Current Activity Calendar

	April 2008
Su	M	Tu	W	Th	F	Sa
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

Please click on a date above to see current activity for that day.

April 08, 2008 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*April 8*	Microsoft Releases April Security Bulletin
*April 7*	Email Attack Targeting Microsoft's April Security Bulletin Release Cycle
*April 4*	RealPlayer Update Released
*April 4*	CA BrightStor ARCserve Backup Vulnerabilities
*April 4*	Cisco Unified Communication Disaster Recovery Framework Vulnerability
*April 3*	Microsoft Releases Advance Notification for April Security Bulletin
*April 3*	Opera 9.27 Released
*April 3*	Apple Releases QuickTime 7.4.5
*April 1*	PayPal Phishing Attack
*April 1*	Macrovision InstallShield ActiveX Vulnerability

Microsoft Releases April Security Bulletin

added April 8, 2008 at 02:33 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, and Internet Explorer as part of the Microsoft Security Bulletin Summary for April 2008. These vulnerabilities could allow an attacker to execute arbitrary code, access the system with elevated privileges, or redirect internet traffic.

More information about these vulnerabilities can be found in Technical Cyber Security Alert TA08-099.

US-CERT encourages user to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Email Attack Targeting Microsoft's April Security Bulletin Release Cycle

added April 7, 2008 at 03:11 pm

US-CERT has seen reports of an email attack targeting Microsoft's April Security Bulletin release cycle. This attack arrives via email messages with the subject line "Critical Patch Released: Microsoft Security Bulletin MS08-64738." These email messages contain a link to a fraudulent Microsoft Update web site that hosts malicious code or contains an attachment that is embedded with malicious code. Users who follow the link or open the attachment may become infected with a Trojan.

US-CERT encourages users to do the following to help mitigate the risks:

Install anti-virus software and keep its virus signature files up to date.
Do not follow unsolicited web links received in email messages.
Verify web sites recommended in email by manually typing their URLs. Do not link directly to web sites recommended in an email.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
Follow the guidance provided in the Recognize and avoid fraudulent e-mail to Microsoft customers document from Microsoft.

RealPlayer Update Released

added April 4, 2008 at 02:35 pm

RealPlayer has released an update to address an ActiveX vulnerability. This vulnerability is due to improper handling of multiple properties of the RealPlayer ActiveX control (rmoc3260.dll). Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. At this time, US-CERT has seen reports of active exploitation of this vulnerability.

US-CERT encourages users to do the following to help mitigate the risk:

Update RealPlayer to protect against known attack vectors.
Review US-CERT Vulnerability Note VU#831457 for more information and workarounds.
Review the Securing Your Web Browser document and disable ActiveX controls.

US-CERT will provide more information as it becomes available.

CA BrightStor ARCserve Backup Vulnerabilities

added April 4, 2008 at 11:36 am

CA has released updates to address multiple vulnerabilities in BrightStor ARCserve Backup and other CA products. These vulnerabilities are due to boundary errors within the CA Alert Notification Server service. These vulnerabilities may allow a local attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to review the CA Security Notice for Alert Notification Server for a complete list of affected products and apply any necessary updates.

Cisco Unified Communication Disaster Recovery Framework Vulnerability

added April 4, 2008 at 08:23 am

Cisco has released a patch to address a vulnerability in the Unified Communication Disaster Recovery Framework. This vulnerability is due to improper authentication of requests received over the network. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, gain control of the affected system, obtain and modify system configuration parameters, or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Cisco advisory cisco-sa-20080403-drf and apply the patch or use the workarounds.

Microsoft Releases Advance Notification for April Security Bulletin

added April 3, 2008 at 01:47 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that its April release cycle will contain eight bulletins, five of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Office, and Internet Explorer. There will also be three important bulletins for Microsoft Windows and Office. The release is scheduled for Tuesday, April 8.

US-CERT will provide additional information as it becomes available.

Opera 9.27 Released

added April 3, 2008 at 10:35 am

Opera Software has released Opera 9.27 to address multiple vulnerabilities. These vulnerabilities are cause by errors that occur when the user is prompted to add newsfeeds and by issues in the processing of HTML CANVAS elements. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to review Opera knowledgebase advisories 881 and 882 and upgrade to Opera 9.27 to help mitigate the risks.

Apple Releases QuickTime 7.4.5

added April 3, 2008 at 08:54 am

Apple has released QuickTime 7.4.5 to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code or obtain sensitive information.

US-CERT encourages users to review Apple knowledgebase article HT1241 and upgrade to Quicktime 7.4.5 to help mitigate the risks.

PayPal Phishing Attack

added April 1, 2008 at 10:22 am

US-CERT has seen reports of a phishing attack that targets PayPal users. The attack arrives via an unsolicited email message containing an HTML attachment. The message indicates that the attachment is a verification form intended to offer the user protection from fraudulent activity. Users who open the attachment are instructed to enter their email address and PayPal password. This information is then sent to an attacker.

US-CERT encourages users to do the following to help mitigate the risks:

Install anti-virus software and keep virus signatures up to date.
Do not open unsolicited email messages.
Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Macrovision InstallShield ActiveX Vulnerability

added April 1, 2008 at 10:21 am

US-CERT has seen reports of a vulnerability in Macrovision InstallShield. This vulnerability is due to an error in the One-Click Install ActiveX control for InstallScript projects. This ActiveX control is used for loading DLL files. If a user visits a specially crafted website, a maliciously crafted DLL file may be loaded onto the user's system, allowing an attacker to execute arbitrary code.

US-CERT encourages users to do the following to help mitigate the risks:

Review Macrovision Knowledge Base article Q113640 and apply the appropriate hotfix.
Set the kill bit for CLSID {53D40FAA-4E21-459f-AA87-E4D97FC3245A}.
Disable ActiveX as described in the Securing Your Web Browser document.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory