Current Activity Calendar

	August 2009
Su	M	Tu	W	Th	F	Sa
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

Please click on a date above to see current activity for that day.

August 05, 2009 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*August 5*	Sun Releases Update 15 for Java SE 6
*August 4*	Mozilla Releases Firefox 3.0.13 and Firefox 3.5.2
*August 4*	Apple Releases iPhone OS 3.0.1
*July 31*	Adobe Releases Security Updates for Reader and Acrobat
*July 31*	Adobe Releases Shockwave Player Update and Flash Player Update
*July 30*	Cisco Releases Security Advisory for IOS Software Vulnerabilities
*July 29*	Internet Systems Consortium BIND 9 Vulnerability
*July 29*	Microsoft Releases Two Out-of-Band Security Bulletins and a Security Advisory
*July 27*	Cisco Releases Security Advisory for Vulnerabilities in Cisco Wireless LAN Controllers
*July 27*	Microsoft Releases Advance Notification for Out-of-Band Security Bulletins

Sun Releases Update 15 for Java SE 6

added August 5, 2009 at 11:19 am

Sun has released update 15 for the Java SE JDK 6 and the Java SE JRE 6 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, or bypass authentication methods.

US-CERT encourages users and administrators to review the Java SE 6 Update 15 release notes and apply any necessary updates to help mitigate the risks.

Mozilla Releases Firefox 3.0.13 and Firefox 3.5.2

added August 3, 2009 at 10:00 am | updated August 4, 2009 at 08:41 am

The Mozilla Foundation has released Firefox 3.0.13 and Firefox 3.5.2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, display misleading SSL information about a web page, intercept and modify encrypted communication, execute arbitrary JavaScript with chrome privileges, or cause a denial-of-service condition.

US-CERT encourages users to review the Mozilla Foundation security advisories for Firefox 3.0 and Firefox 3.5 and apply any necessary updates or workarounds to help mitigate the risks.

US-CERT will provide more information as it becomes available.

Apple Releases iPhone OS 3.0.1

added August 4, 2009 at 08:04 am

Apple has released iPhone OS 3.0.1 to address a vulnerability in the CoreTelephony component. By sending a specially crafted SMS message to a user, an attacker may be able to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users review Apple article HT3754 and apply any necessary updates to help mitigate the risk.

Adobe Releases Security Updates for Reader and Acrobat

added July 31, 2009 at 02:32 pm

Adobe has released Reader 9.1.3 and Acrobat 9.1.3 to address a vulnerability. By convincing a user to open a PDF document embedded with a specially crafted SWF file, an attacker may be able to execute arbitrary code.

US-CERT encourages users and administrators to review Adobe security bulletin APSB09-10 and apply any necessary updates to help mitigate the risks. Additional information regarding this vulnerability can be found in US-CERT Technical Cyber Security Alert TA09-204A.

Adobe Releases Shockwave Player Update and Flash Player Update

added July 29, 2009 at 10:12 am | updated July 31, 2009 at 02:21 pm

Adobe has released Shockwave Player 11.5.1.601 because previous versions used a vulnerable version of the Microsoft Active Template Library (ATL). Additionally, Adobe has released Flash Player 10.0.22.87 and 9.0.246.0 to address the ATL issue and additional vulnerabilities in Flash Player. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review Adobe security bulletins APSB09-11 and APSB09-10 and apply any necessary updates to help mitigate the risks. Additional information can be found in the Adobe PSIRT blog and in Adobe security advisory APSA09-04.

Cisco Releases Security Advisory for IOS Software Vulnerabilities

added July 30, 2009 at 10:33 am

Cisco has released a security advisory to address multiple vulnerabilities in IOS Software. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition when handling specific Border Gateway Protocol (BGP) updates. The advisory indicates that these vulnerabilities affect only Cisco IOS Software with support for four-octet AS number space and BGP routing configured.

US-CERT encourages users and administrators to review Cisco Security Advisory cisco-sa-20090729-bgp and apply any necessary updates to help mitigate the risks.

Internet Systems Consortium BIND 9 Vulnerability

added July 29, 2009 at 08:51 am

The Internet Systems Consortium (ISC) has released BIND versions 9.4.3-P3, 9.5.1-P3, and 9.6.1-P1 to address a vulnerability. By sending a specially crafted dynamic update packet to an affected BIND 9 server, a remote, unauthenticated attacker may be able to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Internet Systems Consortium advisory and apply any necessary updates to help mitigate the risks. Additional information can be found in the Vulnerability Notes Database.

Microsoft Releases Two Out-of-Band Security Bulletins and a Security Advisory

added July 28, 2009 at 01:18 pm | updated July 29, 2009 at 07:55 am

Microsoft has released two out-of-band security bulletins. The first bulletin, MS09-034, is a cumulative security update for Internet Explorer that addresses several vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code. The second bulletin, MS09-035, addresses vulnerabilities in the Visual Studio Active Template Library (ATL). Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

Additionally, Microsoft has released security advisory 973882 to provide specific guidance for developers, IT professionals, consumers, and home users regarding the vulnerabilities in Active Template Library (ATL).

US-CERT encourages users and administrators to review Microsoft Security Bulletins MS09-034 and MS09-035 and Microsoft Security Advisory 973882 and apply any necessary updates or workarounds to help mitigate the risks. Additional information can be found in Technical Cyber Security Alert TA09-209A.

Cisco Releases Security Advisory for Vulnerabilities in Cisco Wireless LAN Controllers

added July 27, 2009 at 02:59 pm

Cisco has released a security advisory to address multiple vulnerabilities in Wireless LAN Controllers. The advisory addresses the following:

Malformed HTTP or HTTPS authentication response denial-of-service vulnerability.
SSH connections denial-of-service vulnerability.
Crafted HTTP or HTTPS request denial-of-service vulnerability.
Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability.

Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition or gain full control over the Wireless LAN Controller.

US-CERT encourages users and administrators to review Cisco Security Advisory cisco-sa-20090727-wlc and apply any necessary updates or workarounds to help mitigate the risks.

Microsoft Releases Advance Notification for Out-of-Band Security Bulletins

added July 27, 2009 at 10:57 am

Microsoft has issued a Security Bulletin Advance Notification indicating that it will be releasing two out-of-band security bulletins. The first bulletin will address issues with Internet Explorer and has the severity rating of critical. The second bulletin will address issues with Visual Studio and has the severity rating of moderate. The notification states that release of these bulletins is scheduled for July 28, 2009.

US-CERT will provide additional information as it becomes available.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory