Information Protection and Security

Microsoft has released security advisory 977544 to address a vulnerability in the Server Message Block (SMB) protocol. This vulnerability may allow an attacker to cause a denial-of-service condition. This vulnerability only affects Windows 7 and Server 2008 software.brbrUS-CERT encourages users and administrators to review Microsoft security advisory a href="http://www.microsoft.com/technet/security/advisory/977544.mspx" target="_self"977544/a and apply the workarounds.

Apple has released Safari 4.0.4 to address multiple vulnerabilities in a number of components. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct cross-site request forgery, or obtain sensitive information. These vulnerabilities affect Safari running on both the Mac OS X and Windows platforms.brbrUS-CERT encourages users and administrators to review Apple article a href="http://support.apple.com/kb/HT3949" target="_self"HT3949/a and upgrade to Safari 4.0.4 to help mitigate the risks.

Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for a href="http://www.microsoft.com/technet/security/bulletin/ms09-nov.mspx" target="_self"November 2009/a. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with escalated privileges.brbrUS-CERT encourages users and administrators to review the a href="http://www.microsoft.com/technet/security/bulletin/ms09-nov.mspx" target="_self"bulletins/a and follow best-practice security policies to determine which updates should be applied.nbsp;

Apple has released Mac OS X v10.6.2 and Security Update 2009-006 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct a man-in-the-middle attack, operate with escalated privileges, or obtain sensitive information.brbrUS-CERT encourages users and administrators to review Apple article a href="http://support.apple.com/kb/HT3937" target="_self"HT3937/a and apply any necessary updates to help mitigate the risks.

Multiple vulnerabilities have been discovered in Microsoft Office Excel. These vulnerabilities can be exploited by opening a specially crafted Excel document. The document may be received as an email attachment, or by visiting a web site where the document is posted. Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. SYSTEMS AFFECTED: Microsoft Office XP Microsoft Office 2003 Microsoft Office 2007 Microsoft Office ...

A vulnerability has been discovered in Microsoft Office Word. This vulnerability can be exploited by opening a specially crafted Word document. The document may be received as an email attachment, or by visiting a web site where the document is hosted. Successful exploitation will result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in denial-of-service conditions. SYSTEMS AFFECTED: Microsoft Office XP Microsoft ...

A vulnerability has been discovered in the way Microsoft Windows parses Embedded OpenType Font (EOT) which could allow for remote code execution. Embedded OpenType Fonts are fonts within Microsoft Windows that are used for designing web pages and documents. These vulnerabilities can be exploited if a user opens a specially crafted file or webpage, including opening an e-mail attachment. Successful exploitation may result in an attacker gaining the same user privileges as the logged on user. Depending on the privileges associated with this user, an attacker could then install programs; view, change, or delete data; or create new accounts. ...

A vulnerability exists in the Transport Layer Security (TLS) protocol that could allow attackers to intercept secure communications from unsuspecting users. TLS is widely used to provide secure communication over the Internet. If successfully exploited, this could result in information disclosure or credential theft of the affected user. Please note: Proof of concept code has been published and is publically available. However, we have not received any reports of active exploitation of this vulnerability. SYSTEMS AFFECTED: Apache Software Foundation Apache 2.2.8 Apache Software Foundation Apache 2.2.9 GNU GnuTLS 2.0.0 - 2.8.3 Microsoft IIS 7.0 Microsoft IIS ...

US-CERT is aware of reports of publicly available exploit code for a vulnerability within the SSL and TLS protocols. Reports indicate that exploitation of this vulnerability may allow an attacker to conduct a man-in-the-middle attack, allowing an attacker to inject plaintext into the beginning of the application protocol stream.brbrUS-CERT encourages OpenSSL users and administrators to review the a href="http://www.openssl.org/source/" target="_self"OpenSSL 0.9.8l/a release and apply any updates.brbrUS-CERT has not received any reports of active exploitation and will continue to provide additional information as it becomes available.

Microsoft has issued a a href="http://www.microsoft.com/technet/security/bulletin/ms09-nov.mspx" target="_self"Security Bulletin Advance Notification/a indicating that its November release cycle will contain six bulletins, three of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows. There will also be three important bulletins for Microsoft Windows and Microsoft Office. Release of these bulletins is scheduled for Tuesday, November 10.brbrUS-CERT will provide additional information as it becomes available.

Research in Motion has released Security Advisory a href="http://www.blackberry.com/btsc/search.do?cmd=displayKCamp;docType=kcamp;externalId=KB19701" target="_self"KB19701/a to address a vulnerability in BlackBerry Desktop Manager. This vulnerability may allow an attacker to execute arbitrary code.brbrUS-CERT encourages users to review BlackBerry Security Advisory a href="http://www.blackberry.com/btsc/search.do?cmd=displayKCamp;docType=kcamp;externalId=KB19701" target="_self"KB19701/a and apply any necessary updates.

Multiple vulnerabilities have been discovered in the Sun Java Runtime Environment (JRE), Sun Java Development Kit (JDK) and Sun Development Kit (SDK) that could allow attackers to take complete control of a vulnerable system. Sun Java Runtime Environment, Sun Java Development Kit and the Sun Development Kit are used to enhance the user experience when visiting web sites and are installed on most desktops and servers. These vulnerabilities may be exploited if a user visits a specifically crafted web page, or opens a specially crafted file. Successful exploitation could result in an attacker gaining the same privileges as the ...

Sun has released update 17 for Java SE JDK 6 and Java SE JRE 6 to address multiple vulnerabilities. The impacts of these vulnerabilities include arbitrary code execution, privilege escalation, denial of service, and information disclosure.brbrUS-CERT encourages users and administrators to review the Java the Java SE 6 Update 17 a href="http://java.sun.com/javase/6/webnotes/6u17.html" target="_self"release notes/a and apply any necessary a href="http://java.sun.com/javase/downloads/index.jsp" target="_self"updates/a to help mitigate the risks.

Adobe has released Shockwave Player 11.5.2.602 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to run malicious code on the user's machine.brbrUS-CERT encourages users and administrators to review Adobe security bulletin a href="http://www.adobe.com/support/security/bulletins/apsb09-16.html" target="_self"APSB09-16/a and update to Shockwave Player 11.5.2.602 to help mitigate the risks.br

A vulnerability has been discovered in the BlackBerry Desktop Manager that could allow remote code execution. Research In Motion BlackBerry Desktop Manager is used to synchronize smart phones and desktop computers. Exploitation may occur if a user visits a specifically crafted web page which takes advantage of these vulnerabilities. Successful exploitation may result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in denial-of-service conditions. ...

Mozilla has released Firefox 3.0.15 and Firefox 3.5.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, execute arbitrary JavaScript with chrome privileges, or cause a denial-of-service condition. As described in the Mozilla Foundation Security Advisories, some of these vulnerabilities may also affect SeaMonkey.brbrUS-CERT encourages users to review the Mozilla Foundation security advisories for a href="http://www.mozilla.org/security/known-vulnerabilities/firefox30.html" target="_self"Firefox 3.0/a and a href="http://www.mozilla.org/security/known-vulnerabilities/firefox35.html" target="_self"Firefox 3.5/a and apply any necessary updates or workarounds to help mitigate the risks.

Multiple vulnerabilities have been discovered in the Mozilla Firefox and Mozilla SeaMonkey applications which could allow remote code execution. Mozilla Firefox is a popular web browser used to access the Internet. Mozilla SeaMonkey is a cross platform Internet suite of tools ranging from a web browser to an email client. The Mozilla applications (Firefox and SeaMonkey) utilize the same framework to display application specific information (e.g. Web pages, emails, chats). Exploitation can occur if a user visits a webpage or opens a malicious file specifically crafted to take advantage of these vulnerabilities. Successful exploitation could result in an attacker ...

The Federal Deposit Insurance Corporation (FDIC) has released information warning the public about fraudulent email messages purporting to come from the FDIC. These email messages provides a link to a fraudulent FDIC website. Users are then instructed to download their "personal FDIC Insurance File."brbrMore information regarding these messages can be found in the a href="http://www.fdic.gov/consumers/consumer/alerts/index.html" target="_self"Federal Deposit Insurance Corporation's Consumer Alerts/a website.brbrUsers are encouraged to take the following measures to protect themselves from this type of phishing scam:brulliDo not follow unsolicited web links received in email messages./liliVerify the website by manually typing the URL when attempting to connect to web sites recommended in an email./liliRefer to the a href="http://www.us-cert.gov/cas/tips/ST04-014.html" target="_self"Avoiding Social Engineering and Phishing Attacks/a document for more information on social engineering attacks./li/ul

US-CERT is aware of public reports of a new software application called PhoneSnoop. This software allows an attacker to call a user's BlackBerry and listen to personal conversations. In order to install and setup the PhoneSnoop application, attackers must have physical access to the user's device or convince a user to install PhoneSnoop.brbrUS-CERT encourages users to only download BlackBerry applications from trusted sources and to password protect and lock BlackBerry devices.

Oracle has released its a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html" target="_self"Critical Patch Update for October 2009/a to address 38 vulnerabilities across several products. This update contains the following security fixes:brulli16 for the Oracle Database/lili3 for the Oracle Application Server/lili8 for the Oracle E-Business Suite and Applications/lili4 for the Oracle PeopleSoft and JD Edwards Suite/lili6 for the Oracle BEA Products Suite/lili1 for the Oracle Industry Applications Products Suite/li/ulUS-CERT encourages users and administrators to review the a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html" target="_self"October Critical Patch Update/a and apply any necessary updates.