Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
October 2007
 Right Arrow
Su M Tu W Th F Sa
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    October 17, 2007 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    October 17Cisco Releases Security Advisories to Address Several Vulnerabilities
    October 17 Oracle Releases October Critical Patch Update
    October 12OpenSSL Security Advisory
    October 12Microsoft Updates Security Bulletin MS05-004
    October 11CA BrightStor ARCserve Backup Vulnerabilities
    October 9Adobe Acrobat and Adobe Reader Vulnerability
    October 9Microsoft Releases October Security Bulletins


    Cisco Releases Security Advisories to Address Several Vulnerabilities

    added October 17, 2007 at 02:36 pm

    Cisco has released four Security Advisories to address several vulnerabilities in its Firewall Services Module, PIX, Adaptive Security Appliance, Unified Communications Manager, and Unified Communications Web-based Management products.

    Cisco Security Advisory: Multiple Vulnerabilities in Firewall Services Module addresses three vulnerabilities that may allow an attacker to bypass network access control list entries or cause a denial-of-service condition.

    Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and ASA Appliances addresses two vulnerabilities that may allow an attacker to cause a denial-of-service condition.

    Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities addresses two vulnerabilities that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.

    Cisco Security Advisory: Cisco Unified Communications Web-based Management Vulnerability addresses a vulnerability that may allow any Microsoft Windows Active Directory domain defined user to obtain unauthorized privilege levels.

    US-CERT strongly encourages administrators to review the above Cisco Security Advisories and follow best-practice security policies to determine what updates and workarounds should be applied.


    Oracle Releases October Critical Patch Update

    added October 17, 2007 at 09:24 am

    Oracle has released their October Critical Patch Update (CPU) to address 51 vulnerabilities across several products. This CPU contains twenty-eight security fixes for Oracle Database; eleven for Oracle Application Server; seven for Oracle Collaboration Suite; eight for Oracle E-Business Suite; two for Oracle Enterprise Manager; two for Oracle PeopleSoft Enterprise PeopleTools; and one for PeopleSoft Enterprise Human Capital Management.

    US-CERT strongly encourages users to review the October CPU and follow best-practice security policies to determine which updates to apply.


    OpenSSL Security Advisory

    added October 12, 2007 at 02:16 pm

    OpenSSL has released a security advisory to address two vulnerabilities in OpenSSL. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code on an affected system, other impacts are unknown at this time.

    More information regarding this vulnerability can be found in the OpenSSL security advisory.   

    US-CERT strongly encourages users to review the OpenSSL security advisory and follow best-practice security policies to determine what updates should be applied.


    Microsoft Updates Security Bulletin MS05-004

    added October 10, 2007 at 01:33 pm | updated October 12, 2007 at 09:46 am

    Microsoft has released an update to Security Bulletin MS05-004 adding Windows Server 2003 Service Pack 2 and Windows Vista to the affected software. This ASP .NET path validation vulnerability may allow a remote, unauthenticated attacker to gain access to secure website content by using a specially crafted URL.

    More information regarding this vulnerability can be found in Vulnerability Note VU#283646.

    US-CERT recommends users update to the latest version of .NET Framework.  


    CA BrightStor ARCserve Backup Vulnerabilities

    added October 11, 2007 at 03:44 pm

    US-CERT is aware of multiple vulnerabilities that affect CA BrightStor ARCserve Backup.  These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code, escalate privileges or cause a denial-of-service condition.

    More information regarding these vulnerabilities can be found in the CA BrightStor ARCserve Backup Security Notice.

    US-CERT recommends that users apply vendor supplied patches to help mitigate the security risks.


    Adobe Acrobat and Adobe Reader Vulnerability

    added October 9, 2007 at 03:31 pm

    Adobe has issued a Security Advisory to address a vulnerability in Adobe Acrobat and Adobe Reader. By convincing a user to open a specially crafted pdf file in Microsoft Internet Explorer 7, an attacker may be able to execute arbitrary code.

    US-CERT recommends that users apply the workaround found in the Adobe Security Advisory.


    Microsoft Releases October Security Bulletins

    added October 9, 2007 at 03:15 pm

    Microsoft has released updates to address vulnerabilities in Windows, Outlook Express, Windows Mail, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for October 2007.

    More information about these vulnerabilities is located in Technical Cyber Security Alert TA07-282A.

    US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine what updates should be applied.