Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
July 2009
 Right Arrow
Su M Tu W Th F Sa
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    July 13, 2009 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    July 13Microsoft Releases Security Advisory 973472
    July 13VMware Releases Security Advisory VMSA-2009-0009 and Updates Security Advisory VMSA-2009-0008.1
    July 10WordPress Releases Version 2.8.1
    July 9Microsoft Releases Advance Notification for July Security Bulletin
    July 9FCKeditor Releases Version 2.6.4.1
    July 9Apple Releases Safari 4.0.2
    July 6Microsoft Releases Security Advisory 972890
    June 30Mozilla Foundation Releases Firefox 3.5
    June 26Spam, Phishing, and Malicious Code Related to Recent Celebrity Deaths
    June 24Adobe Releases Update for Shockwave Player


    Microsoft Releases Security Advisory 973472

    added July 13, 2009 at 11:20 am

    Microsoft has released Security Advisory 973472 to alert users about a vulnerability in Microsoft Office Web Components. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code. The advisory indicates that Microsoft is aware of attacks attempting to exploit the vulnerability.

    US-CERT encourages users and administrators to review Microsoft Security Advisory 973472 and implement the workaround listed in the advisory. This workaround will help mitigate the risks until a patch or update is released by the vendor.

    US-CERT will provide additional information as it becomes available.


    VMware Releases Security Advisory VMSA-2009-0009 and Updates Security Advisory VMSA-2009-0008.1

    added July 13, 2009 at 08:58 am

    VMware has released security advisory VMSA-2009-0009 to address multiple vulnerabilities involving the udev, sudo, and curl packages of the ESX Service Console. These vulnerabilities may allow an attacker to execute arbitrary requests to an affected intranet server, read or overwrite files, or gain elevated privileges on the affected system.

    Additionally, VMware has updated security advisory VMSA-2009-0008.1. This advisory addresses a vulnerability in the krb5 package of the ESX Service Console. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

    US-CERT encourages users and administrators to review VMware security advisories VMSA-2009-0009 and VMSA-2009-0008.1 and apply any necessary workarounds or updates to help mitigate the risks.


    WordPress Releases Version 2.8.1

    added July 10, 2009 at 02:20 pm

    WordPress has released version 2.8.1 to address multiple vulnerabilities.

    US-CERT encourages users to review the WordPress Blog entry related to these issues and upgrade to version 2.8.1 as necessary.


    Microsoft Releases Advance Notification for July Security Bulletin

    added July 9, 2009 at 01:58 pm

    Microsoft has issued a Security Bulletin Advance Notification indicating that the July release cycle will contain six bulletins, three of which will have a severity rating of critical. The notification states that these critical bulletins are for Microsoft Windows. There will also be three important bulletins for Microsoft Office, Virtual PC and Virtual Server, and ISA Server. Release of these bulletins is scheduled for Tuesday, July 14.

    US-CERT will provide additional information as it becomes available.


    FCKeditor Releases Version 2.6.4.1

    added July 6, 2009 at 12:37 pm | updated July 9, 2009 at 11:39 am

    The FCKeditor project has released FCKeditor version 2.6.4.1 to address a vulnerability. This vulnerability is due to improper verification of input passed to the "CurrentFolder" parameter. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

    Additionally, FCKeditor is part of Adobe ColdFusion 8 and is enabled by default. The Adobe Product Security Incident Response Team (PSIRT) has posted a blog entry indicating that they are aware of public reports of ColdFusion websites being targeted for exploitation of this vulnerability.

    US-CERT encourages users and administrators to upgrade to FCKeditor version 2.6.4.1 to help mitigate the risks. ColdFusion 8 users should review Adobe security bulletin APSB09-09 and apply the hotfix to help mitigate the risks.


    Apple Releases Safari 4.0.2

    added July 9, 2009 at 10:42 am

    Apple has released Safari 4.0.2 to address multiple vulnerabilities in the WebKit component of Safari. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site scripting attacks, or cause a denial-of-service condition. These vulnerabilities affect Safari running on both the Mac OS X and Windows platforms.

    US-CERT encourages users to review Apple article HT3666 and upgrade to Safari 4.0.2 to help mitigate the risks.


    Microsoft Releases Security Advisory 972890

    added July 6, 2009 at 01:57 pm | updated July 6, 2009 at 05:06 pm

    Microsoft has released Security Advisory 972890 to alert users about a vulnerability in Microsoft Video ActiveX Control. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. The advisory also indicates that Microsoft is aware of attacks attempting to exploit the vulnerability.

    US-CERT encourages users and administrators to review Microsoft Security Advisory 972890 and implement the workaround listed in the advisory. This workaround will help mitigate the risks until a patch or update is released by the vendor.

    Additional information regarding this vulnerability can be found in Technical Cyber Security Alert TA09-187A. US-CERT will provide additional information as it becomes available.


    Mozilla Foundation Releases Firefox 3.5

    added June 30, 2009 at 11:49 am

    Mozilla Foundation has released Firefox 3.5. The Mozilla Foundation lists multiple security enhancements including improved anti-phishing, anti-malware, and privacy protection.

    US-CERT encourages users and administrators to review the Firefox 3.5 release notes and  features and upgrade to Firefox 3.5 as necessary.


    Spam, Phishing, and Malicious Code Related to Recent Celebrity Deaths

    added June 26, 2009 at 10:44 am

    US-CERT is aware of public reports of an increased number of spam campaigns, phishing attacks, and malicious code targeting the recent deaths of Michael Jackson and Farrah Fawcett. These email messages may attempt to gain user information through phishing attacks or by recording email addresses if the user replies to the message. Additionally, email messages may contain malicious code or may contain a link to a seemingly legitimate website containing malicious code.

    US-CERT would like to remind users to remain cautious when receiving unsolicited email. Users are encouraged to take the following measures to protect themselves from these types of attacks:


    Adobe Releases Update for Shockwave Player

    added June 24, 2009 at 07:54 am

    Adobe has released Shockwave Player 11.5.0.600 to address a vulnerability. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

    US-CERT encourages users and administrators to review Adobe security bulletin APSB09-08 and update to Shockwave Player 11.5.0.600 to help mitigate the risks.