Current Activity Calendar

	June 2007
Su	M	Tu	W	Th	F	Sa
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

Please click on a date above to see current activity for that day.

June 25, 2007 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*June 25*	Apple Releases Security Update 2007-006 and Safari 3 Beta Update 3.0.2 to Address Multiple Vulnerabilities
*June 22*	CA Releases Updates for Multiple Vulnerabilities in Products that Use the Ingres Database
*June 21*	Cerulean Studios Trillian Instant Messenger Vulnerability
*June 14*	FBI Charges "Bot-Herders"
*June 13*	Microsoft Releases June Security Bulletins
*June 8*	Publicly Available Exploit for Yahoo! Messenger IM Client ActiveX Control Vulnerabilities
*June 7*	Microsoft Releases Advance Notification for June Security Bulletins

Apple Releases Security Update 2007-006 and Safari 3 Beta Update 3.0.2 to Address Multiple Vulnerabilities

added June 25, 2007 at 10:39 am

Apple has released Security Update 2007-006 and Safari 3 Beta Update 3.0.2 to address multiple vulnerabilities in WebCore, WebKit, and Safari 3 Beta. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct cross-site scripting attacks, or alter the contents of the address bar in the Safari web browser.

More information regarding the vulnerabilities and remediation information can be found in the following:

Vulnerability Notes Database
Apple Security Update 2007-006
Safari Beta 3 Download Site

US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine what updates should be applied.

CA Releases Updates for Multiple Vulnerabilities in Products that Use the Ingres Database

added June 22, 2007 at 03:26 pm

Computer Associates has released updates to address several vulnerabilities in products that use the Ingres database. These vulnerabilities may allow an attacker to execute arbitrary code on an affected system.

More information regarding these vulnerabilities and which applications are affected can be found in the CA Security Advisor "CA Products That Embed Ingres Multiple Vulnerabilities" document.

US-CERT strongly encourages users to review the CA Security Advisor "CA Products That Embed Ingres Multiple Vulnerabilities" document and follow best-practice security policies to determine what updates should be applied.

Cerulean Studios Trillian Instant Messenger Vulnerability

added June 20, 2007 at 02:43 pm | updated June 21, 2007 at 04:47 pm

US-CERT is aware of a heap overflow vulnerability in Cerulean Studios Trillian Instant Messenger. The vulnerability may be exploited by viewing a malicious message containing a specially crafted UTF-8 string. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code with the credentials of the currently logged on user.

More information about this vulnerability can be found in Vulnerability Note VU#187033.

US-CERT encourages users to upgrade to Trillian 3.1.6.0 which has been released to address this vulnerability.

FBI Charges "Bot-Herders"

added June 14, 2007 at 02:54 pm

The FBI's "Operation Bot Roast" has identified over 1 million computers across the country that have been compromised by botnets. For more information on how to identify, report, and prevent attacks, see US-CERT's Cyber Security Tip "Understanding Hidden Threats: Rootkits and Botnets".

Microsoft Releases June Security Bulletins

added June 12, 2007 at 01:18 pm | updated June 13, 2007 at 08:36 am

Microsoft has released updates to address vulnerabilities in Windows, Internet Explorer, Outlook Express, Windows Mail, Visio, and the Windows Schannel Security Package as part of the Microsoft Security Bulletin Summary for June 2007.

More information about these vulnerabilities is located in the Vulnerability Notes Database and Technical Cyber Security Alert TA07-163A.

US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine what updates should be applied.

Publicly Available Exploit for Yahoo! Messenger IM Client ActiveX Control Vulnerabilities

added June 8, 2007 at 11:40 am | updated June 8, 2007 at 12:57 pm

US-CERT is aware of publicly available exploit code for vulnerabilities in the Yahoo! Messenger Webcam Upload (ywcupl.dll) and Webcam Viewer (ywcvwr.dll) ActiveX controls that may allow an attacker to execute arbitrary code on a user's machine.

More information about the vulnerabilities can be found in the following:

Vulnerability Note VU#932217
Vulnerability Note VU#949817
Yahoo! Webcam ActiveX Controls Security Update.

US-CERT recommends users take the following actions to mitigate the security risks:

Apply the update as described in the Yahoo! Webcam ActiveX Controls Security Update.
Disable the ActiveX controls listed in the Yahoo! Webcam ActiveX Controls Security Update.
Disable ActiveX as described in the Securing Your Web Browser document.

Microsoft Releases Advance Notification for June Security Bulletins

added June 7, 2007 at 03:23 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that their June release cycle will contain six bulletins, four of which have a maximum severity rating of Critical. The notification further states that the four Critical bulletins are for Windows, Internet Explorer, and Outlook Express. There will also be two non-critical bulletins for Visio and Windows as well as an updated version of the Microsoft Windows Malicious Software Removal Tool. The release is scheduled for Tuesday, June 12, 2007.

US-CERT will provide additional information as it becomes available.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory