Current Activity Calendar

	June 2007
Su	M	Tu	W	Th	F	Sa
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

Please click on a date above to see current activity for that day.

June 22, 2007 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*June 22*	CA Releases Updates for Multiple Vulnerabilities in Products that Use the Ingres Database
*June 21*	Cerulean Studios Trillian Instant Messenger Vulnerability
*June 14*	FBI Charges "Bot-Herders"
*June 13*	Microsoft Releases June Security Bulletins
*June 8*	Publicly Available Exploit for Yahoo! Messenger IM Client ActiveX Control Vulnerabilities
*June 7*	Microsoft Releases Advance Notification for June Security Bulletins
*June 7*	Computer Associates Release Security Notice for Anti-Virus Engine

CA Releases Updates for Multiple Vulnerabilities in Products that Use the Ingres Database

added June 22, 2007 at 03:26 pm

Computer Associates has released updates to address several vulnerabilities in products that use the Ingres database. These vulnerabilities may allow an attacker to execute arbitrary code on an affected system.

More information regarding these vulnerabilities and which applications are affected can be found in the CA Security Advisor "CA Products That Embed Ingres Multiple Vulnerabilities" document.

US-CERT strongly encourages users to review the CA Security Advisor "CA Products That Embed Ingres Multiple Vulnerabilities" document and follow best-practice security policies to determine what updates should be applied.

Cerulean Studios Trillian Instant Messenger Vulnerability

added June 20, 2007 at 02:43 pm | updated June 21, 2007 at 04:47 pm

US-CERT is aware of a heap overflow vulnerability in Cerulean Studios Trillian Instant Messenger. The vulnerability may be exploited by viewing a malicious message containing a specially crafted UTF-8 string. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code with the credentials of the currently logged on user.

More information about this vulnerability can be found in Vulnerability Note VU#187033.

US-CERT encourages users to upgrade to Trillian 3.1.6.0 which has been released to address this vulnerability.

FBI Charges "Bot-Herders"

added June 14, 2007 at 02:54 pm

The FBI's "Operation Bot Roast" has identified over 1 million computers across the country that have been compromised by botnets. For more information on how to identify, report, and prevent attacks, see US-CERT's Cyber Security Tip "Understanding Hidden Threats: Rootkits and Botnets".

Microsoft Releases June Security Bulletins

added June 12, 2007 at 01:18 pm | updated June 13, 2007 at 08:36 am

Microsoft has released updates to address vulnerabilities in Windows, Internet Explorer, Outlook Express, Windows Mail, Visio, and the Windows Schannel Security Package as part of the Microsoft Security Bulletin Summary for June 2007.

More information about these vulnerabilities is located in the Vulnerability Notes Database and Technical Cyber Security Alert TA07-163A.

US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine what updates should be applied.

Publicly Available Exploit for Yahoo! Messenger IM Client ActiveX Control Vulnerabilities

added June 8, 2007 at 11:40 am | updated June 8, 2007 at 12:57 pm

US-CERT is aware of publicly available exploit code for vulnerabilities in the Yahoo! Messenger Webcam Upload (ywcupl.dll) and Webcam Viewer (ywcvwr.dll) ActiveX controls that may allow an attacker to execute arbitrary code on a user's machine.

More information about the vulnerabilities can be found in the following:

Vulnerability Note VU#932217
Vulnerability Note VU#949817
Yahoo! Webcam ActiveX Controls Security Update.

US-CERT recommends users take the following actions to mitigate the security risks:

Apply the update as described in the Yahoo! Webcam ActiveX Controls Security Update.
Disable the ActiveX controls listed in the Yahoo! Webcam ActiveX Controls Security Update.
Disable ActiveX as described in the Securing Your Web Browser document.

Microsoft Releases Advance Notification for June Security Bulletins

added June 7, 2007 at 03:23 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that their June release cycle will contain six bulletins, four of which have a maximum severity rating of Critical. The notification further states that the four Critical bulletins are for Windows, Internet Explorer, and Outlook Express. There will also be two non-critical bulletins for Visio and Windows as well as an updated version of the Microsoft Windows Malicious Software Removal Tool. The release is scheduled for Tuesday, June 12, 2007.

US-CERT will provide additional information as it becomes available.

Computer Associates Release Security Notice for Anti-Virus Engine

added June 7, 2007 at 03:20 pm

The Computer Associates Anti-Virus engine fails to properly process CAB archives. These vulnerabilities may allow an unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.

More information can be found in the following:

Vulnerability Note VU#105105
Vulnerability Note VU#739409
Computer Associates Security Notice

US-CERT encourages users to apply the updates as described in the Computer Associates Security Notice.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory