Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
November 2008
 Right Arrow
Su M Tu W Th F Sa
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    November 03, 2008 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    November 3Sprint Nextel - Cogent Communications Depeering Issue
    November 3Worm Exploiting Microsoft MS08-067 Circulating
    October 31Adobe Releases Security Advisory for PageMaker 7
    October 31VMware Releases Security Advisory VMSA-2008-0017
    October 29OpenOffice.org Releases Two Security Bulletins
    October 27Microsoft Releases Security Advisory 958963
    October 27Microsoft Releases Out-of-Band Security Bulletin MS08-067
    October 23Cisco Releases Advisory for Cisco PIX and ASA
    October 23Microsoft Releases Advance Notification for Out-of-Band October Security Bulletin
    October 22Trend Micro OfficeScan Critical Patch Release


    Sprint Nextel - Cogent Communications Depeering Issue

    added November 3, 2008 at 06:27 pm

    On October 30, 2008, Sprint Nextel severed its peering relationship with Cogent Communications due to a contractual dispute. A temporary repeering between the two providers occurred on November 2, 2008. Please note that this repeering is only temporary and outstanding issues between Sprint Nextel and Cogent Communications still need to be addressed.

    As best practice, Internet Service Provider (ISP) diversity is recommended as stated in the NIST Special Publication 800-053A "Guide for Assessing the Security Controls in Federal Information Systems" Section CP-8. Organizations should ensure that critical mission/business functions are available through alternate telecommunications services if their primary service provider is unavailable.

    For the latest information from Sprint Nextel and Cogent Communications on this issue, please visit one of the following links:




    Worm Exploiting Microsoft MS08-067 Circulating

    added November 3, 2008 at 02:54 pm

    US-CERT is aware of public reports of a worm circulating that has the capability of exploiting the recently patched vulnerability described in Microsoft Security Bulletin MS08-067.

    US-CERT encourages users to do the following to help mitigate the risks:

    • Review Microsoft Security Bulletin MS08-067 and apply the update or workarounds listed.
    • Install antivirus software, and keep the virus signatures up to date.
    US-CERT will provide additional information as it becomes available.


    Adobe Releases Security Advisory for PageMaker 7

    added October 31, 2008 at 09:31 am

    Adobe has released a Security Advisory to address vulnerabilities in PageMaker 7.0.1 and 7.0.2. These vulnerabilities may allow an attacker to execute arbitrary code.

    US-CERT encourages users and administrators to review Adobe's Security Advisory ASPA08-10 and apply any necessary updates to help mitigate the risks. Note that the Adobe Security Advisory indicates that an additional vulnerability remains unaddressed by the update.


    VMware Releases Security Advisory VMSA-2008-0017

    added October 31, 2008 at 09:00 am

    VMware has released a Security Advisory indicating it has updated the ESX packages to address vulnerabilities in libxml2, ucd-snmp, and libtiff. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, spoof authenticated SNMPv3 packets, or cause a denial-of-service condition.

    US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2008-0017 and apply any necessary updates to help mitigate the risks.


    OpenOffice.org Releases Two Security Bulletins

    added October 29, 2008 at 11:38 am

    OpenOffice.org has released bulletins to address two vulnerabilities. These bulletins address heap-based buffer overflow vulnerabilities in the processing of WMF and EMF files. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

    US-CERT encourages users and administrators to review the following OpenOffice.org security bulletins and apply the resolutions provided by the vendor:


    Microsoft Releases Security Advisory 958963

    added October 27, 2008 at 08:16 pm

    Microsoft has released Security Advisory 958963 to alert users that exploit code is publicly available for the Windows Server Service vulnerability addressed in Microsoft Security Bulletin MS08-067. The advisory states that this exploit code has demonstrated arbitrary code execution on Windows 2000, XP and Server 2003.

    US-CERT encourages users and administrators to review Microsoft Security Advisory 958963 and apply the update or workarounds listed in Microsoft Security Bulletin MS08-067 to help mitigate the risks.

    Additional information regarding the Windows Server Service vulnerability is available in:


    Microsoft Releases Out-of-Band Security Bulletin MS08-067

    added October 23, 2008 at 01:08 pm | updated October 27, 2008 at 09:44 am

    Update: The Microsoft Security Response Center (MSRC) has posted a blog entry to provide additional information regarding the status of this vulnerability and the state of security update deployments. Users and administrators are encouraged to review the blog entry as it provides information about known malicious code targeting this vulnerability.

    Microsoft has released Security Bulletin MS08-067 to address a vulnerability in the Windows Server Service. This vulnerability is due to improper handling of specially crafted RPC requests. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code.

    US-CERT encourages users and administrators to review Microsoft Security Bulletin MS08-067 and apply any necessary updates to help mitigate the risks. Additional information is also available in Vulnerability Note VU#827267.


    Cisco Releases Advisory for Cisco PIX and ASA

    added October 23, 2008 at 07:59 am

    Cisco Security Advisory cisco-sa-20081022-asa was released to address multiple vulnerabilities in Cisco ASA and PIX. These vulnerabilities may allow an attacker to bypass authentication mechanisms or cause a denial-of-service condition.

    US-CERT encourages users and administrators to review Cisco Security Advisory cisco-sa-20081022-asa and apply any necessary updates or workarounds to help mitigate the risks.


    Microsoft Releases Advance Notification for Out-of-Band October Security Bulletin

    added October 23, 2008 at 07:47 am

    Microsoft has issued a Security Bulletin Advance Notification indicating the upcoming release of an out-of-band bulletin. The notification states that this is a Critical bulletin and is for Microsoft Windows. Release of this bulletin is scheduled for Thursday, October 23.

    US-CERT will provide additional information as it becomes available.


    Trend Micro OfficeScan Critical Patch Release

    added October 22, 2008 at 09:05 am

    Trend Micro has released a Critical Patch to address a vulnerability in OfficeScan. This vulnerability is due to a stack-based buffer overflow condition. By sending a specially crafted HTTP request containing form data to the server CGI module, an attacker may be able to execute arbitrary code on the affected system.

    US-CERT encourages users and administrators to review Trend Micro Critical Patch Release overview for Build 1374 and Build 3110 and apply any necessary updates to help mitigate the risks.