Current Activity Calendar

	February 2008
Su	M	Tu	W	Th	F	Sa
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28

Please click on a date above to see current activity for that day.

February 19, 2008 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*February 18*	Mozilla Firefox and Opera Vulnerability
*February 15*	Public Exploit Code for Microsoft Works Vulnerabilities
*February 14*	Email Attacks Circulating
*February 14*	Public Exploit for Local Linux Kernel Vulnerability
*February 14*	Adobe Flash Media Server Vulnerabilities
*February 13*	Cisco Releases Security Advisories for Vulnerabilities
*February 13*	Microsoft Releases February Security Bulletin
*February 12*	Apple Releases Security Updates for Multiple Vulnerabilities
*February 12*	Active Exploitation of Adobe Reader Vulnerabilities
*February 11*	Mozilla Firefox view-source Information Disclosure Vulnerability

Mozilla Firefox and Opera Vulnerability

added February 18, 2008 at 03:34 pm

US-CERT is aware of public reports of a vulnerability in Mozilla Firefox and Opera web browsers. This vulnerability is caused by improper handling of bitmap image files (.bmp). By sending a specially crafted bitmap image file to the browser, an attacker may be able to obtain sensitive information or cause a denial-of-service condition.

US-CERT encourages Mozilla Firefox users to upgrade to Firefox 2.0.0.12 and Opera users to upgrade to Opera 9.25.

US-CERT will provide more information as it becomes available.

Public Exploit Code for Microsoft Works Vulnerabilities

added February 15, 2008 at 08:37 am

US-CERT is aware of reports of publicly available exploit code for vulnerabilities in Microsoft Works 6 File Converter. By convincing a user to open a specially crafted Works file, an attacker may be able to execute arbitrary code on an affected system. This vulnerability was addressed in Microsoft Security Bulletin MS08-011.

US-CERT reminds users to review Microsoft Security Bulletin MS08-011 and apply any necessary updates or workarounds.

Email Attacks Circulating

added February 14, 2008 at 03:27 pm

US-CERT is aware of reports of several email attacks circulating.

The first of these attacks is related to the U.S. presidential election. The email contains a message indicating that there is a video of a candidate interview available and instructs users to follow a link to download the video. If a user clicks on this link, an executable file will be downloaded that contains the Trojan "Trojan.Srizbi."

The second attack is a phishing scam related to the U.S. Internal Revenue Service. Messages promising faster or larger refunds may request that users provide personal information or may contain links to phishing websites.

US-CERT encourages users to take the following preventative measures to mitigate the security risks:

Install anti-virus software and keep virus signature files up-to-date.
Do not follow unsolicited links.
Block executable and unknown file types at the email gateway.
Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Public Exploit for Local Linux Kernel Vulnerability

added February 14, 2008 at 11:53 am

US-CERT has received information that public exploit information is available for a vulnerability affecting Linux kernels 2.6.17 to 2.6.24.1. These kernel versions contain a buffer overflow vulnerability in the get_user_pages function which may allow an unprivileged local attacker to gain root privileges.

US-CERT encourages users to upgrade to Linux kernel version 2.6.24.2.

US-CERT will provide more information as it becomes available.

Adobe Flash Media Server Vulnerabilities

added February 14, 2008 at 09:33 am

Adobe has released Flash Media Server 2.0.5 to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to review the Flash Media Server 2.0.5 release notes and update to Flash Media Server 2.0.5 to help mitigate the risks.

US-CERT will provide more information as it becomes available.

Cisco Releases Security Advisories for Vulnerabilities

added February 13, 2008 at 03:17 pm

Cisco has released security advisories in response to multiple vulnerabilities.

Cisco Security Advisory cisco-sa-20080213-phone was released in response to vulnerabilities in Cisco Unified IP Phone. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

Cisco Security Advisory cisco-sa-20080213-cucmsql was released in response to a vulnerability in Cisco Unified Communications Manager. This vulnerability may allow an attacker to obtain sensitive information.

US-CERT encourages users to do the following:

Review Cisco Security Advisory cisco-sa-20080213-phone
Review Cisco Security Advisory cisco-sa-20080213-cucmsql
Apply software updates and workarounds provided by Cisco

More information will be provided as it becomes available.

Microsoft Releases February Security Bulletin

added February 12, 2008 at 01:55 pm | updated February 13, 2008 at 08:46 am

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Visual Basic, VBScript, JScript, Internet Explorer, IIS, Active Directory, ADAM, Office, Works, and Works Suite as part of the Microsoft Security Bulletin Summary for February 2008.

More information about these vulnerabilities can be found in Technical Cyber Security Alert TA08-043C and in the Vulnerability Notes Database.

US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Apple Releases Security Updates for Multiple Vulnerabilities

added February 12, 2008 at 09:40 am | updated February 12, 2008 at 04:08 pm

Apple has released Security Update 2008-001 and Mac OS X 10.5.2 to address multiple vulnerabilities in Mac OS X and related products. The impacts of these vulnerabilities include remote code execution, denial of service, and information disclosure.

US-CERT encourages users to apply the appropriate updates as soon as possible.

More information about these vulnerabilities is located in the Vulnerability Notes Database and in Technical Cyber Security Alert TA08-043B.

Active Exploitation of Adobe Reader Vulnerabilities

added February 11, 2008 at 11:41 am | updated February 12, 2008 at 09:40 am

US-CERT has received information that vulnerabilities affecting Adobe Reader are actively being exploited. These vulnerabilities are exploited through a maliciously crafted PDF file containing a variant of the Zonebac Trojan.

US-CERT strongly urges users to take the following steps:

Update to Adobe Reader 8.1.2.
Review Adobe Knowledgebase Article kb403079.
Disable the displaying of PDF documents in the web browser by performing the following steps:
1. Open Adobe Reader.
2. Open the Edit menu.
3. Choose the preferences option.
4. Choose the Internet section.
5. Un-check the "Display PDF in browser" check box.

More information about these vulnerabilities is located in the Vulnerability Notes Database and in Technical Cyber Security Alert TA08-043A.

US-CERT will continue to provide information as it becomes available.

Mozilla Firefox view-source Information Disclosure Vulnerability

added February 11, 2008 at 11:46 am

US-CERT is aware of public reports of a vulnerability in Mozilla Firefox 2.0.0.12. This vulnerability may allow an attacker to read files from the Firefox installation directory, which may include some add-ons.

US-CERT encourages users to install the NoScript add-on to help mitigate the risks and will provide more information as it becomes available.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory