Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
August 2007
 Right Arrow
Su M Tu W Th F Sa
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    August 09, 2007 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    August 9Microsoft Releases Advance Notification for August Security Bulletins
    August 9Multiple Symantec Products ActiveX Control Vulnerabilities
    August 9 Cisco Releases Security Advisories for Multiple Vulnerabilities in IOS and Unified Communications Manager
    August 1Apple Releases Update for iPhone
    August 1US-CERT Warns Public of Fraudulent Phishing Email
    July 31Mozilla Releases Update to Address URI Sanitization Vulnerability
    July 27Microsoft Windows URI Protocol Handling Vulnerability


    Microsoft Releases Advance Notification for August Security Bulletins

    added August 9, 2007 at 02:41 pm

    Microsoft has issued a Security Bulletin Advance Notification indicating that their August release cycle will contain nine bulletins, some of which have a maximum rating of Critical. The notification further states that the bulletins affect Windows, Visual Basic, Internet Explorer, Windows Vista, Virtual PC, and Virtual Server. The release is scheduled for August 14, 2007.

    US-CERT will provide additional information as it becomes available.


    Multiple Symantec Products ActiveX Control Vulnerabilities

    added August 9, 2007 at 02:19 pm

    Symantec has released an update to mitigate an input validation error in two ActiveX controls used by Norton AntiVirus, Norton Internet Security, and Norton System Works. By enticing a user to view a specially crafted HTML document, an attacker may be able to execute arbitrary code on an affected system.

    More information regarding these vulnerabilities can be found in Symantec Advisory     SYM07- 021.

    US-CERT recommends the following actions to help mitigate the security risk:


    Cisco Releases Security Advisories for Multiple Vulnerabilities in IOS and Unified Communications Manager

    added August 8, 2007 at 03:19 pm | updated August 9, 2007 at 09:55 am

    Cisco has issued four Security Advisories to address several vulnerabilities in their Internetwork Operating System (IOS) and Unified Communications Manager. These vulnerabilities may allow an attacker to overwrite or retrieve arbitrary files, cause a denial-of-service condition, or execute arbitrary code on an affected system. US-CERT is aware of publicly available exploit code for one of these vulnerabilities.

    More information regarding these vulnerabilities can be found in the following:

    US-CERT strongly recommends that administrators review the Cisco Security Advisories above and follow best-practice security policies to determine what updates or workarounds should be applied.


    Apple Releases Update for iPhone

    added August 1, 2007 at 10:20 am

    Apple has released an update to address several vulnerabilities in the iPhone. These vulnerabilities may allow an attacker to execute arbitrary code or conduct cross-site scripting attacks on an affected device. 

    More information about these vulnerabilities and the iPhone v1.0.1 update can be found in the Apple update advisory.

    US-CERT strongly encourages users to review the advisory and follow best-practice security policies to determine what updates should be applied.


    US-CERT Warns Public of Fraudulent Phishing Email

    added August 1, 2007 at 08:39 am

    US-CERT is aware of a recent surge in fraudulent phishing e-mail messages.  The messages, claiming to be from the United States National Medical Association, contain a subject line that reads "The United States National Medical Association" and a link that, when followed, will direct the user to a malicious website.  These messages are not from any United States government agency.

    Users are encouraged to take the following measures to protect themselves from phishing attacks:
        * Do not follow unsolicited web links received in email messages.
        * Verify the legitimacy of the email by contacting the company or agency directly through a trusted contact number.
        * Visit the Anti-Phishing Working Group for more information on known phishing attacks.

    For additional information regarding phishing, US-CERT recommends reading the following documents:
       1. Technical Trends in Phishing Attacks
       2. Recognizing and Avoiding Email Scams
       3. Avoiding Social Engineering and Phishing Attacks


    Mozilla Releases Update to Address URI Sanitization Vulnerability

    added July 31, 2007 at 03:07 pm

    Mozilla has released an update for the Firefox browser to address two vulnerabilities with URI sanitization.  These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code on an affected system. 

    More information regarding these vulnerabilities and the Firefox update can be found in the following:

    US-CERT encourages users to upgrade to Firefox 2.0.0.6 which has been released to address these vulnerabilities.


    Microsoft Windows URI Protocol Handling Vulnerability

    added July 27, 2007 at 03:21 pm

    US-CERT is aware of a vulnerability in the way Microsoft Windows determines how to handle URIs, which may be be leveraged by a remote attacker to execute arbitrary commands on an affected system.  Public reports demonstrate that Mozilla Firefox can be used to pass malicious URIs to Windows, but other applications may also act as attack vectors for this vulnerability.

    More information regarding this vulnerability can be found in Vulnerability Note VU#403150.