Current Activity Calendar

	March 2009
Su	M	Tu	W	Th	F	Sa
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

Please click on a date above to see current activity for that day.

March 27, 2009 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*March 26*	Sun Releases Updates for Java SE
*March 26*	OpenSSL Releases Security Advisory
*March 25*	Cisco Releases Multiple Security Advisories for IOS Vulnerabilities
*March 23*	Sun Releases Alert for Java System Identity Manager Vulnerabilities
*March 18*	Adobe Releases Security Bulletin
*March 18*	Autonomy KeyView SDK Vulnerability
*March 17*	Waledac Trojan Horse Spam Campaign Circulating
*March 11*	Adobe Releases Security Updates for Reader 9 and Acrobat 9
*March 10*	New Attack Vectors for Adobe JBIG2 Vulnerability
*March 10*	Microsoft Releases March Security Bulletin Summary

Sun Releases Updates for Java SE

added March 26, 2009 at 08:54 am

Sun has released updates for Java SE to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with escalated privileges.

US-CERT encourages users to review the Sun Java SE 6 Update Release Notes and upgrade to Java SE version 1.6.0_13 to help mitigate the risks.

OpenSSL Releases Security Advisory

added March 26, 2009 at 08:36 am

OpenSSL has released a security advisory to address multiple vulnerabilities. These vulnerabilities may allow an attacker to cause a denial-of-service condition or bypass security restrictions in affected applications.

US-CERT encourages users and administrators to review the OpenSSL security advisory. Because OpenSSL is widely redistributed, users should check for updates from their operating system vendors and vendors of other products using OpenSSL. Users of OpenSSL from the original source distribution should upgrade to OpenSSL 0.9.8k.

Cisco Releases Multiple Security Advisories for IOS Vulnerabilities

added March 25, 2009 at 03:41 pm

Cisco has released multiple security advisories to address vulnerabilities in IOS Software. These vulnerabilities may allow an attacker to cause a denial-of-service condition, interfere with network traffic, or operate with escalated privileges.

US-CERT encourages users and administrators to review the following Cisco security advisories and apply any necessary workarounds or updates to help mitigate the risks.

cisco-sa-20090325-udp : Cisco IOS Software Multiple Features Crafted UDP Packet Vulnerability
cisco-sa-20090325-tcp : Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability
cisco-sa-20090325-ip : Cisco IOS Software Multiple Features IP Sockets Vulnerability
cisco-sa-20090325-webvpn : Cisco IOS Software WebVPN and SSLVPN Vulnerabilities
cisco-sa-20090325-mobileip : Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities
cisco-sa-20090325-scp : Cisco IOS Software Secure Copy Privilege Escalation Vulnerability
cisco-sa-20090325-sip : Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
cisco-sa-20090325-ctcp : Cisco IOS cTCP Denial of Service Vulnerability

Sun Releases Alert for Java System Identity Manager Vulnerabilities

added March 23, 2009 at 12:24 pm

Sun Microsystems has released an alert to address multiple vulnerabilities in the Java System Identity Manager. These vulnerabilities may allow an attacker to execute arbitrary commands, conduct cross-site scripting attacks, modify configuration settings, or obtain sensitive information.

US-CERT encourages users and administrators to review Sun Alert 253567 and apply any necessary patches.

Adobe Releases Security Bulletin

added March 18, 2009 at 04:39 pm

Adobe has released security bulletin APSB09-04 to address multiple vulnerabilities, one of which is the JBIG2 vulnerability originally addressed in security advisory APSA09-01 and security bulletin APSB09-03. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to review Adobe security bulletin APSB09-04 and apply any necessary updates. Additional information regarding the JBIG2 vulnerability can be found in the Vulnerability Notes Database.

