Current Activity Calendar

	April 2008
Su	M	Tu	W	Th	F	Sa
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

Please click on a date above to see current activity for that day.

April 10, 2008 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*April 9*	Email Attack Circulating
*April 9*	Adobe Flash Player Vulnerabilities
*April 9*	IBM Lotus Notes Vulnerabilities
*April 8*	Microsoft Releases April Security Bulletin
*April 7*	Email Attack Targeting Microsoft's April Security Bulletin Release Cycle
*April 4*	RealPlayer Update Released
*April 4*	CA BrightStor ARCserve Backup Vulnerabilities
*April 4*	Cisco Unified Communication Disaster Recovery Framework Vulnerability
*April 3*	Microsoft Releases Advance Notification for April Security Bulletin
*April 3*	Opera 9.27 Released

Email Attack Circulating

added April 9, 2008 at 03:06 pm

US-CERT has seen reports of an email attack that is circulating. This attack is in the form of an email message with the subject line "Evacuation process has been started due to radiation leaks at San Clemente Nucklear Power Station." The message body states that the information is from a trusted news source and encourages users to follow a link to view a video. This link may direct users to a website hosting malicious code.

US-CERT encourages users to do the following to help mitigate the risk:

Install anti-virus software and keep its virus signature files up to date.
Do not follow unsolicited web links received in email messages.
Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

US-CERT will provide more information as it becomes available.

Adobe Flash Player Vulnerabilities

added April 9, 2008 at 07:34 am | updated April 9, 2008 at 10:36 am

Adobe has released Flash Player 9.0.124.0 to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code or conduct cross-site scripting attacks.

More information about these vulnerabilities can be found in Technical Cyber Security Alert TA08-100A.

US-CERT encourages users to review Adobe Security Bulletin APSB08-11 and upgrade to Flash Player 9.0.124.0 to help mitigate the risks.

IBM Lotus Notes Vulnerabilities

added April 9, 2008 at 08:57 am

IBM has released Technote 1298453 to address multiple vulnerabilities in Lotus Notes. These vulnerabilities are due to improper handling of the following file types:

Applix Presents (.ag)
Folio Flat File (.fff)
HTML speed reader (.htm)
KeyView document viewing engine
Text mail (MIME)

By convincing a user to open a specially crafted file attachment, an attacker may be able to execute arbitrary code.

US-CERT encourages users to review IBM Technote 1298453 and apply the appropriate updates or workarounds.

Microsoft Releases April Security Bulletin

added April 8, 2008 at 02:33 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, and Internet Explorer as part of the Microsoft Security Bulletin Summary for April 2008. These vulnerabilities could allow an attacker to execute arbitrary code, access the system with elevated privileges, or redirect internet traffic.

More information about these vulnerabilities can be found in Technical Cyber Security Alert TA08-099.

US-CERT encourages user to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Email Attack Targeting Microsoft's April Security Bulletin Release Cycle

added April 7, 2008 at 03:11 pm

US-CERT has seen reports of an email attack targeting Microsoft's April Security Bulletin release cycle. This attack arrives via email messages with the subject line "Critical Patch Released: Microsoft Security Bulletin MS08-64738." These email messages contain a link to a fraudulent Microsoft Update web site that hosts malicious code or contains an attachment that is embedded with malicious code. Users who follow the link or open the attachment may become infected with a Trojan.

US-CERT encourages users to do the following to help mitigate the risks:

Install anti-virus software and keep its virus signature files up to date.
Do not follow unsolicited web links received in email messages.
Verify web sites recommended in email by manually typing their URLs. Do not link directly to web sites recommended in an email.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
Follow the guidance provided in the Recognize and avoid fraudulent e-mail to Microsoft customers document from Microsoft.

RealPlayer Update Released

added April 4, 2008 at 02:35 pm

RealPlayer has released an update to address an ActiveX vulnerability. This vulnerability is due to improper handling of multiple properties of the RealPlayer ActiveX control (rmoc3260.dll). Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. At this time, US-CERT has seen reports of active exploitation of this vulnerability.

US-CERT encourages users to do the following to help mitigate the risk:

Update RealPlayer to protect against known attack vectors.
Review US-CERT Vulnerability Note VU#831457 for more information and workarounds.
Review the Securing Your Web Browser document and disable ActiveX controls.

US-CERT will provide more information as it becomes available.

CA BrightStor ARCserve Backup Vulnerabilities

added April 4, 2008 at 11:36 am

CA has released updates to address multiple vulnerabilities in BrightStor ARCserve Backup and other CA products. These vulnerabilities are due to boundary errors within the CA Alert Notification Server service. These vulnerabilities may allow a local attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to review the CA Security Notice for Alert Notification Server for a complete list of affected products and apply any necessary updates.

Cisco Unified Communication Disaster Recovery Framework Vulnerability

added April 4, 2008 at 08:23 am

Cisco has released a patch to address a vulnerability in the Unified Communication Disaster Recovery Framework. This vulnerability is due to improper authentication of requests received over the network. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, gain control of the affected system, obtain and modify system configuration parameters, or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Cisco advisory cisco-sa-20080403-drf and apply the patch or use the workarounds.

Microsoft Releases Advance Notification for April Security Bulletin

added April 3, 2008 at 01:47 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that its April release cycle will contain eight bulletins, five of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Office, and Internet Explorer. There will also be three important bulletins for Microsoft Windows and Office. The release is scheduled for Tuesday, April 8.

US-CERT will provide additional information as it becomes available.

Opera 9.27 Released

added April 3, 2008 at 10:35 am

Opera Software has released Opera 9.27 to address multiple vulnerabilities. These vulnerabilities are cause by errors that occur when the user is prompted to add newsfeeds and by issues in the processing of HTML CANVAS elements. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to review Opera knowledgebase advisories 881 and 882 and upgrade to Opera 9.27 to help mitigate the risks.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory