Information Protection and Security

US-CERT is aware of reports of publicly available exploit code for a vulnerability within the SSL and TLS protocols. Reports indicate that exploitation of this vulnerability may allow an attacker to conduct a man-in-the-middle attack, allowing an attacker to inject plaintext into the beginning of the application protocol stream.brbrUS-CERT encourages OpenSSL users and administrators to review the a href="http://www.openssl.org/source/" target="_self"OpenSSL 0.9.81/a release and apply any updates.brbrUS-CERT has not received any reports of active exploitation and will continue to provide additional information as it becomes available.brbr

Microsoft has issued a a href="http://www.microsoft.com/technet/security/bulletin/ms09-nov.mspx" target="_self"Security Bulletin Advance Notification/a indicating that its November release cycle will contain six bulletins, three of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows. There will also be three important bulletins for Microsoft Windows and Microsoft Office. Release of these bulletins is scheduled for Tuesday, November 10.brbrUS-CERT will provide additional information as it becomes available.

Research in Motion has released Security Advisory a href="http://www.blackberry.com/btsc/search.do?cmd=displayKCamp;docType=kcamp;externalId=KB19701" target="_self"KB19701/a to address a vulnerability in BlackBerry Desktop Manager. This vulnerability may allow an attacker to execute arbitrary code.brbrUS-CERT encourages users to review BlackBerry Security Advisory a href="http://www.blackberry.com/btsc/search.do?cmd=displayKCamp;docType=kcamp;externalId=KB19701" target="_self"KB19701/a and apply any necessary updates.

Sun has released update 17 for Java SE JDK 6 and Java SE JRE 6 to address multiple vulnerabilities. The impacts of these vulnerabilities include arbitrary code execution, privilege escalation, denial of service, and information disclosure.brbrUS-CERT encourages users and administrators to review the Java the Java SE 6 Update 17 a href="http://java.sun.com/javase/6/webnotes/6u17.html" target="_self"release notes/a and apply any necessary a href="http://java.sun.com/javase/downloads/index.jsp" target="_self"updates/a to help mitigate the risks.

Adobe has released Shockwave Player 11.5.2.602 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to run malicious code on the user's machine.brbrUS-CERT encourages users and administrators to review Adobe security bulletin a href="http://www.adobe.com/support/security/bulletins/apsb09-16.html" target="_self"APSB09-16/a and update to Shockwave Player 11.5.2.602 to help mitigate the risks.br

Mozilla has released Firefox 3.0.15 and Firefox 3.5.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, execute arbitrary JavaScript with chrome privileges, or cause a denial-of-service condition. As described in the Mozilla Foundation Security Advisories, some of these vulnerabilities may also affect SeaMonkey.brbrUS-CERT encourages users to review the Mozilla Foundation security advisories for a href="http://www.mozilla.org/security/known-vulnerabilities/firefox30.html" target="_self"Firefox 3.0/a and a href="http://www.mozilla.org/security/known-vulnerabilities/firefox35.html" target="_self"Firefox 3.5/a and apply any necessary updates or workarounds to help mitigate the risks.

The Federal Deposit Insurance Corporation (FDIC) has released information warning the public about fraudulent email messages purporting to come from the FDIC. These email messages provides a link to a fraudulent FDIC website. Users are then instructed to download their "personal FDIC Insurance File."brbrMore information regarding these messages can be found in the a href="http://www.fdic.gov/consumers/consumer/alerts/index.html" target="_self"Federal Deposit Insurance Corporation's Consumer Alerts/a website.brbrUsers are encouraged to take the following measures to protect themselves from this type of phishing scam:brulliDo not follow unsolicited web links received in email messages./liliVerify the website by manually typing the URL when attempting to connect to web sites recommended in an email./liliRefer to the a href="http://www.us-cert.gov/cas/tips/ST04-014.html" target="_self"Avoiding Social Engineering and Phishing Attacks/a document for more information on social engineering attacks./li/ul

US-CERT is aware of public reports of a new software application called PhoneSnoop. This software allows an attacker to call a user's BlackBerry and listen to personal conversations. In order to install and setup the PhoneSnoop application, attackers must have physical access to the user's device or convince a user to install PhoneSnoop.brbrUS-CERT encourages users to only download BlackBerry applications from trusted sources and to password protect and lock BlackBerry devices.

Oracle has released its a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html" target="_self"Critical Patch Update for October 2009/a to address 38 vulnerabilities across several products. This update contains the following security fixes:brulli16 for the Oracle Database/lili3 for the Oracle Application Server/lili8 for the Oracle E-Business Suite and Applications/lili4 for the Oracle PeopleSoft and JD Edwards Suite/lili6 for the Oracle BEA Products Suite/lili1 for the Oracle Industry Applications Products Suite/li/ulUS-CERT encourages users and administrators to review the a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html" target="_self"October Critical Patch Update/a and apply any necessary updates.

US-CERT is aware of public reports of an increased number of spam messages related to Microsoft Outlook or SSL certificates. These messages contain a malicious file or link that claims to provide an update, but in reality, attempts to launch malware on a user's system. Typically, the messages instruct the user to click on a link to save a file or to open an attachment, either of which could infect the user's system.brbrTo help protect against this type of attack, US-CERT recommends that users avoid opening attachments or links contained in unsolicited email messages. Additional tips regarding email attachments can be found in the US-CERT Cyber Security Tip a href="http://www.us-cert.gov/cas/tips/ST04-010.html" target="_self"Using Caution with Email Attachments/a.

Adobe has republished security bulletin a href="http://www.adobe.com/support/security/bulletins/apsb09-15.html" target="_self"APSB09-015/a to address multiple vulnerabilities in Adobe Reader and Acrobat. These vulnerabilities may allow an attacker to execute arbitrary code, escalate local privileges, or cause a denial-of-service condition.brbrUS-CERT encourages users and administrators to review Adobe security bulletin a href="http://www.adobe.com/support/security/bulletins/apsb09-15.html" target="_self"APSB09-015/a and apply any necessary updates.nbsp;

Microsoft has released an update to address vulnerabilities in Microsoft Windows, Silverlight, Internet Explorer, .NET Framework, Office, SQL Server, Developer Tools, and Forefront as part of the Microsoft Security Bulletin Summary for a href="http://www.microsoft.com/technet/security/Bulletin/ms09-oct.mspx" target="_self"October 2009/a. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, cause a denial-of-service condition, or spoof an end user or website.brbrUS-CERT encourages users and administrators to review the a href="http://www.microsoft.com/technet/security/Bulletin/ms09-oct.mspx" target="_self"bulletins/a and follow best-practice security policies to determine which updates should be applied.

Microsoft has issued a a href="http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx" target="_self"Security Bulletin Advance Notification/a indicating that its October release cycle will contain thirteen bulletins, eight of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Internet Explorer, Office, Silverlight, SQL Server, Developer Tools, and Forefront. There will also be five important bulletins for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, October 13.brbrUS-CERT will provide additional information as it becomes available.br

Adobe has released security bulletin a href="http://www.adobe.com/support/security/bulletins/apsb09-15.html" target="_self"APSB09-15/a to alert users of a critical vulnerability in Adobe Reader and Acrobat. Adobe indicates that it has received reports of active exploitation of this vulnerability. Release of an update for this vulnerability is scheduled for Tuesday, October 13.brbrUS-CERT encourages users and administrators to take the following actions to help mitigate the risks:brulliReview Adobe Security Bulletin a href="http://www.adobe.com/support/security/bulletins/apsb09-15.html" target="_self"APSB09-15/a./liliDisable JavaScript in Adobe Reader and Acrobat. Acrobat JavaScript can be disabled in the General preferences dialog (Edit, Preferences, JavaScript, and un-check "Enable Acrobat JavaScript").br/li/ul

The Federal Bureau of Investigation (FBI) has released information warning the public about fraudulent email messages purporting to come from the FBI or the Department of Homeland Security. These email messages contain a malicious attachment that claims to provide an intelligence report or bulletin, but in reality attempts to launch malware on the user's system.brbrMore information regarding these messages can be found in the a href="http://www.fbi.gov/cyberinvest/escams.htm" target="_self"Federal Bureau of Investigation's New E-Scams and Warnings/a web site.brbrTo help protect against this type of attack, US-CERT recommends that users avoid opening attachments contained in unsolicited email messages. Additional tips regarding email attachments can be found in the US-CERT Cyber Security Tip - a href="http://www.us-cert.gov/cas/tips/ST04-010.html" target="_self"Using Caution with Email Attachments/a.brbr

Research in Motion has released a a href="http://www.blackberry.com/btsc/search.do?cmd=displayKCamp;docType=kcamp;externalId=KB19552" target="_self"security advisory/a to address a vulnerability related to how null characters are displayed in a BlackBerry dialog box. This vulnerability may allow an attacker to trick users into believing that they are connecting to a trusted secure site.brbrUS-CERT encourages users to review the BlackBerry security advisory a href="http://www.blackberry.com/btsc/search.do?cmd=displayKCamp;docType=kcamp;externalId=KB19552" target="_self"KB19552/a and apply any necessary a href="http://na.blackberry.com/eng/update/" target="_self"updates/a.br

US-CERT is aware of public reports of malicious code circulating via spam email messages related to the IRS. The attacks arrive via an unsolicited email message and may contain a subject line of "Notice of Underreportednbsp; Income." These messages may contain a link or attachment. If users click on this link or open the attachment, they may be infected with malicious code, including the Zeus Trojan.brbrUS-CERT encourages users and administrators to take the following measures to protect themselves:brulliReview the a href="http://www.irs.gov/privacy/article/0,,id=179820,00.html?portlet=1" target="_self"How to Report and Identify Phishing, E-mail Scams and Bogus IRS Web Sites/a document on the IRS website./liliDo not follow unsolicited web links or attachments in email messages./liliMaintain up-to-date antivirus software./liliRefer to the a href="http://www.us-cert.gov/reading_room/emailscams_0905.pdf" target="_self"Recognizing and Avoiding Email Scams/a (pdf) document for more information on avoiding email scams./liliRefer to the a href="http://www.us-cert.gov/cas/tips/ST04-014.html" target="_self"Avoiding Social Engineering and Phishing Attacks/a document for more information on social engineering attacks.br/li/ul

Cisco has released multiple security advisories to address vulnerabilities in IOS Software and Unified Communications Manager. These vulnerabilities may allow an attacker to cause a denial-of-servicebrcondition, buffer overflow, or access control list bypass.brbrUS-CERT encourages users and administrators to review the following Cisco security advisories and apply any necessary updates to help mitigate the risks.brullia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8119.shtml" target="_self"cisco-sa-20090923-acl/a : Cisco IOS Software Object-group Access Control List Bypass Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8132.shtml" target="_self"cisco-sa-20090923-auth-proxy/a : Cisco IOS Software Authentication Proxy Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml" target="_self"cisco-sa-20090923-cm/a : Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8116.shtml" target="_self"cisco-sa-20090923-cme/a : Cisco Unified Communications Manager Express Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af811a.shtml" target="_self"cisco-sa-20090923-h323/a : Cisco IOS Software H.323 Denial of Service Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8130.shtml" target="_self"cisco-sa-20090923-ios-fw/a : Cisco IOS Software Zone-Based Policy Firewall Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8117.shtml" target="_self"cisco-sa-20090923-ipsec/a : Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8131.shtml" target="_self"cisco-sa-20090923-ntp/a : Cisco IOS Software Network Time Protocol Packet Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af811b.shtml" target="_self"cisco-sa-20090923-sip/a : Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af811c.shtml" target="_self"cisco-sa-20090923-tls/a : Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability/lilia href="http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8115.shtml" target="_self"cisco-sa-20090923-tunnels/a : Cisco IOS Software Tunnels Vulnerabilitybr/li/ul

US-CERT is aware of public reports regarding a search engine result poisoning campaign affecting search results for the Montgomery County Animal Shelter. Users seeking details on rumors about the closure of a "Montgomery County Animal Shelter" may be led to click on illegitimate search results which attempt to download malicious code. The rumors are being spread via e-mail, forums, and social networking sites, usually taking the form of a plea for readers to contact the shelter and adopt animals prior to the shelter's closing.brbrUS-CERT is monitoring the situation and will provide updates as they become available.

Apple has released iTunes 9.0.1 to address a vulnerability that may allow an attacker to execute arbitrary code or cause a denial-of-service condition.brbrUS-CERT encourages users to review Apple article a href="http://support.apple.com/kb/HT3884" target="_self"HT3884/a and apply any necessary updates to help mitigate the risks.