March 03, 2010 - Current Activity

U.S. Census Bureau 2010 Census Campaign Warning

US-CERT asks users to be vigilant during the U.S. Census Bureau's 2010 Census campaign and to watch for potential census scams.

According to the U.S. Census 2010 website, they began delivery of the printed census forms to every resident in the United States on March 1, 2010. The only way to complete the census is by filling in the form using pen and ink; in some instances, census takers will be visiting households to complete the form face-to-face. It is important to understand that the U.S. Census Bureau will not, under any circumstances, be providing an online option to complete the 2010 census form.

US-CERT encourages all residents in the United States to take the following measures to protect themselves:

• Review available information about the 2010 U.S. Census on the website.
• Familiarize yourself with what information the U.S. Census Bureau is collecting on the census form.
  
• Do not follow unsolicited web links of attachments in email messages.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
  

Microsoft Re-Releases Security Bulletin MS10-015

Microsoft has re-released the security update described in Microsoft Security Bulletin MS10-015.  This release contains an updated installation package that does not allow the security update to be installed on computers infected with malicious code. Microsoft has also released a Fix-It Tool to determine if systems are compatible with the update.

US-CERT encourages users and administrators to review Microsoft Knowledge Base Article 977165, Microsoft Knowledge Base Article 980966, and the MSRC Blog Post. Users who have already successfully installed the update for MS10-015 do not need to take any action.

Microsoft Releases Security Advisory to Address VBScript Vulnerability

Microsoft has released a security advisory to address a vulnerability in VBScript. The advisory indicates that this vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. By convincing a user to view a specially crafted HTML document (web page, HTML email, or email attachment) with Internet Explorer and to press the F1 key, an attacker could run arbitrary code with the privileges of the user running the application.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

• Review Microsoft Security Advisory 981169.
• Review the Microsoft Security Research & Defense blog entry regarding this issue.
• Review US-CERT Vulnerability Note VU#612021.
• Refrain from pressing the F1 key when prompted by a website.
• Restrict access to the Windows Help System.

Adobe Releases a Security Update for Download Manager

Adobe has released a security bulletin to address a vulnerability in the Adobe Download Manager. This vulnerability could allow an attacker to download and install unauthorized software.

US-CERT encourages users and administrators to review security bulletin APSB10-08 and review the steps to mitigate the issue.

Mozilla Releases Security Advisories

The Mozilla Foundation has released multiple security advisories to address vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or bypass security restrictions.

US-CERT encourages users and administrators to review the Mozilla Foundation security advisories. Firefox users may upgrade to version 3.0.18, 3.5.8, or 3.6 to help mitigate the risks. Thunderbird users should upgrade to version 3.0.2, and SeaMonkey users should upgrade to version 2.0.3 once those updates are released by the vendor.

Cisco Releases Multiple Security Advisories

Cisco has released three security advisories to address vulnerabilities.

Security advisory, cisco-sa-20100217-fwsm, addresses a vulnerability in the Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers. Successful and repeated exploitation of this vulnerability could result in a denial-of-service condition.

Security advisory, cisco-sa-20100217-asa, addresses multiple vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances. These vulnerabilities may allow an attacker to gain unauthorized access to an affected system or cause a denial-of-service condition.

Security advisory, cisco-sa-20100217-csa, addresses multiple vulnerabilities in the Cisco Security Agent. These vulnerabilities may allow an attacker to execute arbitrary SQL commands, view and download arbitrary files, or cause a denial-of-service condition.

US-CERT encourages users and systems administrators to review Cisco security advisory cisco-sa-20100217-fwsm, cisco-sa-20100217-asa, and cisco-sa-20100217-csa and apply any necessary updates to mitigate the risks.

Adobe Releases Security Bulletins for Acrobat, Reader, and Flash Player

Adobe has released two security bulletins to address vulnerabilities in Adobe Acrobat, Reader, and Flash Player.

The first bulletin, APSB10-06, is a security update for Adobe Flash Player and Adobe AIR that addresses a critical vulnerability. Exploitation of these vulnerabilities may allow an attacker to make unauthorized cross-domain requests. The bulletin indicates that the update also addresses a potential denial-of-service issue.

The second bulletin, APSB10-07, indicates that security updates are available for Adobe Reader and Acrobat. These updates address two critical vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, make unauthorized cross-domain requests, or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Adobe Bulletins APSB10-06 and APSB10-07 and apply any necessary updates to help mitigate the risks.

Google Releases Chrome 4.0.249.89

Google has released Chrome 4.0.249.89 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 4.0.249.89 for Windows to help mitigate the risks.

Cisco Releases Advisory for IronPort Encryption Appliance

Cisco has released an advisory to address multiple vulnerabilities in IronPort Encryption Appliance. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or obtain sensitive information.

US-CERT encourages users and administrators to review Cisco Security Advisory cisco-sa-20100210-ironport and apply any necessary workarounds to help mitigate the risks. Additional information regarding these vulnerabilities can be found in Cisco Applied Mitigation Bulletin 111668.

Microsoft Releases February Security Bulletin

Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for February 2010. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.

US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.