Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
March 2008
 Right Arrow
Su M Tu W Th F Sa
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    March 10, 2008 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    March 10Trojan Exploiting Microsoft Excel Vulnerability
    March 7GNOME Evolution Vulnerability
    March 6Sun Java SE Updates
    March 6Microsoft Releases Advance Notification for March Security Bulletin
    March 5Increased Traffic to 7100/udp
    February 28Opera Releases Update
    February 28Final Netscape Navigator Release
    February 27Symantec Releases Security Advisory
    February 27Mozilla Releases Security Advisory
    February 26Microsoft Windows CE Trojan


    Trojan Exploiting Microsoft Excel Vulnerability

    added March 10, 2008 at 03:25 pm

    US-CERT is aware of public reports of a trojan that may exploit a vulnerability in Microsoft Excel. This trojan is circulating through email messages that contain attached Excel files. Known file names for these attachments are OLYMPIC.XLS and SCHEDULE.XLS. These files may also contain Windows binary executables that can compromise an affected system.

    US-CERT encourage users to do the following to help mitigate the risk:

    • Review Microsoft Security Advisory 947563 for workarounds.
    • Do not open unsolicited or untrusted email messages.
    • Use caution when opening email attachments.
    • Block executable files and unknown file types at the email gateway.
    • Install anti-virus software, and keep its virus signature files up-to-date.
    • Review the US-CERT Cyber Security Tip - Using Caution with Email Attachments.
    US-CERT will provide more information as it becomes available.


    GNOME Evolution Vulnerability

    added March 7, 2008 at 09:18 am

    US-CERT is aware of a vulnerability in GNOME Evolution. This vulnerability, which is caused by a format string error in the "emf_multipart_encrypted()" function in mail/em-format.c, occurs when displaying data from an encrypted email message. By convincing a user to select a specially crafted email message, a remote, authenticated attacker may be able to execute arbitrary code.

    US-CERT encourages users and administrators to apply updates as soon as possible. Administrators who compile Evolution from source should refer to GNOME Bug ID 520745; others should refer to their operating system vendor for updated software.

    US-CERT will provide more information as it becomes available.


    Sun Java SE Updates

    added March 6, 2008 at 09:00 am | updated March 6, 2008 at 04:22 pm

    Sun has released updates for Java SE. These updates address multiple vulnerabilities in Java Web Start, Java JDK, Java JRE, and Java SDK. These vulnerabilities may allow a remote attacker to execute arbitrary code, bypass security restrictions, or cause a denial-of-service condition.

    US-CERT encourages users to review the following Sun Alerts and apply any necessary updates:

    • Sun Alert 233321 - Two Security Vulnerabilities in the Java Runtime Environment Virtual Machine
    • Sun Alert 233322 - Security Vulnerability in the Java Runtime Environment with the Processing of XSLT Transformations
    • Sun Alert 233323 - Multiple Security Vulnerabilities in Java Web Start May Allow an Untrusted Application to Elevate Privileges
    • Sun Alert 233324 - A Security Vulnerability in the Java Plug-in May Allow an Untrusted Applet to Elevate Privileges
    • Sun Alert 233325 - Vulnerabilities in the Java Runtime Environment image Parsing Library
    • Sun Alert 233326 - Security Vulnerability in the Java Runtime Environment May Allow Untrusted JavaScript Code to Elevate Privileges through Java APIs
    • Sun Alert 233327 - Buffer Overflow Vulnerability in Java Web Start May Allow an Untrusted Application to Elevate its Privileges
    More information regarding the Java SE vulnerabilities can be found in Technical Cyber Security Alert TA08-066A.

    US-CERT will provide additional information as it becomes available.


    Microsoft Releases Advance Notification for March Security Bulletin

    added March 6, 2008 at 04:00 pm

    Microsoft has issued Security Bulletin Advance Notification indicating that its March release cycle will contain four bulletins, all of which will have the severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Office and Office Web components. The release is scheduled for Tuesday, March 11, 2008.

    US-CERT will provide additional information as it becomes available.


    Increased Traffic to 7100/udp

    added March 5, 2008 at 09:57 am

    US-CERT is aware of a dramatic increase in inbound traffic to port 7100/udp over the past 48 hours.

    7100/udp is used by multiple applications, most commonly X Font Server. X Font Server provides a mechanism for the X server to communicate with a font renderer and is commonly used on the X Window System. This increase in traffic is unusual as remote access to the X Font Server is not typically required for normal operations

    US-CERT encourages administrators to block inbound traffic to port 7100/udp at the network perimeter. Please note, proper risk and impact analysis procedures should be followed prior to taking defensive measures.

    US-CERT is currently investigating the nature of this activity and will provide updates as needed. 


    Opera Releases Update

    added February 28, 2008 at 10:52 am

    Opera has released version 9.26 for Windows. This version addresses multiple vulnerabilities in the Opera web browser. These vulnerabilities may allow an attacker to trick users into uploading arbitrary files or execute arbitrary scripts in the wrong security context.

    US-CERT encourages users to review the Opera 9.26 for Windows changelog and upgrade to Opera 9.26.

    US-CERT will provide more information as it becomes available.


    Final Netscape Navigator Release

    added February 28, 2008 at 10:39 am

    Netscape has released Netscape Navigator 9.0.0.6. This release addresses multiple vulnerabilities. This is the last release for Netscape Navigator. Support will be discontinued on March 1, 2008.

    US-CERT encourages users to review the release notes and upgrade to Netscape Navigator 9.0.0.6.


    Symantec Releases Security Advisory

    added February 27, 2008 at 08:01 am

    Symantec has released a security advisory addressing multiple vulnerabilities in various Symantec AntiVirus products.  These vulnerabilities are due to errors in the way that Symantec Decomposer handles .RAR files.  These vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

    US-CERT encourages users to review Symantec Security Advisory SYM08-006, apply the update, and follow the best security practices provided in the advisory.

    US-CERT will provide more information as it becomes available.


    Mozilla Releases Security Advisory

    added February 27, 2008 at 08:01 am

    Mozilla has released a security advisory to address a vulnerability in Thunderbird and SeaMonkey.  This vulnerability is due to an error in the way that external-body MIME types are handled.  By convincing a user to view a specially crafted email message, an unauthenticated, remote attacker may be able to execute arbitrary code.

    US-CERT encourages users to review Mozilla Foundation Security Advisory 2008-12 and upgrade to Thunderbird 2.0.0.12 or SeaMonkey 1.1.8.

    US-CERT will provide more information as it becomes available.


    Microsoft Windows CE Trojan

    added February 26, 2008 at 10:04 am

    US-CERT is aware of reports of a trojan that affects Microsoft Windows CE. This trojan disables Windows Mobile application installation security.

    The trojan may take any or all of the following actions on the mobile device:

    • spreads via seemingly legitimate application installation files
    • installs as an autorun program on the memory card
    • installs itself to the device when an infected memory card is inserted
    • protects itself from deletion by copying itself back to disk
    • replaces the browser's homepage
    • allows unsigned applications to install without warning
    US-CERT encourages users to take the following preventative measures to help mitigate the security risks:
    • Install anti-virus software on the mobile device, and keep its virus signature files up-to-date.
    • Use caution when downloading and installing applications.
    US-CERT will continue to provide more information as it becomes available.