Current Activity Calendar

	November 2007
Su	M	Tu	W	Th	F	Sa
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30

Please click on a date above to see current activity for that day.

November 08, 2007 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*November 8*	Microsoft Releases Advance Notification for November Security Bulletin
*November 8*	Microsoft Releases Security Advisory to Address Macrovision Vulnerability
*November 7*	Apple Releases Security Update to Address Multiple QuickTime Vulnerabilities
*November 6*	Mac OS X Leopard Firewall Changes
*November 1*	Mac DNS Changer Trojan
*October 31*	Federal Trade Commission Spoofed Email
*October 26*	Active Exploitation of Microsoft Windows URI Protocol Handling Vulnerability

Microsoft Releases Advance Notification for November Security Bulletin

added November 8, 2007 at 02:09 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that its November release cycle will contain two bulletins, one of which has a severity rating of Critical. The notification states that both bulletins are for Windows. The release is scheduled for Tuesday, November 13, 2007.

US-CERT will provide additional information as it becomes available.

Microsoft Releases Security Advisory to Address Macrovision Vulnerability

added November 6, 2007 at 09:40 am | updated November 8, 2007 at 09:23 am

Microsoft has released Security Advisory 944653 to address a vulnerability found in the Macrovision "secdrv.sys" driver included with Windows Server 2003 and Windows XP. The "secdrv.sys" driver fails to properly handle configuration parameters and may allow a local attacker to gain escalated privileges on an affected system.

US-CERT strongly encourages users apply the update provided by Macrovision or the workaround supplied by in Microsoft Security Advisory 944653.

US-CERT will provide further information as it becomes available.

Apple Releases Security Update to Address Multiple QuickTime Vulnerabilities

added November 6, 2007 at 03:51 pm | updated November 7, 2007 at 01:03 pm

Apple has released QuickTime 7.3 to address multiple vulnerabilities in QuickTime. The impacts of these vulnerabilities include arbitrary code execution and denial of service.

More information about these vulnerabilities can be found in the following:

Technical Cyber Security Alert TA-07-310A
Apple Article 306896

US-CERT encourages users to apply the appropriate updates as soon as possible.

Mac OS X Leopard Firewall Changes

added November 5, 2007 at 05:06 pm | updated November 6, 2007 at 11:30 am

Apple's Mac OS X Leopard includes an application-based firewall feature. US-CERT is aware of ambiguities in the way the firewall components supplied with Leopard report the status of the firewall configuration. Users may be misinformed of the status of their firewall rule set, thus placing listening network services at an increased risk.

Users are urged to exercise caution when relying on the firewall rules for access control.

US-CERT will provide additional information as it becomes available.

Mac DNS Changer Trojan

added November 1, 2007 at 08:56 am

US-CERT is aware of a Mac DNS changer Trojan. If executed, this Trojan will change the DNS settings of a user's machine and then report back to a command and control server. The Trojan appears as a DMG archive file which, if downloaded and installed, will run the Trojan on a user's system.

More information regarding this Trojan can be found in the SANS Internet Storm Center.

US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks:

Install anti-virus software, and keep its virus signature files up-to-date.
Block executable and unknown file types at the email gateway.
Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Federal Trade Commission Spoofed Email

added October 30, 2007 at 11:18 am | updated October 31, 2007 at 08:09 am

US-CERT is aware of fraudulent email messages purporting to be from the Federal Trade Commission's (FTC) "Fraud Department". These messages refer to a complaint filed against the email's recipient and appear to be from "frauddep@ftc.gov". The email messages contain a link to malicious software and should not be followed. Please see the Federal Trade Commission website for additional information.

More information can also be found in the US-CERT Cyber Security Alert SA07-303A.

US-CERT encourages users to take the following preventative measures to help mitigate this risk:

Do not follow unsolicited links in email messages.
Install anti-virus software, and keep its virus signature files up-to-date.
Review the Reducing Spam Cyber Security Tip.
Review the Avoiding Social Engineering and Phishing Attacks Cyber Security Tip.

Active Exploitation of Microsoft Windows URI Protocol Handling Vulnerability

added October 26, 2007 at 03:15 pm

Microsoft has released a revision to Microsoft Security Advisory (943521), which was previously reported by US-CERT in the Microsoft Windows URI Protocol Handling Vulnerability Current Activity. This revision states that because of an active exploitation the severity rating has been increased.

More information regarding this vulnerability can be found in the following:

Vulnerability Note VU#403150
Microsoft Security Advisory
MSRC Blog

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory