Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
March 2008
 Right Arrow
Su M Tu W Th F Sa
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    March 13, 2008 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    March 13Compromised Websites Redirect Users to Malicious Websites
    March 12Cisco Releases Security Advisory to Address Multiple Vulnerabilities
    March 12Adobe Releases Security Bulletins to Address Multiple Vulnerabilities
    March 11RealPlayer ActiveX Vulnerability
    March 11Microsoft Releases March Security Bulletin
    March 11Trojan Exploiting Microsoft Excel Vulnerability
    March 7GNOME Evolution Vulnerability
    March 6Sun Java SE Updates
    March 6Microsoft Releases Advance Notification for March Security Bulletin
    March 5Increased Traffic to 7100/udp


    Compromised Websites Redirect Users to Malicious Websites

    added March 13, 2008 at 12:04 pm

    US-CERT has seen reports of an attack that has compromised a large number of legitimate websites. The reports indicate that attackers are modifying the sites and embedding JavaScript code. Users who visit one of these infected websites may be unknowingly redirected to a malicious websites. These malicious websites may then attempt to exploit known vulnerabilities for which patches are available but have not yet been applied to the victim's system.

    US-CERT reminds users to regularly apply software updates and patches provided by vendors to help mitigate the risk of this and similar type attacks. Users are also encouraged to disable JavaScript and ActiveX as described in the Securing Your Web Browser document.

    US-CERT will provide more information as it becomes available.


    Cisco Releases Security Advisory to Address Multiple Vulnerabilities

    added March 12, 2008 at 03:50 pm

    Cisco has released Security Advisory cisco-sa-20080312-ucp to address multiple vulnerabilities in the Cisco Secure Access Control Server for Windows User-Changeable Password (UCP) application. These vulnerabilities are due to buffer overflow conditions and improper sanitization of input passed to CSuserCGI.exe. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code.

    US-CERT encourages users to review Cisco Security Advisory cisco-sa-20080312-ucp and apply any necessary updates.

    US-CERT will provide more information as it becomes available.


    Adobe Releases Security Bulletins to Address Multiple Vulnerabilities

    added March 12, 2008 at 03:50 pm

    Adobe has issued six security bulletins to address multiple vulnerabilities in the following Adobe products:

    • Adobe Reader 8.1.2 for Unix
    • ColdFusion MX 7 and ColdFusion 8
    • Adobe Form Designer 5.0 and Adobe Form Client 5.0 Components
    • LiveCycle Workflow 6.2
    These vulnerabilities may allow an attacker to do the following:
    • Execute arbitrary code
    • Escalate privileges
    • Manipulate data
    • Bypass security settings
    • Conduct cross-site scripting attacks
    US-CERT encourages users to review the Adobe Security Bulletins and apply updates as necessary.

    US-CERT will provide more information as it becomes available.


    RealPlayer ActiveX Vulnerability

    added March 11, 2008 at 09:51 am | updated March 11, 2008 at 02:14 pm

    US-CERT is aware of reports of a vulnerability in RealPlayer. This vulnerability is due to improper handling of the "Console" property in the RealPlayer ActiveX control (rmoc3260.dll). Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.

    US-CERT encourages users to do the following to help mitigate the risk:

    • Review US-CERT Vulnerability Note VU#831457.
    • Review Microsoft Support Document 240797 and set kill bits for the following CLSIDs:
            {0FDF6D6B-D672-463B-846E-C6FF49109662}
            {224E833B-2CC6-42D9-AE39-90B6A38A4FA2}
            {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}
            {3B46067C-FD87-49B6-8DDD-12F0D687035F}
            {3B5E0503-DE28-4BE8-919C-76E0E894A3C2}
            {44CCBCEB-BA7E-4C99-A078-9F683832D493}
            {A1A41E11-91DB-4461-95CD-0C02327FD934}
            {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}
    US-CERT will provide more information as it becomes available.


    Microsoft Releases March Security Bulletin

    added March 11, 2008 at 01:54 pm

    Microsoft has released updates to address vulnerabilities in Microsoft Excel, Outlook, Office, and Office Web Components as part of the Microsoft Security Bulletin Summary for March 2008. All of these vulnerabilities could allow an attacker to execute arbitrary code.

