Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
July 2009
 Right Arrow
Su M Tu W Th F Sa
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    July 20, 2009 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    July 17Mozilla Firefox 3.5 Vulnerability
    July 14Oracle Releases Critical Patch Update for July 2009
    July 14Microsoft Releases July Security Bulletin
    July 14Microsoft Releases Security Advisory 973472
    July 13VMware Releases Security Advisory VMSA-2009-0009 and Updates Security Advisory VMSA-2009-0008.1
    July 10WordPress Releases Version 2.8.1
    July 9Microsoft Releases Advance Notification for July Security Bulletin
    July 9FCKeditor Releases Version 2.6.4.1
    July 9Apple Releases Safari 4.0.2
    July 6Microsoft Releases Security Advisory 972890


    Mozilla Firefox 3.5 Vulnerability

    added July 14, 2009 at 08:38 am | updated July 17, 2009 at 08:00 am

    The Mozilla Foundation has released Firefox 3.5.1 to address a vulnerability. This vulnerability is due to an error in the way the Just-in-Time (JIT) compiler returns from native functions. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

    US-CERT encourages users and administrators to review Mozilla Foundation Security Advisory 2009-41 and upgrade to Firefox 3.5.1 or apply the suggested workaround provided in the advisory. Additional information can also be found in the Vulnerability Notes Database.


    Oracle Releases Critical Patch Update for July 2009

    added July 14, 2009 at 04:08 pm

    Oracle has released its Critical Patch Update for July 2009 to address 30 vulnerabilities across several products. This update contains the following security fixes:

    • 10 for the Oracle Database Server
    • 2 for Oracle Secure Backup
    • 2 for the Oracle Application Server
    • 5 for Oracle Applications
    • 2 for Oracle Enterprise Manager
    • 3 for the Oracle PeopleSoft and JDEdwards Suite
    • 1 for the Oracle Siebel Suite
    • 5 for the Oracle BEA Products Suite
    US-CERT encourages users and administrators to review the July Critical Patch Update and apply any necessary updates.


    Microsoft Releases July Security Bulletin

    added July 14, 2009 at 01:17 pm

    Microsoft has released an update to address vulnerabilities in Microsoft Windows, Virtual PC, Virtual Server, ISA Server, and Office as part of the Microsoft Security Bulletin Summary for July 2009. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.

    US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.


    Microsoft Releases Security Advisory 973472

    added July 13, 2009 at 11:20 am | updated July 14, 2009 at 08:37 am

    Microsoft has released Security Advisory 973472 to alert users about a vulnerability in Microsoft Office Web Components. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code. The advisory indicates that Microsoft is aware of attacks attempting to exploit the vulnerability.

    US-CERT encourages users and administrators to review Microsoft Security Advisory 973472 and implement the suggested workaround. Additionally, a Microsoft Fix it tool has been released to assist users in mitigating the risks associated with this vulnerability.

    US-CERT will provide additional information as it becomes available.


    VMware Releases Security Advisory VMSA-2009-0009 and Updates Security Advisory VMSA-2009-0008.1

    added July 13, 2009 at 08:58 am

    VMware has released security advisory VMSA-2009-0009 to address multiple vulnerabilities involving the udev, sudo, and curl packages of the ESX Service Console. These vulnerabilities may allow an attacker to execute arbitrary requests to an affected intranet server, read or overwrite files, or gain elevated privileges on the affected system.

    Additionally, VMware has updated security advisory VMSA-2009-0008.1. This advisory addresses a vulnerability in the krb5 package of the ESX Service Console. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

    US-CERT encourages users and administrators to review VMware security advisories VMSA-2009-0009 and VMSA-2009-0008.1 and apply any necessary workarounds or updates to help mitigate the risks.


    WordPress Releases Version 2.8.1

    added July 10, 2009 at 02:20 pm

    WordPress has released version 2.8.1 to address multiple vulnerabilities.

    US-CERT encourages users to review the WordPress Blog entry related to these issues and upgrade to version 2.8.1 as necessary.


    Microsoft Releases Advance Notification for July Security Bulletin

    added July 9, 2009 at 01:58 pm

    Microsoft has issued a Security Bulletin Advance Notification indicating that the July release cycle will contain six bulletins, three of which will have a severity rating of critical. The notification states that these critical bulletins are for Microsoft Windows. There will also be three important bulletins for Microsoft Office, Virtual PC and Virtual Server, and ISA Server. Release of these bulletins is scheduled for Tuesday, July 14.

    US-CERT will provide additional information as it becomes available.


    FCKeditor Releases Version 2.6.4.1

    added July 6, 2009 at 12:37 pm | updated July 9, 2009 at 11:39 am

    The FCKeditor project has released FCKeditor version 2.6.4.1 to address a vulnerability. This vulnerability is due to improper verification of input passed to the "CurrentFolder" parameter. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

    Additionally, FCKeditor is part of Adobe ColdFusion 8 and is enabled by default. The Adobe Product Security Incident Response Team (PSIRT) has posted a blog entry indicating that they are aware of public reports of ColdFusion websites being targeted for exploitation of this vulnerability.

    US-CERT encourages users and administrators to upgrade to FCKeditor version 2.6.4.1 to help mitigate the risks. ColdFusion 8 users should review Adobe security bulletin APSB09-09 and apply the hotfix to help mitigate the risks.


    Apple Releases Safari 4.0.2

    added July 9, 2009 at 10:42 am

    Apple has released Safari 4.0.2 to address multiple vulnerabilities in the WebKit component of Safari. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site scripting attacks, or cause a denial-of-service condition. These vulnerabilities affect Safari running on both the Mac OS X and Windows platforms.

    US-CERT encourages users to review Apple article HT3666 and upgrade to Safari 4.0.2 to help mitigate the risks.


    Microsoft Releases Security Advisory 972890

    added July 6, 2009 at 01:57 pm | updated July 6, 2009 at 05:06 pm

    Microsoft has released Security Advisory 972890 to alert users about a vulnerability in Microsoft Video ActiveX Control. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. The advisory also indicates that Microsoft is aware of attacks attempting to exploit the vulnerability.

    US-CERT encourages users and administrators to review Microsoft Security Advisory 972890 and implement the workaround listed in the advisory. This workaround will help mitigate the risks until a patch or update is released by the vendor.

    Additional information regarding this vulnerability can be found in Technical Cyber Security Alert TA09-187A. US-CERT will provide additional information as it becomes available.