10,000 user accounts. The Trojan is reportedly spread via IE browser exploits and has primarily targeted infected home computers. To read the full report, visit SecureWorks. While new and sophisticated exploits can be difficult to defend against, US-CERT encourages users to take the following preventative measures to help mitigate browser-based security risks:
Mozilla Releases Security Advisory to Address a Vulnerability in Client Productsadded March 21, 2007Mozilla has released Security Advisory 2007-11 to address a vulnerability in Firefox and SeaMonkey. US-CERT strongly encourages users to upgrade to Firefox 2.0.0.3 as soon as possible. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
Information For
Sign Up
Reporting
DHS Threat Advisory
The threat level in the airline sector is High or Orange. Read more
Get Adobe Reader