Current Activity Calendar

	August 2007
Su	M	Tu	W	Th	F	Sa
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Please click on a date above to see current activity for that day.

August 16, 2007 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*August 16*	Yahoo! Messenger Web Camera Invitation Handling Vulnerability
*August 15*	Cisco Releases Security Advisory for Vulnerabilities in Cisco VPN Client
*August 15*	Microsoft Releases August Security Bulletins
*August 14*	Storm Worm Variant Continues to Spread
*August 14*	Publicly Available Exploit for Microsoft FlashPix ActiveX Control
*August 9*	Microsoft Releases Advance Notification for August Security Bulletins
*August 9*	Multiple Symantec Products ActiveX Control Vulnerabilities

Yahoo! Messenger Web Camera Invitation Handling Vulnerability

added August 16, 2007 at 10:05 am | updated August 16, 2007 at 11:11 am

US-CERT is aware of a publicly reported heap overflow vulnerability in Yahoo! Messenger. By enticing a user to accept a specially crafted web camera invitation, a remote attacker may be able to cause a a denial-of-service condition or execute arbitrary code on an affected system.

Until a fix is available, US-CERT recommends that users reject unsolicited web camera invitations and block outgoing network traffic on TCP port 5100.

US-CERT will continue to investigate and will provide additional information as it becomes available.

Cisco Releases Security Advisory for Vulnerabilities in Cisco VPN Client

added August 15, 2007 at 02:21 pm

Cisco has issued a Security Advisory to address two vulnerabilities in their VPN Client for Microsoft Windows. These vulnerabilities may allow an attacker to elevate privileges on an affected system.

More information regarding these vulnerabilities can be found in the Cisco Security Advisory: Local Privilege Escalation Vulnerabilities in Cisco VPN Client.

US-CERT strongly recommends that administrators review the Cisco Security Advisory above and follow best-practice security policies to determine what updates or workarounds should be applied.

Microsoft Releases August Security Bulletins

added August 14, 2007 at 02:16 pm | updated August 15, 2007 at 07:44 am

Microsoft has released updates to address vulnerabilities in Windows, Windows Media Player, Windows Gadgets, Office, Excel, Internet Explorer, Visual Basic, Virtual Sever, and Virtual PC as part of the Microsoft Security Bulletin Summary for August 2007.

More information about these vulnerabilities is located in the Vulnerability Notes Database and Technical Cyber Security Alert TA07-226A.

US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine what updates should be applied.

Storm Worm Variant Continues to Spread

added August 14, 2007 at 02:01 pm

US-CERT is aware of public reports that the Storm Worm variant, previously reported in the US-CERT Current Activity on 29-June-2007, is currently on the rise. This variant of the Storm Worm arrives as an email message and contains a link to a malicious website that, when visited, installs malware on the user's system. The subject line of the email message may contain one of the examples listed in these US-CERT Current Activity 16-April-2007 and 20-January-2007 documents.

US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks:

Install anti-virus software, and keep its virus signature files up-to-date.
Block executable and unknown file types at the email gateway.
Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Publicly Available Exploit for Microsoft FlashPix ActiveX Control

added August 14, 2007 at 12:53 pm

US-CERT is aware of publicly available exploit code for a buffer overflow vulnerability in the Microsoft DirectX Media 6.0 SDK FlashPix ActiveX control. This vulnerability may allow a remote, unauthenticated attacker to cause a denial-of-service condition or execute arbitrary code on an affected system by convincing a user to view a specially crafted HTML document.

More information can be found in Vulnerability Note VU#466601.

US-CERT encourages users to Disable ActiveX controls as described in the Securing Your Web Browser document.

Microsoft Releases Advance Notification for August Security Bulletins

added August 9, 2007 at 02:41 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that their August release cycle will contain nine bulletins, some of which have a maximum rating of Critical. The notification further states that the bulletins affect Windows, Visual Basic, Internet Explorer, Windows Vista, Virtual PC, and Virtual Server. The release is scheduled for August 14, 2007.

US-CERT will provide additional information as it becomes available.

Multiple Symantec Products ActiveX Control Vulnerabilities

added August 9, 2007 at 02:19 pm

Symantec has released an update to mitigate an input validation error in two ActiveX controls used by Norton AntiVirus, Norton Internet Security, and Norton System Works. By enticing a user to view a specially crafted HTML document, an attacker may be able to execute arbitrary code on an affected system.

More information regarding these vulnerabilities can be found in Symantec Advisory SYM07- 021.

US-CERT recommends the following actions to help mitigate the security risk:

Apply the update as described in Symantec Advisory SYM07-021
Disable ActiveX as described in the Securing Your Web Browser document

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory