Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
left_arrow
February 2008
 right_arrow
Su M Tu W Th F Sa
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    February 12, 2008 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    February 12Apple Releases Security Updates for Multiple Vulnerabilities
    February 12Microsoft Releases February Security Bulletin
    February 12Active Exploitation of Adobe Reader Vulnerabilities
    February 11Mozilla Firefox view-source Information Disclosure Vulnerability
    February 11Trojan Spreading via MSN Messenger
    February 11Mozilla Releases Updates to Address Vulnerabilities in Multiple Products
    February 8Microsoft to Release Internet Explorer 7.0 via WSUS
    February 7Microsoft Releases Advance Notification for February Security Bulletin
    February 7Adobe Reader Update
    February 7Apple QuickTime Update


    Apple Releases Security Updates for Multiple Vulnerabilities

    added February 12, 2008 at 09:40 am | updated February 12, 2008 at 04:08 pm

    Apple has released Security Update 2008-001 and Mac OS X 10.5.2  to address multiple vulnerabilities in Mac OS X and related products.  The impacts of these vulnerabilities include remote code execution, denial of service, and information disclosure.

    US-CERT encourages users to apply the appropriate updates as soon as possible.

    More information about these vulnerabilities is located in the Vulnerability Notes Database and in Technical Cyber Security Alert TA08-043B.


    Microsoft Releases February Security Bulletin

    added February 12, 2008 at 01:55 pm

    Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Visual Basic, VBScript, JScript, Internet Explorer, IIS, Active Directory, ADAM, Office, Works, and Works Suite as part of the Microsoft Security Bulletin Summary for February 2008.

    US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine which updates should be applied.


    Active Exploitation of Adobe Reader Vulnerabilities

    added February 11, 2008 at 11:41 am | updated February 12, 2008 at 09:40 am

    US-CERT has received information that vulnerabilities affecting Adobe Reader are actively being exploited.  These vulnerabilities are exploited through a maliciously crafted PDF file containing a variant of the Zonebac Trojan. 

    US-CERT strongly urges users to take the following steps:

    • Update to Adobe Reader 8.1.2.
    • Review Adobe Knowledgebase Article kb403079.
    • Disable the displaying of PDF documents in the web browser by performing the following steps:
      1. Open Adobe Reader.
      2. Open the Edit menu.
      3. Choose the preferences option.
      4. Choose the Internet section.
      5. Un-check the "Display PDF in browser" check box.
    More information about these vulnerabilities is located in the Vulnerability Notes Database and in Technical Cyber Security Alert TA08-043A.

    US-CERT will continue to provide information as it becomes available.


    Mozilla Firefox view-source Information Disclosure Vulnerability

    added February 11, 2008 at 11:46 am

    US-CERT is aware of public reports of a vulnerability in Mozilla Firefox 2.0.0.12.  This vulnerability may allow an attacker to read files from the Firefox installation directory, which may include some add-ons.

    US-CERT encourages users to install the NoScript add-on to help mitigate the risks and will provide more information as it becomes available.


    Trojan Spreading via MSN Messenger

    added February 11, 2008 at 11:43 am

    There are reports of a Trojan spreading via MSN Messenger.  The Trojan arrives as a chat message with a link to a web site. This website links to an executable file. These messages may appear to come from a known contact.

    US-CERT urges users and administrators to take the following preventative measures to help mitigate the security risks:

    US-CERT will provide more information as it becomes available.


    Mozilla Releases Updates to Address Vulnerabilities in Multiple Products

    added February 8, 2008 at 09:48 am | updated February 11, 2008 at 09:53 am

    Mozilla has released Firefox 2.0.0.12, Thunderbird 2.0.0.12, and SeaMonkey 1.1.8 to address multiple vulnerabilities. The impacts of these vulnerabilities include arbitrary code execution, denial of service, cross-site scripting, directory traversal, and information disclosure.

    More information regarding these vulnerabilities and updated products can be found at the Mozilla Foundation Security Advisory web site and in the Vulnerability Notes Database.

    US-CERT will continue to investigate and provide additional information as it becomes available.


    Microsoft to Release Internet Explorer 7.0 via WSUS

    added February 8, 2008 at 01:32 pm

    Microsoft has issued Knowledge Base article 946202 indicating that on Tuesday, February 12, 2008, they will release Windows Internet Explorer (IE) 7 via Windows Server Update Services (WSUS). This update will only affect users and administrators who use WSUS to manage updates.

    Users and administrators of Internet Explorer who do not wish to upgrade to IE 7 should review the "Postponing the Windows Internet Explorer 7 Deployment" section in Knowledge Base article 946202.


    Microsoft Releases Advance Notification for February Security Bulletin

    added February 7, 2008 at 01:49 pm

    Microsoft has issued a Security Bulletin Advance Notification indicating that its February release cycle will contain 12 bulletins, seven of which will have a severity rating of Critical.  The notification states that these Critical bulletins are for Microsoft Windows, Office, Visual Basic, VBScript, JScript and Internet Explorer. There will also be five Important bulletins for Windows, IIS, Active Directory, ADAM, Office, Works, and Works Suite. The release is scheduled for Tuesday, February 12, 2008.

    US-CERT will provide additional information as it becomes available.


    Adobe Reader Update

    added February 7, 2008 at 10:20 am

    Adobe has released Adobe Reader 8.1.2 to address multiple unspecified vulnerabilities.

    US-CERT encourages users to review Adobe Knowledgebase Article kb403079 and apply the update as soon as possible.


    Apple QuickTime Update

    added February 7, 2008 at 10:07 am

    Apple has released QuickTime 7.4.1 to address a vulnerability in QuickTime.  By convincing a user to visit a malicious web site, an attacker may be able to execute arbitrary code or cause a denial of service condition.

    More information about this vulnerability is located in the Vulnerability Notes Database.

    US-CERT encourages users to apply the appropriate updates as soon as possible.