Autonomy KeyView SDK Vulnerability

added March 18, 2009 at 09:13 am

US-CERT is aware of reports of a vulnerability that affects the Autonomy KeyView SDK wp6sr.dll library. This library is used by certain products, including Lotus Notes and Symantec, to support the handling of Word Perfect documents. By convincing a user to open a specially crafted Word Perfect document with an application using the affected Autonomy KeyView SDK library, a remote attacker may be able to execute arbitrary code.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

IBM Lotus Notes users should review the IBM Flash Alert and implement the listed fixes or workarounds.
Symantec users should review Symantec Security Advisory SYM09-004 and implement the listed fixes or workarounds.
Registered Autonomy Users should review the related Autonomy alert (login required).

Waledac Trojan Horse Spam Campaign Circulating

added March 17, 2009 at 09:08 am

US-CERT is aware of public reports of malicious code circulating via spam email messages related to bogus terror attacks in the recipient's local area. These messages use subject lines implying that a fatal bomb attack has occurred near the recipient and contain a link to "breaking news." Users who click on the link will be taken to a site posing as a Reuters news article that contains a bogus news story about the fatal bomb attack. The systems serving the bogus news story check a visiting user's IP address to obtain a geographical location to insert a nearby placename into the bogus article. The articles also contain links to video content, claiming that the latest Flash Player is required to view the video. If users attempt to update or install the Flash Player from the link provided in the article, their systems may become infected with malicious code.

US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks:

Install antivirus software, and keep the virus signatures up to date.
Do not follow unsolicited links and do not open unsolicited email messages.
Use caution when visiting untrusted websites.
Use caution when downloading and installing applications.
Obtain software applications and updates directly from the vendor's website.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Adobe Releases Security Updates for Reader 9 and Acrobat 9

added March 11, 2009 at 09:45 am | updated March 11, 2009 at 11:18 am

Adobe has released Reader 9.1 and Acrobat 9.1 to address a vulnerability. This vulnerability is due to a buffer overflow condition that exists in the way Adobe Acrobat Reader handles JBIG2 streams. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Adobe has indicated that it is aware of reports of active exploitation.

US-CERT encourages users to review Adobe security bulletin APSB09-03 and update to Adobe Reader 9.1 and Acrobat 9.1. Additional information regarding this vulnerability is available in the Vulnerability Notes Database.

New Attack Vectors for Adobe JBIG2 Vulnerability

added March 10, 2009 at 04:52 pm

US-CERT is aware of public reports of two new attack vectors for a vulnerability affecting Adobe Reader and Acrobat. This vulnerability is due to a buffer overflow condition that exists in the way Adobe Acrobat Reader handles JBIG2 Streams.

When Adobe Reader is installed on a system, it adds an IFilter that allows applications such as the Windows Indexing Service to index PDF files. If the Windows Indexing Service processes a malicious PDF file stored on the system, the vulnerability can be exploited. Exploitation using this technique can require little to no user interaction.

In addition to adding an IFilter, the Adobe Acrobat and Reader installation process adds a Windows Explorer Shell Extension. If Windows Explorer displays a folder that contains a malicious PDF file, the vulnerability can be exploited. Exploitation using this technique also requires little to no user interaction.

US-CERT encourages users and administrators to incorporate the following workarounds to help mitigate the risks:

Locate and unregister the Adobe Reader IFilter using: regsvr32 /u AcroRdIF.dll
Locate and unregister the Adobe Acrobat IFilter using: regsvr32 /u AcroIF.dll
Disable Adobe Acrobat Windows Shell integration to help mitigate the risk. This can be disabled by executing the following command: regsvr32 /u "%CommonProgramFiles%\Adobe\Acrobat\ActiveX\pdfshell.dll"

Additional information about the Adobe Reader and Acrobat JBIG2 vulnerability can be found in the Vulnerability Notes Database.

US-CERT will provide additional information as it becomes available.

Microsoft Releases March Security Bulletin Summary

added March 10, 2009 at 01:30 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows as part of the Microsoft Security Bulletin Summary for March 2009. These vulnerabilities may allow an attacker to execute arbitrary code, redirect network traffic, or allow spoofing.

US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory