Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
June 2007
 Right Arrow
Su M Tu W Th F Sa
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    June 01, 2007 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    June 1Apple Releases Update for Xserve Lights-Out Management Firmware
    May 31Mozilla Releases Security Advisories to Address Multiple Vulnerabilities
    May 30Apple Releases a Security Update for QuickTime 7.1.6 to Address Multiple Vulnerabilities
    May 25Apple Releases Security Update to Address Multiple Vulnerabilities in Various Products
    May 24Microsoft Office ActiveX Control Vulnerability
    May 22Cisco Releases Security Advisory to Address Multiple Vulnerabilities in Cisco IOS
    May 22Microsoft Releases Security Advisory to Announce Microsoft Office Enhancements


    Apple Releases Update for Xserve Lights-Out Management Firmware

    added June 1, 2007 at 03:48 pm

    Apple releases Firmware Update 1.0 to address a vulnerability in Xserve Lights-Out Management Firmware.  The vulnerability lies in Apple's implementation of IPMI and may allow a remote, unprivileged ipmitool user to gain administrative privileges on a Xserve system.

    US-CERT encourages users to apply Firmware Update 1.0 as soon as possible.

    US-CERT will continue to investigate this vulnerability and provide additional details as they become available.


    Mozilla Releases Security Advisories to Address Multiple Vulnerabilities

    added May 31, 2007 at 08:55 am | updated May 31, 2007 at 04:03 pm

    The Mozilla Foundation has released Security Advisories to address multiple vulnerabilities in Firefox, Thunderbird, and SeaMonkey.  The impacts of these vulnerabilities include arbitrary code execution, denial of service, memory corruption and cross-site scripting.

    More information can be found in Technical Cyber Security Alert TA07-151A and the Vulnerability Notes Database.

    US-CERT encourages users to apply the updates as described in the Security Advisories.


    Apple Releases a Security Update for QuickTime 7.1.6 to Address Multiple Vulnerabilities

    added May 29, 2007 at 04:57 pm | updated May 30, 2007 at 09:51 am

    Apple has released a Security Update for QuickTime 7.1.6 to address multiple vulnerabilities in Apple QuickTime for Java. The impacts of these vulnerabilities include arbitrary code execution and information disclosure.

    More information can be found in the following:

    US-CERT recommends users install the QuickTime 7.1.6 Security Update and follow the instructions in the Securing Your Web Browser document to disable Java.


    Apple Releases Security Update to Address Multiple Vulnerabilities in Various Products

    added May 24, 2007 at 04:47 pm | updated May 25, 2007 at 01:59 pm

    Apple has released Security Update 2007-005 to address multiple vulnerabilities in various products.  The impacts of these vulnerabilities include denial of service, arbitrary code execution, information disclosure, and privilege escalation.

    US-CERT encourages users to apply the appropriate updates as soon as possible.

    More information about this vulnerability can be found in the following:


    Microsoft Office ActiveX Control Vulnerability

    added May 23, 2007 at 08:46 pm | updated May 24, 2007 at 03:13 pm

    US-CERT is aware of reports of a vulnerability in a Microsoft Office 2000 ActiveX control.  Excessive data passed to the OUACTRL ActiveX control may result in a buffer overflow allowing arbitrary code execution or causing a denial-of-service condition.

    This vulnerability was fixed in the Microsoft UA Control Vulnerability update (released May 12, 2000), which is included in Microsoft Office 2000 SP3.

    US-CERT strongly encourages users to review the referenced documents and follow best-practice security policies to determine what updates should be applied.


    Cisco Releases Security Advisory to Address Multiple Vulnerabilities in Cisco IOS

    added May 22, 2007 at 02:30 pm

    Cisco has released Security Advisory cisco-sa-20070522-SSL to address multiple vulnerabilities in Cisco IOS.  These vulnerabilities may lead to a sustained denial-of-service condition when processing malformed SSL messages.  

    US-CERT recommends administrators apply the workarounds as described in Cisco Security Advisory cisco-sa-20070522-SSL.

    US-CERT will provide additional information as it becomes available.



    Microsoft Releases Security Advisory to Announce Microsoft Office Enhancements

    added May 22, 2007 at 09:15 am

    Microsoft has released the Microsoft Office Isolated Conversion Environment (MOICE) feature and File Block Functionality for Microsoft Office 2003 and 2007 Office system. 

    Microsoft states that MOICE converts Office 2003 binary documents to the newer Office open XML format in an isolated environment providing an additional layer of security.

    The File Block Functionality allows restrictions to be placed on specific Office file types by administrators to deny opening potentially unsafe documents.    

    More information regarding these enhancements can be found in Microsoft Security Advisory 937696.

    US-CERT strongly encourages users to review the Security Advisory and take the appropriate actions and implement these enhancements where pertinent.