December 04, 2009 - Current Activity

Sun Releases Update 17 for Java SE 6

Sun has released update 17 for Java SE JDK 6 and Java SE JRE 6 to address multiple vulnerabilities. The impacts of these vulnerabilities include arbitrary code execution, privilege escalation, denial of service, and information disclosure.

US-CERT encourages users and administrators to review the Java SE 6 Update 17 release notes and apply any necessary updates to help mitigate the risks.

Apple has released Java for Mac OS X 10.6 Update 1 and Java for Mac OS X 10.5 Update 6 to address these vulnerabilities. Mac users are encouraged to review Apple articles HT3969 and HT3970 and apply any necessary updates to help mitigate the risks.

Microsoft Releases Advance Notification for December Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its December release cycle will contain six bulletins, three of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Microsoft Office, and Internet Explorer. There will also be three important bulletins for Microsoft Windows and Microsoft Office. Release of these bulletins is scheduled for Tuesday, December 8.

US-CERT will provide additional information as it becomes available. 

H1N1 Malware Campaign Circulating

US-CERT is aware of public reports of a malware campaign circulating. This campaign is circulating via email messages offering information regarding the H1N1 vaccination. This email messages contain a link to a bogus Centers for Disease Control and Prevention website. Users who click on this link may become infected with malware. Public reports indicate that these email messages are noted as having subject lines such as: "Governmental registration program on the H1N1 vaccination" and "Your personal vaccination profile." Please note that subject lines may change at any time.

US-CERT encourages users to take the following precautions to help mitigate the risks:

• Install antivirus software, and keep the signature files up to date.
• Do not follow unsolicited links and do not open unsolicited email messages.
• Use caution when visiting untrusted websites.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on avoiding social engineering attacks.

Research In Motion Releases Advisory for BlackBerry PDF Distiller Vulnerabilities

Research In Motion has released a security advisory to address multiple vulnerabilities in the PDF distiller of some released versions of the BlackBerry Attachment Service. The advisory lists the affected versions as BlackBerry Enterprise Server 5.0.0 running on Microsoft Windows version 2003 or 2008, BlackBerry Enterprise Server 5.0.0 running on Microsoft Windows 2000, BlackBerry Enterprise Server software versions 4.1.3 through 4.1.7, and BlackBerry Professional Software 4.1.4. By convincing a user to view a specially crafted PDF file, an attacker may be able to execute arbitrary code or cause a denial-of-service condition on the system that hosts the BlackBerry Attachment Service.

US-CERT encourages users and administrators to review BlackBerry security advisory KB19860 and apply any necessary updates.

Malicious Code Circulating via Social Security Administration Phishing Messages

US-CERT is aware of public reports of malicious code circulating via phishing email messages that appear to come from the Social Security Administration. The messages indicate that the users' annual Social Security statements may contain errors and instruct users to follow a link to review their Social Security statement. If users click this link, they will be redirected to a seemingly legitimate website that prompts them for their Social Security number. If users enter their Social Security number and continue to the next page, they will be given an option to generate a statement. If users attempt to generate a statement, malicious code may be installed on their systems. This malicious code attempts to collect online banking traffic to gain access to the users' bank accounts.

US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks:

• Install antivirus software, and keep the virus signatures up to date.
• Do not follow unsolicited links and do not open unsolicited email messages.
• Use caution when visiting untrusted websites.
• Use caution when entering personal information online.
  
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Microsoft Releases Security Advisory 977981

Microsoft has released security advisory 977981 to address a vulnerability in Microsoft Internet Explorer. This vulnerability may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review Microsoft Security Advisory 977981  and implement the suggested workarounds listed in the advisory to help mitigate the risks.

Microsoft Releases Security Advisory 977544

Microsoft has released security advisory 977544 to address a vulnerability in the Server Message Block (SMB) protocol. This vulnerability may allow an attacker to cause a denial-of-service condition. This vulnerability only affects Windows 7 and Server 2008 software.

US-CERT encourages users and administrators to review Microsoft security advisory 977544 and apply the workarounds.

SSL and TLS Vulnerable to Man-in-the-middle Attacks

US-CERT is aware of reports of publicly available exploit code for a vulnerability within the SSL and TLS protocols. Reports indicate that exploitation of this vulnerability may allow an attacker to conduct a man-in-the-middle attack, allowing an attacker to inject plaintext into the beginning of the application protocol stream.

US-CERT encourages OpenSSL users and administrators to review the OpenSSL 0.9.8l release and apply any updates.

US-CERT has not received any reports of active exploitation and will continue to provide additional information as it becomes available.

Apple Releases Safari 4.0.4

Apple has released Safari 4.0.4 to address multiple vulnerabilities in a number of components. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct cross-site request forgery, or obtain sensitive information. These vulnerabilities affect Safari running on both the Mac OS X and Windows platforms.

US-CERT encourages users and administrators to review Apple article HT3949 and upgrade to Safari 4.0.4 to help mitigate the risks.

Microsoft Releases November Security Bulletin

Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for November 2009. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with escalated privileges.

US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.