November 13, 2007 - Current Activity

Microsoft Releases November Security Bulletins

Microsoft has released updates to address vulnerabilities in Windows as part of the Microsoft Security Bulletin Summary for November 2007.

More information about these vulnerabilities can be found in Technical Cyber Security Alert TA07-317A.

US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Public Exploit for Oracle Database Server Vulnerability

US-CERT is aware of publicly available exploit code for a vulnerability that affects Oracle Database Server. This vulnerability may allow a remote, authenticated attacker to execute arbitrary code on affected systems. 

US-CERT will provide more information as it becomes available.

Microsoft Releases Advance Notification for November Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its November release cycle will contain two bulletins, one of which has a severity rating of Critical. The notification states that both bulletins are for Windows.  The release is scheduled for Tuesday, November 13, 2007.

US-CERT will provide additional information as it becomes available.

Microsoft Releases Security Advisory to Address Macrovision Vulnerability

Microsoft has released Security Advisory 944653 to address a vulnerability found in the Macrovision "secdrv.sys" driver included with Windows Server 2003 and Windows XP.  The "secdrv.sys" driver fails to properly handle configuration parameters and may allow a local attacker to gain escalated privileges on an affected system.

US-CERT strongly encourages users apply the update provided by Macrovision or the workaround supplied by in Microsoft Security Advisory 944653.

US-CERT will provide further information as it becomes available.

Apple Releases Security Update to Address Multiple QuickTime Vulnerabilities

Apple has released QuickTime 7.3 to address multiple vulnerabilities in QuickTime.  The impacts of these vulnerabilities include arbitrary code execution and denial of service.

More information about these vulnerabilities can be found in the following:

• Technical Cyber Security Alert TA-07-310A
• Apple Article 306896

Mac OS X Leopard Firewall Changes

Apple's Mac OS X Leopard includes an application-based firewall feature. US-CERT is aware of ambiguities in the way the firewall components supplied with Leopard report the status of the firewall configuration. Users may be misinformed of the status of their firewall rule set, thus placing listening network services at an increased risk.

Users are urged to exercise caution when relying on the firewall rules for access control.

US-CERT will provide additional information as it becomes available.

Mac DNS Changer Trojan

US-CERT is aware of a Mac DNS changer Trojan. If executed, this Trojan will change the DNS settings of a user's machine and then report back to a command and control server. The Trojan appears as a DMG archive file which, if downloaded and installed, will run the Trojan on a user's system.

More information regarding this Trojan can be found in the SANS Internet Storm Center.

US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks:

• Install anti-virus software, and keep its virus signature files up-to-date.
• Block executable and unknown file types at the email gateway.
• Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.