August 12, 2008 - Current Activity

Microsoft Releases August Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Outlook Express, Windows Mail, and Windows Messenger as part of the Microsoft Security Bulletin Summary for August 2008. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information.

US-CERT encourages users to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Webex Meeting Manager ActiveX Control Vulnerability

US-CERT is aware of public reports of a vulnerability that affects Webex Meeting Manager. This vulnerability is due to improper handling of arguments passed to the "NewObject()" method within the WebexUCFObject ActiveX control (atucfobj.dll). By convincing a user to visit a specially crafted web page, a remote attacker may be able to execute arbitrary code.

Public reports indicate that Webex has addressed this issue in Meeting Manager version 20.2008.2606.4919. US-CERT encourages users to upgrade to this version or set the kill bit for CLSID 32E26FD9-F435-4A20-A561-35D4B987CFDC. Information about how to set a kill bit can be found in Microsoft Support Article 240797.

Microsoft Releases Advanced Notification for August Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that the August release cycle will contain 12 bulletins, seven of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Office, and Internet Explorer. There will also be five important bulletins for Microsoft Windows, Office, Outlook Express, Windows Mail, and Windows Messenger. Release of these bulletins is scheduled for Tuesday, August 12.

US-CERT will provide additional information as it becomes available.

Malware Circulating via Spam Messages

US-CERT is aware of public reports of malware spreading via spam. It has been reported that malware is spreading in spam messages related to the upcoming Olympics and to fake CNN news reports. If a user clicks the link to one of these fake news reports they are prompted to install a Flash Player update. If users attempt to install the update, malware may be downloaded and installed onto their system.

US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks:

• Install anti-virus software, and keep its virus signature files up-to-date.
• Do not follow unsolicited web links received in email messages.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Oracle Releases Patch for WebLogic Plug-in Vulnerability

Oracle has released a patch to address a previously disclosed vulnerability in the WebLogic plug-in for Apache. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to consider applying the patch and workarounds referenced in the Oracle Security Advisory and in Vulnerability Note VU#716387.

Malware Targeting Adobe Flash Player

Adobe has issued a Security Bulletin warning of malware spreading via a fraudulent Flash Player installer. Adobe warns that a worm is making fraudulent posts on social networking sites. These posts include links that lead to fake sites that prompt users to update their versions of Flash Player. If users attempt to use the installer to make the update, malware may be downloaded and installed onto their systems.

US-CERT urges users and administrators to take the following preventative measures to help mitigate the security risks:

• Do not follow unsolicited web links.
• Configure your web browser as described in the Securing Your Web Browser document.
• Install anti-virus software, and keep its virus signature files up-to-date.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

CA ARCserve Backup for Laptops and Desktops Server vulnerability

US-CERT is aware of a vulnerability that affects CA ARCserve Backup for Laptops and Desktops. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition on the server.

More information regarding this vulnerability can be found in the CA Security Advisory "Security Notice for CA ARCserve Backup for Laptops and Desktops Server LGServer" document.

US-CERT recommends that users upgrade to the latest versions to help mitigate the security risks.

Internet System Consortium releases BIND -P2 patches

The Internet System Consortium has released updates for BIND to address performance and stability issues.

US-CERT recommends that administrators of this product apply the respective patches for BIND 9.5.0-P2, BIND 9.4.2-P2 and BIND 9.3.5-P2 or check with their software vendor for updated versions.

Apple Releases Security Update 2008-005

Apple has released Security Update 2008-005 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to conduct DNS cache poisoning attacks, execute arbitrary code, cause a denial-of-service condition, or access the affected system with elevated privileges. Please note that this update addresses recent issues with weaknesses in common DNS implementations; see Vulnerability Note VU#800113 for additional information.

US-CERT encourages users to review Apple Article HT2647 and apply any necessary updates as soon as possible to help mitigate the risks.

Airline E-ticket Email Attack

US-CERT is aware of public reports indicating that a new email attack is circulating. This attack uses email messages that appear to be from legitimate airlines and contain information about a bogus e-ticket. These email messages instruct the user to open the attachment to obtain the e-ticket. If a user opens this attachment, a file may be executed to infect the user's system with malicious code.

Reports, including a posting by Sophos, indicate that these messages have the following characteristics. Please note that these attributes may change at any time.

• The subject line "E-Ticket#XXXXXXXXXX"
• An attachment named "eTicket#XXXX.zip"

• Install anti-virus software, and keep its virus signature file up to date.
• Do not open attachments in unsolicited email messages.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.