September 10, 2008 - Current Activity

U.S. Presidential Election and Phishing Scams

Throughout the United States presidential election campaigns, US-CERT has received reports of phishing scams and email attacks related to the upcoming election. US-CERT reminds users to remain cautious when receiving unsolicited email messages that are related to the presidential election and presidential candidates because the messages may be part of a phishing scam.

US-CERT encourages users to do the following to help mitigate the risks:

• Use caution when opening unsolicited email messages.
• Do not follow unsolicited web links found in email messages.
• Use caution when entering sensitive information online.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Apple Releases Security Updates

Apple has released four security updates to address multiple vulnerabilities in iTunes, QuickTime, iPod touch, and Bonjour for Windows. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct DNS cache poisoning attacks, spoof or hijack TCP sessions, access the system with escalated privileges, or obtain sensitive information.

US-CERT encourages users and administrators to review the following Apple Security Articles and apply any necessary updates:

• iTunes 8.0 (Article: HT3025)
• QuickTime 7.5.5 (Article: HT3027)
• iPod Touch v2.1 (Article: HT3026)
• Bonjour for Windows 1.0.5 (Article: HT2990)

Microsoft Releases September Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, and Visual Studio as part of the Microsoft Security Bulletin Summary for September 2008. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Google Releases Chrome Version 0.2.149.29

Google has released Chrome version 0.2.149.29 to address multiple vulnerabilities. The four vulnerabilities are due to the following:

1. a buffer overflow condition in the handling of filenames displayed in the "Save As" dialog
2. a buffer overflow condition in the handling of link targets displayed in the status area when a user hovers over a link
3. an out-of-bounds memory read error when parsing URLs ending with :%
4. a default configuration that allows files to be downloaded to the desktop without prompting the user first

WordPress Releases Version 2.6.2

WordPress has released version 2.6.2 to address multiple vulnerabilities. These vulnerabilities are due to SQL column truncation and weaknesses in random number generation. Combined, these vulnerabilities may allow an attacker to reset a user's password and possibly predict the newly generated password. Exploitation of these vulnerabilities could permit an attacker to gain access to a system running WordPress with open registration enabled under the context of a legitimate user.

US-CERT encourages users to review the WordPress Blog entry related to these issues and upgrade to version 2.6.2 as necessary.

Exploit Code Available for CitectSCADA Vulnerability

In June, US-CERT published Vulnerability Note VU#476345 to alert users of a vulnerability affecting Citect CitectSCADA. This vulnerability is due to a buffer overflow condition in the handling of ODBC requests from clients. Exploit code for this vulnerability is publicly available and exploitation may allow an attacker to execute arbitrary code.

US-CERT encourages users to review Vulnerability Note VU#476345 and apply the patch as described in the document.

Cisco Releases Advisory and Security Response

Cisco has released a Cisco Security Advisory to address multiple vulnerabilities in Cisco PIX and ASA. These vulnerabilities may allow an attacker to cause a denial-of-service condition or obtain sensitive information. Additionally, Cisco has released a Security Response to address a vulnerability in Cisco Secure ACS. This vulnerability may allow an attacker to cause a denial-of-service condition on the affected system.

US-CERT encourages users to review Cisco Security Advisory cisco-sa-20080903-asa, review Cisco Security Response document 107443, and apply any necessary workarounds or updates listed in those documents to help mitigate the risks.

Microsoft Releases Advance Notification for September Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its September release cycle will contain four bulletins, all of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, and Visual Studio. Release of these bulletins is scheduled for Tuesday, September 9.

US-CERT will provide additional information as it becomes available.

FCC Releases Public Notice about Phishing Scam

The Federal Communications Commission (FCC) has released a public notice alerting users of a potential phishing attack. The notice indicates that non-government entities may be using websites to misdirect regulatory fee payers to an illegitimate website in an attempt to obtain their financial information.

US-CERT encourages users to review the FCC public notice (pdf) and refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Novell Releases Update for iPrint Vulnerability

Novell has released an update to address multiple vulnerabilities in iPrint. These vulnerabilities are due to the following:

• multiple buffer overflow conditions within the Novell iPrint ActiveX control (ienipp.ocx)
• multiple buffer overflow conditions within nipplib.dll
• an insecure "GetFileList()" method