October 09, 2009 - Current Activity

Microsoft Releases Advance Notification for October Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its October release cycle will contain thirteen bulletins, eight of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Internet Explorer, Office, Silverlight, SQL Server, Developer Tools, and Forefront. There will also be five important bulletins for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, October 13.

US-CERT will provide additional information as it becomes available.

Adobe Releases Security Bulletin for Critical Vulnerability

Adobe has released security bulletin APSB09-15 to alert users of a critical vulnerability in Adobe Reader and Acrobat. Adobe indicates that it has received reports of active exploitation of this vulnerability. Release of an update for this vulnerability is scheduled for Tuesday, October 13.

US-CERT encourages users and administrators to take the following actions to help mitigate the risks:

• Review Adobe Security Bulletin APSB09-15.
• Disable JavaScript in Adobe Reader and Acrobat. Acrobat JavaScript can be disabled in the General preferences dialog (Edit, Preferences, JavaScript, and un-check "Enable Acrobat JavaScript").
  

Federal Bureau of Investigation Warns Public of Fraudulent Spam Email

The Federal Bureau of Investigation (FBI) has released information warning the public about fraudulent email messages purporting to come from the FBI or the Department of Homeland Security. These email messages contain a malicious attachment that claims to provide an intelligence report or bulletin, but in reality attempts to launch malware on the user's system.

More information regarding these messages can be found in the Federal Bureau of Investigation's New E-Scams and Warnings web site.

To help protect against this type of attack, US-CERT recommends that users avoid opening attachments contained in unsolicited email messages. Additional tips regarding email attachments can be found in the US-CERT Cyber Security Tip - Using Caution with Email Attachments.

Research in Motion Releases Security Advisory

Research in Motion has released a security advisory to address a vulnerability related to how null characters are displayed in a BlackBerry dialog box. This vulnerability may allow an attacker to trick users into believing that they are connecting to a trusted secure site.

US-CERT encourages users to review the BlackBerry security advisory KB19552 and apply any necessary updates.

Microsoft Releases Fix It for SMB Vulnerability

Microsoft has released Microsoft Knowledge Base Article 975497 to address a previously reported vulnerability in Microsoft Sever Message Block (SMB). This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Microsoft Knowledge Base Article 975497 and Microsoft Security Advisory 975497 and apply the Fix it tool or workarounds. Microsoft Knowledge Base Article 975497 addresses the vulnerability that was previously reported in the "Microsoft Releases Security Advisory 975497" Current Activity entry.

US-CERT is aware that exploit code for this vulnerability has been made publicly available as part of the Metasploit Framework. Users and system administrators are strongly encouraged to apply the Microsoft Fix it solution or other workarounds until a patch is released.

Malicious Code Spreading via IRS Scam

US-CERT is aware of public reports of malicious code circulating via spam email messages related to the IRS. The attacks arrive via an unsolicited email message and may contain a subject line of "Notice of Underreported  Income." These messages may contain a link or attachment. If users click on this link or open the attachment, they may be infected with malicious code, including the Zeus Trojan.

US-CERT encourages users and administrators to take the following measures to protect themselves:

• Review the How to Report and Identify Phishing, E-mail Scams and Bogus IRS Web Sites document on the IRS website.
• Do not follow unsolicited web links or attachments in email messages.
• Maintain up-to-date antivirus software.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
  

Cisco Releases Multiple Security Advisories for IOS Vulnerabilities and Unified Communications Manager

Cisco has released multiple security advisories to address vulnerabilities in IOS Software and Unified Communications Manager. These vulnerabilities may allow an attacker to cause a denial-of-service
condition, buffer overflow, or access control list bypass.

US-CERT encourages users and administrators to review the following Cisco security advisories and apply any necessary updates to help mitigate the risks.

• cisco-sa-20090923-acl : Cisco IOS Software Object-group Access Control List Bypass Vulnerability
• cisco-sa-20090923-auth-proxy : Cisco IOS Software Authentication Proxy Vulnerability
• cisco-sa-20090923-cm : Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability
• cisco-sa-20090923-cme : Cisco Unified Communications Manager Express Vulnerability
• cisco-sa-20090923-h323 : Cisco IOS Software H.323 Denial of Service Vulnerability
• cisco-sa-20090923-ios-fw : Cisco IOS Software Zone-Based Policy Firewall Vulnerability
• cisco-sa-20090923-ipsec : Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability
• cisco-sa-20090923-ntp : Cisco IOS Software Network Time Protocol Packet Vulnerability
• cisco-sa-20090923-sip : Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
• cisco-sa-20090923-tls : Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability
• cisco-sa-20090923-tunnels : Cisco IOS Software Tunnels Vulnerability
  

Montgomery County Animal Shelter Search Engine Poisoning Campaign

US-CERT is aware of public reports regarding a search engine result poisoning campaign affecting search results for the Montgomery County Animal Shelter. Users seeking details on rumors about the closure of a "Montgomery County Animal Shelter" may be led to click on illegitimate search results which attempt to download malicious code. The rumors are being spread via e-mail, forums, and social networking sites, usually taking the form of a plea for readers to contact the shelter and adopt animals prior to the shelter's closing.

US-CERT is monitoring the situation and will provide updates as they become available.

Apple Releases iTunes 9.0.1

Apple has released iTunes 9.0.1 to address a vulnerability that may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to review Apple article HT3884 and apply any necessary updates to help mitigate the risks.

Adobe Releases Security Bulletin for RoboHelp Server 8

Adobe has released security bulletin APSB09-14 to address a vulnerability in RoboHelp Sever 8. This vulnerability may allow a remote attacker to execute arbitrary code.

US-CERT encourages users and administrators to review Adobe security bulletin APSB09-14 and apply any necessary updates.