Current Activity Calendar

	March 2008
Su	M	Tu	W	Th	F	Sa
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

Please click on a date above to see current activity for that day.

March 06, 2008 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*March 6*	Sun Java SE Updates
*March 6*	Microsoft Releases Advance Notification for March Security Bulletin
*March 5*	Increased Traffic to 7100/udp
*February 28*	Opera Releases Update
*February 28*	Final Netscape Navigator Release
*February 27*	Symantec Releases Security Advisory
*February 27*	Mozilla Releases Security Advisory
*February 26*	Microsoft Windows CE Trojan
*February 25*	VMware Releases Security Alert
*February 22*	Novell iPrint Client Vulnerability

Sun Java SE Updates

added March 6, 2008 at 09:00 am | updated March 6, 2008 at 04:22 pm

Sun has released updates for Java SE. These updates address multiple vulnerabilities in Java Web Start, Java JDK, Java JRE, and Java SDK. These vulnerabilities may allow a remote attacker to execute arbitrary code, bypass security restrictions, or cause a denial-of-service condition.

US-CERT encourages users to review the following Sun Alerts and apply any necessary updates:

Sun Alert 233321 - Two Security Vulnerabilities in the Java Runtime Environment Virtual Machine
Sun Alert 233322 - Security Vulnerability in the Java Runtime Environment with the Processing of XSLT Transformations
Sun Alert 233323 - Multiple Security Vulnerabilities in Java Web Start May Allow an Untrusted Application to Elevate Privileges
Sun Alert 233324 - A Security Vulnerability in the Java Plug-in May Allow an Untrusted Applet to Elevate Privileges
Sun Alert 233325 - Vulnerabilities in the Java Runtime Environment image Parsing Library
Sun Alert 233326 - Security Vulnerability in the Java Runtime Environment May Allow Untrusted JavaScript Code to Elevate Privileges through Java APIs
Sun Alert 233327 - Buffer Overflow Vulnerability in Java Web Start May Allow an Untrusted Application to Elevate its Privileges

More information regarding the Java SE vulnerabilities can be found in Technical Cyber Security Alert TA08-066A.

US-CERT will provide additional information as it becomes available.

Microsoft Releases Advance Notification for March Security Bulletin

added March 6, 2008 at 04:00 pm

Microsoft has issued Security Bulletin Advance Notification indicating that its March release cycle will contain four bulletins, all of which will have the severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Office and Office Web components. The release is scheduled for Tuesday, March 11, 2008.

US-CERT will provide additional information as it becomes available.

Increased Traffic to 7100/udp

added March 5, 2008 at 09:57 am

US-CERT is aware of a dramatic increase in inbound traffic to port 7100/udp over the past 48 hours.

7100/udp is used by multiple applications, most commonly X Font Server. X Font Server provides a mechanism for the X server to communicate with a font renderer and is commonly used on the X Window System. This increase in traffic is unusual as remote access to the X Font Server is not typically required for normal operations

US-CERT encourages administrators to block inbound traffic to port 7100/udp at the network perimeter. Please note, proper risk and impact analysis procedures should be followed prior to taking defensive measures.

US-CERT is currently investigating the nature of this activity and will provide updates as needed.

Opera Releases Update

added February 28, 2008 at 10:52 am

Opera has released version 9.26 for Windows. This version addresses multiple vulnerabilities in the Opera web browser. These vulnerabilities may allow an attacker to trick users into uploading arbitrary files or execute arbitrary scripts in the wrong security context.

US-CERT encourages users to review the Opera 9.26 for Windows changelog and upgrade to Opera 9.26.

US-CERT will provide more information as it becomes available.

Final Netscape Navigator Release

added February 28, 2008 at 10:39 am

Netscape has released Netscape Navigator 9.0.0.6. This release addresses multiple vulnerabilities. This is the last release for Netscape Navigator. Support will be discontinued on March 1, 2008.

US-CERT encourages users to review the release notes and upgrade to Netscape Navigator 9.0.0.6.

Symantec Releases Security Advisory

added February 27, 2008 at 08:01 am

Symantec has released a security advisory addressing multiple vulnerabilities in various Symantec AntiVirus products. These vulnerabilities are due to errors in the way that Symantec Decomposer handles .RAR files. These vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to review Symantec Security Advisory SYM08-006, apply the update, and follow the best security practices provided in the advisory.

US-CERT will provide more information as it becomes available.

Mozilla Releases Security Advisory

added February 27, 2008 at 08:01 am

Mozilla has released a security advisory to address a vulnerability in Thunderbird and SeaMonkey. This vulnerability is due to an error in the way that external-body MIME types are handled. By convincing a user to view a specially crafted email message, an unauthenticated, remote attacker may be able to execute arbitrary code.

US-CERT encourages users to review Mozilla Foundation Security Advisory 2008-12 and upgrade to Thunderbird 2.0.0.12 or SeaMonkey 1.1.8.

US-CERT will provide more information as it becomes available.

Microsoft Windows CE Trojan

added February 26, 2008 at 10:04 am

US-CERT is aware of reports of a trojan that affects Microsoft Windows CE. This trojan disables Windows Mobile application installation security.

The trojan may take any or all of the following actions on the mobile device:

spreads via seemingly legitimate application installation files
installs as an autorun program on the memory card
installs itself to the device when an infected memory card is inserted
protects itself from deletion by copying itself back to disk
replaces the browser's homepage
allows unsigned applications to install without warning

US-CERT encourages users to take the following preventative measures to help mitigate the security risks:

Install anti-virus software on the mobile device, and keep its virus signature files up-to-date.
Use caution when downloading and installing applications.

US-CERT will continue to provide more information as it becomes available.

VMware Releases Security Alert

added February 25, 2008 at 09:07 am

VMware has released a security alert in response to a vulnerability in Windows-hosted VMware Workstation, VMware Player, and VMware ACE. This vulnerability exists in the host-to-guest shared folders feature and allows applications running in the guest operating system to access the host operating system's file system. Exploitation of this vulnerability may allow an attacker to circumvent the controls on the guest system and gain read and write access to the host file system.

US-CERT encourages users to review VMware knowledge base article 1004034 and apply the workarounds.

US-CERT will provide additional information as it becomes available.

Novell iPrint Client Vulnerability

added February 22, 2008 at 08:02 am

Novell has released an update to address a vulnerability in iPrint Client for Windows. This vulnerability is due to a buffer overflow in the"ExecuteRequest()" method of the "ienipp.ocx" ActiveX control. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system.

US-CERT encourages users to review Novell document 5008420 and apply the appropriate update for their system.

US-CERT will provide more information as it becomes available.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory