Current Activity Calendar

	September 2007
Su	M	Tu	W	Th	F	Sa
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30

Please click on a date above to see current activity for that day.

September 20, 2007 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*September 20*	New VMware Product Versions Addresses Several Vulnerabilities
*September 20*	Microsoft Windows MFC Libraries Buffer Overflow Vulnerability
*September 19*	Mozilla Releases Security Advisory to Mitigate QuickTime Code Execution Vulnerability
*September 14*	Public Exploit Code Targeting Firefox and QuickTime
*September 11*	Microsoft Releases September Security Bulletins
*September 11*	Worm Targeting Skype for Windows Users
*September 10*	Storm Worm Variant Spreads by Fictitious NFL Email

New VMware Product Versions Addresses Several Vulnerabilities

added September 19, 2007 at 01:24 pm | updated September 20, 2007 at 01:26 pm

VMware has released updates for several products in part to address several vulnerabilities. These vulnerabilities may allow an attacker to overwrite arbitrary files, gain elevated privileges, cause a denial-of-service condition, or execute arbitrary code on an affected system. Affected products include VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player.

More information regarding these vulnerabilities can be found in VMware Security Advisory VMSA-2007-0006.

US-CERT recommends that users upgrade to the latest versions to help mitigate the security risks.

Microsoft Windows MFC Libraries Buffer Overflow Vulnerability

added September 18, 2007 at 02:08 pm | updated September 20, 2007 at 09:09 am

US-CERT is aware of a vulnerability in the Microsoft Windows MFC42 and MFC71 libraries. Specifically, the vulnerability exists due to the "FindFile" function failing to properly validate the length of user supplied input. By passing an overly long argument to the "FindFile" function, an attacker may be able to cause a buffer overflow and execute arbitrary code on an affected system. Any application that utilizes these libraries and allows users to manipulate the arguments being passed to the API may be affected.

More information regarding this vulnerability can be found in Vulnerability Note VU#611008.

Mozilla Releases Security Advisory to Mitigate QuickTime Code Execution Vulnerability

added September 19, 2007 at 09:41 am

Mozilla has released security advisory MFSA 2007-28 to address a weakness that may allow an attacker to execute arbitrary commands on an affected system. This update may prevent exploitation of a vulnerability in Apple QuickTime by removing Firefox's ability to run arbitrary scripts, which are provided by command line arguments. More information regarding this vulnerability can be found in Vulnerability Note VU#751808.

To help mitigate this security risk, US-CERT recommends that users apply the updates and workarounds described in Vulnerability Note VU#751808 and Mozilla security advisory MFSA 2007-28.

Public Exploit Code Targeting Firefox and QuickTime

added September 12, 2007 at 04:26 pm | updated September 14, 2007 at 09:02 am

US-CERT is aware of working publicly available exploit code that targets users with Firefox and QuickTime installed. This exploit allows a remote, unauthenticated attacker to execute arbitrary commands on an affected system.

More information regarding this vulnerability can be found in Vulnerability Note VU#751808.

Until updates are available, US-CERT encourages administrators and users to view only trusted QuickTime movies.

Microsoft Releases September Security Bulletins

added September 11, 2007 at 01:56 pm

Microsoft has released updates to address vulnerabilities in Windows, Visual Studio, Windows Services for UNIX, Subsystem for UNIX-based Applications, MSN Messenger, and Windows Live Messenger as part of the Microsoft Security Bulletin Summary for September 2007.

More information about these vulnerabilities is located in the Vulnerability Notes Database.

US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine what updates should be applied.

Worm Targeting Skype for Windows Users

added September 11, 2007 at 01:40 pm

US-CERT is aware of public reports of a new worm targeting Skype users on Windows based systems. This worm uses Skype's chat function to send a message to other users. The chat message contains a link that appears to be to a .JPG image file, that when followed, attempts to download or install a malicious .scr file. If one saves or executes this malicious .scr file, the host computer will be infected with the w32/Ramex.A virus.

More information regarding this worm can be found in the Skype status announcement.

US-CERT will continue to monitor this activity and may update with additional information.

Storm Worm Variant Spreads by Fictitious NFL Email

added September 10, 2007 at 02:47 pm

US-CERT is aware of public reports that the Storm Worm variant, previously reported in the US-CERT Current Activity on 29-June-2007, is currently spreading by email messages purporting to be an NFL (National Football League) game statistics website. This variant of the Storm Worm arrives as an email message and contains a link to a malicious website that, when visited, installs malware on the user's system.

US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks:

Install anti-virus software, and keep its virus signature files up-to-date.
Block executable and unknown file types at the email gateway.
Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory