Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
October 2008
 Right Arrow
Su M Tu W Th F Sa
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    October 16, 2008 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    October 16Adobe Releases Security Bulletin for Flash Player
    October 15Oracle Releases Critical Patch Update for October 2008
    October 14Microsoft Updates Security Advisory 951306
    October 14Microsoft Releases October Security Bulletin
    October 10CA ARCserve Backup Vulnerabilities
    October 10Apple Releases Security Update 2008-007
    October 9Microsoft Releases Advance Notification for October Security Bulletin
    October 8Cisco Releases Advisory for Cisco Unity
    October 8Opera Software Releases Opera Version 9.60
    October 8Multiple Web Browsers Affected by Clickjacking


    Adobe Releases Security Bulletin for Flash Player

    added October 16, 2008 at 12:38 pm

    Adobe has released a Security Bulletin to address multiple security issues in Flash Player. Some of these issues may allow an attacker to conduct clickjacking types of attacks that could enable the camera or microphone through Flash Player. Additional information about clickjacking attacks can be found in a recently posted Current Activity entry.

    US-CERT encourages users and administrators to review the Adobe Security Bulletin and upgrade to Flash Player version 10.0.12.36 to help mitigate the risks.


    Oracle Releases Critical Patch Update for October 2008

    added October 15, 2008 at 09:14 am

    Oracle has released their Critical Patch Update for October 2008 to address 36 vulnerabilities across several products. This update contains the following security fixes:

    • 15 updates for Oracle Database Suite
    • 6 updates for Oracle Application Server
    • 4 updates for Oracle E-Business Suite and Applications
    • 5 updates for Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
    • 6 Updates for BEA Product Suite
    US-CERT encourages users and administrators to review the Critical Patch Update for October 2008 and apply any necessary updates.


    Microsoft Updates Security Advisory 951306

    added October 14, 2008 at 01:53 pm

    In April 2008, Microsoft released Security Advisory 951306 to alert users of a vulnerability in Microsoft Windows. This vulnerability may allow local users, or users who can legitimately run code in the context of IIS or SQL Server, to operate with elevated privileges. Recently, Microsoft Security Response Center (MSRC) posted several blog entries indicating that the Security Advisory was updated to reflect the availability of public exploit code. A patch or update is not available to correct this issue.

    US-CERT encourages users and administrators to do the following to help mitigate the risks:


    Microsoft Releases October Security Bulletin

    added October 14, 2008 at 01:39 pm

    Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Host Integration Server, and Office as part of the Microsoft Security Bulletin Summary for October 2008. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information or operate with elevated privileges.

    US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.


    CA ARCserve Backup Vulnerabilities

    added October 10, 2008 at 10:11 am

    CA has released a Security Notice to address multiple vulnerabilities in CA ARCserve Backup. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

    US-CERT encourages users and administrators to review the Security Notice and apply any necessary updates to help mitigate the risks.


    Apple Releases Security Update 2008-007

    added October 10, 2008 at 09:44 am

    Apple has released Security Update 2008-007 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site request forgery or cross-site scripting attacks, cause a denial-of-service condition, or operate with escalated privileges.

    US-CERT encourages users and administrators to review Apple Article HT3216 and apply any necessary updates to help mitigate the risks.


    Microsoft Releases Advance Notification for October Security Bulletin

    added October 9, 2008 at 03:06 pm

    Microsoft has issued a Security Bulletin Advance Notification indicating that its October release cycle will contain 11 bulletins, four of which will have the severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Internet Explorer, Host Integration Server, and Office. There will also be six Important bulletins for Microsoft Windows. The remaining bulletin, for Microsoft Windows, will have the severity rating of Moderate. Release of these bulletins is scheduled for Tuesday, October 14.

    US-CERT will provide additional information as it becomes available.


    Cisco Releases Advisory for Cisco Unity

    added October 8, 2008 at 02:37 pm

    Cisco Security Advisory cisco-sa-20081008-unity was released to address a vulnerability in Cisco Unity, a voice and unified messaging platform. This vulnerability may allow an attacker to view and alter configuration parameters of the Cisco Unity server.

    US-CERT encourages users to do the following:


    Opera Software Releases Opera Version 9.60

    added October 8, 2008 at 11:10 am

    Opera Software has released Opera version 9.60 to address two vulnerabilities. The first vulnerability is due to improper validation of URLs. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. The second vulnerability is due to unsafe storage of cached Java applets. Exploitation of this vulnerability may allow an attacker to obtain sensitive information or escape other normal restrictions.

    US-CERT encourages users and administrators to review Opera Advisory 901 and 902 and upgrade to version 9.60 to help mitigate the risks.


    Multiple Web Browsers Affected by Clickjacking

    added September 26, 2008 at 03:28 pm | updated October 8, 2008 at 09:27 am

    US-CERT is aware of public reports of a new cross-browser exploit technique called "clickjacking." According to one of the reports, clickjacking gives an attacker the ability to trick a user into clicking on something only barely or momentarily noticeable. Therefore, if a user clicks on a web page, they may actually be clicking on content from another page. A separate report indicates that this flaw affects most web browsers and that no fix is available, but that disabling browser scripting and plug-ins may help mitigate some of the risks.

    An additional report suggests that Firefox users consider using the NoScript plug-in as an added preventative measure. Disabling IFRAMEs, active content, and plug-ins by default, as outlined in the Securing Your Web Browser document, may protect against the vulnerability. Note, disabling IFRAMES, active content, and plug-ins may reduce the functionality of some websites.

    US-CERT encourages users to review the report and follow the security recommendations as described in the Securing Your Web Browser document to help mitigate some of the risks. Website developers may want to incorporate additional authentication techniques, such as capchas, out-of-band email verification, or other methods to verify sensitive web transactions.

    US-CERT will provide additional information as it becomes available.