    US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine which updates should be applied.


    Trojan Exploiting Microsoft Excel Vulnerability

    added March 10, 2008 at 03:25 pm | updated March 11, 2008 at 01:39 pm

    US-CERT is aware of public reports of a trojan that may exploit a vulnerability in Microsoft Excel. This trojan is circulating through email messages that contain attached Excel files. Known file names for these attachments are OLYMPIC.XLS and SCHEDULE.XLS. These files may also contain Windows binary executables that can compromise an affected system.

    US-CERT encourage users to do the following to help mitigate the risk:

    • Review Microsoft Security Bulletin MS08-014 and apply any necessary updates.
    • Do not open unsolicited or untrusted email messages.
    • Use caution when opening email attachments.
    • Block executable files and unknown file types at the email gateway.
    • Install anti-virus software, and keep its virus signature files up-to-date.
    • Review the US-CERT Cyber Security Tip - Using Caution with Email Attachments.
    US-CERT will provide more information as it becomes available.


    GNOME Evolution Vulnerability

    added March 7, 2008 at 09:18 am

    US-CERT is aware of a vulnerability in GNOME Evolution. This vulnerability, which is caused by a format string error in the "emf_multipart_encrypted()" function in mail/em-format.c, occurs when displaying data from an encrypted email message. By convincing a user to select a specially crafted email message, a remote, authenticated attacker may be able to execute arbitrary code.

    US-CERT encourages users and administrators to apply updates as soon as possible. Administrators who compile Evolution from source should refer to GNOME Bug ID 520745; others should refer to their operating system vendor for updated software.

    US-CERT will provide more information as it becomes available.


    Sun Java SE Updates

    added March 6, 2008 at 09:00 am | updated March 6, 2008 at 04:22 pm

    Sun has released updates for Java SE. These updates address multiple vulnerabilities in Java Web Start, Java JDK, Java JRE, and Java SDK. These vulnerabilities may allow a remote attacker to execute arbitrary code, bypass security restrictions, or cause a denial-of-service condition.

    US-CERT encourages users to review the following Sun Alerts and apply any necessary updates:

    • Sun Alert 233321 - Two Security Vulnerabilities in the Java Runtime Environment Virtual Machine
    • Sun Alert 233322 - Security Vulnerability in the Java Runtime Environment with the Processing of XSLT Transformations
    • Sun Alert 233323 - Multiple Security Vulnerabilities in Java Web Start May Allow an Untrusted Application to Elevate Privileges
    • Sun Alert 233324 - A Security Vulnerability in the Java Plug-in May Allow an Untrusted Applet to Elevate Privileges
    • Sun Alert 233325 - Vulnerabilities in the Java Runtime Environment image Parsing Library
    • Sun Alert 233326 - Security Vulnerability in the Java Runtime Environment May Allow Untrusted JavaScript Code to Elevate Privileges through Java APIs
    • Sun Alert 233327 - Buffer Overflow Vulnerability in Java Web Start May Allow an Untrusted Application to Elevate its Privileges
    More information regarding the Java SE vulnerabilities can be found in Technical Cyber Security Alert TA08-066A.

    US-CERT will provide additional information as it becomes available.


    Microsoft Releases Advance Notification for March Security Bulletin

    added March 6, 2008 at 04:00 pm

    Microsoft has issued Security Bulletin Advance Notification indicating that its March release cycle will contain four bulletins, all of which will have the severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Office and Office Web components. The release is scheduled for Tuesday, March 11, 2008.

    US-CERT will provide additional information as it becomes available.


    Increased Traffic to 7100/udp

    added March 5, 2008 at 09:57 am

    US-CERT is aware of a dramatic increase in inbound traffic to port 7100/udp over the past 48 hours.

    7100/udp is used by multiple applications, most commonly X Font Server. X Font Server provides a mechanism for the X server to communicate with a font renderer and is commonly used on the X Window System. This increase in traffic is unusual as remote access to the X Font Server is not typically required for normal operations

    US-CERT encourages administrators to block inbound traffic to port 7100/udp at the network perimeter. Please note, proper risk and impact analysis procedures should be followed prior to taking defensive measures.

    US-CERT is currently investigating the nature of this activity and will provide updates as needed.