February 11, 2008 - Current Activity

Mozilla Firefox view-source Information Disclosure Vulnerability

US-CERT is aware of public reports of a vulnerability in Mozilla Firefox 2.0.0.12.  This vulnerability may allow an attacker to read files from the Firefox installation directory, which may include some add-ons.

US-CERT encourages users to install the NoScript add-on to help mitigate the risks and will provide more information as it becomes available.

Trojan Spreading via MSN Messenger

There are reports of a Trojan spreading via MSN Messenger.  The Trojan arrives as a chat message with a link to a web site. This website links to an executable file. These messages may appear to come from a known contact.

US-CERT urges users and administrators to take the following preventative measures to help mitigate the security risks:

• Install anti-virus software, and keep virus signature files up-to-date.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Active Exploitation of Adobe Reader Vulnerabilities

US-CERT has received information that vulnerabilities affecting Adobe Reader are actively being exploited.  These vulnerabilities are exploited through a maliciously crafted PDF file containing a variant of the Zonebac Trojan. 

US-CERT strongly urges users to take the following steps:

• Update to Adobe Reader 8.1.2.
• Review Adobe Knowledgebase Article kb403079.
• Disable the displaying of PDF documents in the web browser by performing the following steps:
  
  1. Open Adobe Reader.
  2. Open the Edit menu.
  3. Choose the preferences option.
  4. Choose the Internet section.
  5. Un-check the "Display PDF in browser" check box.

Mozilla Releases Updates to Address Vulnerabilities in Multiple Products

Mozilla has released Firefox 2.0.0.12, Thunderbird 2.0.0.12, and SeaMonkey 1.1.8 to address multiple vulnerabilities. The impacts of these vulnerabilities include arbitrary code execution, denial of service, cross-site scripting, directory traversal, and information disclosure.

More information regarding these vulnerabilities and updated products can be found at the Mozilla Foundation Security Advisory web site and in the Vulnerability Notes Database.

US-CERT will continue to investigate and provide additional information as it becomes available.

Microsoft to Release Internet Explorer 7.0 via WSUS

Microsoft has issued Knowledge Base article 946202 indicating that on Tuesday, February 12, 2008, they will release Windows Internet Explorer (IE) 7 via Windows Server Update Services (WSUS). This update will only affect users and administrators who use WSUS to manage updates.

Users and administrators of Internet Explorer who do not wish to upgrade to IE 7 should review the "Postponing the Windows Internet Explorer 7 Deployment" section in Knowledge Base article 946202.

Microsoft Releases Advance Notification for February Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its February release cycle will contain 12 bulletins, seven of which will have a severity rating of Critical.  The notification states that these Critical bulletins are for Microsoft Windows, Office, Visual Basic, VBScript, JScript and Internet Explorer. There will also be five Important bulletins for Windows, IIS, Active Directory, ADAM, Office, Works, and Works Suite. The release is scheduled for Tuesday, February 12, 2008.

US-CERT will provide additional information as it becomes available.

Adobe Reader Update

Adobe has released Adobe Reader 8.1.2 to address multiple unspecified vulnerabilities.

US-CERT encourages users to review Adobe Knowledgebase Article kb403079 and apply the update as soon as possible.

Apple QuickTime Update

Apple has released QuickTime 7.4.1 to address a vulnerability in QuickTime.  By convincing a user to visit a malicious web site, an attacker may be able to execute arbitrary code or cause a denial of service condition.

More information about this vulnerability is located in the Vulnerability Notes Database.

US-CERT encourages users to apply the appropriate updates as soon as possible.

Sun Java SE 6 Update

Sun has released an update for Java SE 6.  This update addresses two vulnerabilities.  These vulnerabilities may allow an untrusted application to execute with elevated privileges on an affected system.

US-CERT encourages users to review the Sun Java SE 6 Update 4 release notes and apply the update.

US-CERT will provide more information as it becomes available.

Fraudulent Microsoft Update Web Site

US-CERT is aware of a fraudulent Microsoft Update web site. This web site contains an "Urgent Install" button that, when clicked, attempts to download and install malicious software on a user's system. The file that attempts to download is not signed by Microsoft and is called "WindowsUpdateAgent30-x86-x64.exe". Of further interest, this web site is using fast flux DNS for its web hosting.

US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks:

• Install anti-virus software, and keep its virus signature files up-to-date.
• Do not follow unsolicited web links received in email messages.
• Verify the web site by manually typing the URL when attempting to connect to web sites recommended in an email.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
• Follow the guidance provided in the Recognize and avoid fraudulent e-mail to Microsoft customers document from Microsoft.