December 16, 2008 - Current Activity

Microsoft Releases Advance Notification

Microsoft has released a Security Bulletin Advance Notification indicating that an out-of-band Security Bulletin will be released. This bulletin will address a remote code execution vulnerability in Microsoft Internet Explorer. Release of this Bulletin is scheduled for Wednesday, December 17.

US-CERT encourages users to review the Security Bulletin Advance Notification and apply any necessary updates when they become available. Additional information about this vulnerability can be found in the Vulnerability Notes Database.

US-CERT will provide additional information as it becomes available.

Apple Releases Security Updates for Multiple Vulnerabilities

Apple has released Security Update 2008-008 and Mac OS X v10.5.6 to address multiple vulnerabilities in Mac OS X and related products. The impacts of these vulnerabilities include arbitrary code execution, privilege escalation, denial of service, or information disclosure.

US-CERT encourages users to review Apple article HT3338 and apply the appropriate updates.

Microsoft Releases Security Advisory (961051)

Microsoft has released Security Advisory 961051 to address reports of attacks against a new vulnerability in Internet Explorer 7. By convincing a user to view a specially crafted XML document, an attacker may be able to execute arbitrary code with the privileges of the user. Exploit code for this vulnerability is publicly available.

UPDATE: Microsoft indicates that Internet Explorer 5.01 Service Pack 4, Internet Explorer 6 Service Pack 1, Internet Explorer 6, and Internet Explorer 8 Beta 2 are potentially vulnerable.

US-CERT encourages users to review Microsoft Security Advisory 961051 and implement appropriate recommendations from the Suggested Actions section to help mitigate the risks.

Additional information is available in the Vulnerability Notes database. US-CERT will provide further details as they become available.

Airline Ticket Email Scam

US-CERT is aware of public reports of an email scam circulating that is targeting holiday travelers. The email messages related to this scam appear to come from legitimate major airlines and contain a .zip attachment.  This .zip attachment appears to contain a purchase invoice and flight ticket. If a user opens this attachment, malicious code may be installed on the system.

US-CERT encourages users to do the following to help mitigate the risks:

• Install antivirus software and keep the virus signatures up to date.
• Use caution when opening attachments.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

CA ARCserve Backup Vulnerability

CA has released a Security Notice and software patches to address a vulnerability in ACRserve Backup. This vulnerability is due to insufficient verification of client data. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code or crash the LDBserver service.

US-CERT encourages users to review the CA Security Notice and apply the appropriate patch to help mitigate the risks.

Microsoft Releases Security Advisory (960906)

Microsoft has released Security Advisory 960906 to address reports of a vulnerability in the WordPad Text Converter for Word 97 files. The advisory indicates that Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2 are affected by this vulnerability. Exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary code or obtain local user rights. Additionally, Microsoft indicates that they are aware of limited and targeted attacks using this vulnerability.

US-CERT encourages users to review Microsoft Security Advisory 960906 and implement any necessary Suggested Actions to help mitigate the risks.

US-CERT will provide additional information as it becomes available.

Microsoft Releases December Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Developer Tools and Software, and Server Software as part of the Microsoft Security Bulletin Summary for December 2008. These vulnerabilities may allow an attacker to execute arbitrary code or escalate privileges.

US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.

PHP 5.2.8 Released

The PHP Group has released PHP version 5.2.8 to address a vulnerability in the magic_quotes functionality. This vulnerability was introduced in PHP version 5.2.7. In addition to correcting this regression, PHP version 5.2.8 addresses a number of vulnerabilities that were originally addressed by version 5.2.7.

US-CERT encourages users to upgrade to PHP 5.2.8 or implement the workaround as described in the PHP 5.2.8 Release Announcement.

Malware Spreading via Social Networking Sites

US-CERT is aware of public reports of malware spreading via popular social networking sites. The reports indicate that this malware is spreading through spam email messages appearing to come from Myspace.com, Facebook.com, and Classmates.com. The email contains a message indicating that there is a YouTube video available and instructs the user to follow the link to view the video. If users click on this link, they will be prompted to update Adobe Flash Player. This update is not a legitimate Adobe Flash Player update--it is malicious code.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

• Install antivirus software and keep the virus signatures up to date.
• Do not follow unsolicited links.
• Use caution when downloading and installing applications.
• Obtain software applications and updates directly from the vendor's website.
• Configure your web browser as described in the Securing Your Web Browser document.
  
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Microsoft Releases Advanced Notification for December Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that the December release cycle will contain eight bulletins, six of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Internet Explorer, and Office. There will also be two Important bulletins for Microsoft Windows and Office. Release of these bulletins is scheduled for Tuesday, December 9.

US-CERT will provide additional information as it becomes available.