October 26, 2007 - Current Activity

Active Exploitation of Microsoft Windows URI Protocol Handling Vulnerability

Microsoft has released a revision to Microsoft Security Advisory (943521), which was previously reported by US-CERT in the Microsoft Windows URI Protocol Handling Vulnerability Current Activity. This revision states that because of an active exploitation the severity rating has been increased.

More information regarding this vulnerability can be found in the following:

• Vulnerability Note VU#403150
• Microsoft Security Advisory
• MSRC Blog
  

New Storm Worm Variant Disables Security Software

US-CERT is aware of a new Storm Worm variant. Functionality in this variant can cause certain types of programs, including anti-virus and network access control programs, to appear as if they are functioning correctly, though the process(es) have been disabled by the worm.

More information can be found in the eWEEK Security News and Sophos Security Information Blog.

US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks:

• Install anti-virus software, and keep its virus signature files up-to-date.
• Block executable and unknown file types at the email gateway.
• Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
  

California Wildfires Spawn Phishing Sites

US-CERT has received reports of multiple phishing sites that attempt to trick users into donating funds to fraudulent foundations in the aftermath of the California Wildfires. US-CERT warns users to expect an increase in targeted phishing emails due to the recent events in California.

Phishing emails may appear as requests from a charitable organization asking the users to click on a link that will then take them to a fraudulent site that appears to be a legitimate charity. The users are then asked to provide personal information that can further expose them to future compromises.

Users are encouraged to take the following measures to protect themselves from this type of phishing attack:

1. Do not follow unsolicited web links received in email messages.
2. Contact your financial institution immediately if you believe your account/and or financial information has been compromised.

RealNetworks Issues Security Update for RealPlayer Vulnerability

RealNetworks has issued a Security Update to address the previously reported buffer overflow vulnerability in RealPlayer. This vulnerability could allow an attacker to execute arbitrary code on an affected system by enticing a user to view a specially crafted HTML document.

US-CERT recommends that users apply the update as described in the Security Update from RealNetworks.

More information regarding this vulnerability can be found in Vulnerability Note VU#871673 and in Technical Cyber Security Alert TA07-297A.

Active Exploitation of Vulnerabilities in Adobe Acrobat and Adobe Reader

US-CERT is aware of active exploitation of a previously reported vulnerability in Adobe Acrobat, Adobe Reader, and other Adobe PDF products. Adobe has released an update and provided a workaround to address this vulnerability.

US-CERT encourages users to apply the update or workaround as soon as possible to mitigate this risk.

More information is available in the Adobe Security Advisory APSB07-18.

Mozilla Releases Security Advisories to Address Multiple Vulnerabilities

Mozilla has released Security Advisories to address several vulnerabilities in Firefox, Thunderbird, and SeaMonkey. These vulnerabilities may allow an attacker to hide the window title bar, execute arbitrary code or commands, or access arbitrary information on an affected system.

More information regarding these vulnerabilities can be found in the Vulnerability Notes Database.

US-CERT encourages users to upgrade to the latest versions as described in the Security Advisories.

Active Exploitation of a Vulnerability in RealPlayer

US-CERT is aware of active exploitation of a buffer overflow vulnerability in RealPlayer. This vulnerability affects RealPlayer version 9 and later, and may allow an attacker to execute arbitrary code on an affected system.

Until a fix becomes available, US-CERT recommends that users disable ActiveX as described in the Securing Your Web Browser document to help mitigate the security risk.

US-CERT will continue to investigate and provide additional information as it becomes available.