Current Activity Calendar

	January 2009
Su	M	Tu	W	Th	F	Sa
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Please click on a date above to see current activity for that day.

January 07, 2009 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*December 31*	Rogue MD5 SSL Certificate Vulnerability
*December 31*	Worm Exploiting Vulnerability described in MS08-067
*December 31*	Malware Spreading via Malicious Ecards
*December 31*	Mozilla Releases Thunderbird 2.0.0.19
*December 23*	Trend Micro Releases Updates for HouseCall
*December 23*	Microsoft Releases Security Advisory (961040)
*December 17*	Microsoft Releases Security Bulletin MS08-078
*December 17*	Mozilla has released Firefox 3.0.5
*December 17*	Opera Software releases Opera Version 9.63
*December 16*	Microsoft Releases Advance Notification

Rogue MD5 SSL Certificate Vulnerability

added December 30, 2008 at 05:05 pm | updated December 31, 2008 at 05:54 pm

US-CERT is aware of a public report describing how MD5 collisions can be leveraged to generate rogue SSL CA certificates. A rogue CA certificate could be used by an attacker to generate valid SSL certificates for arbitrary web sites. Using these certificates in DNS redirection attacks, an attacker could spoof an SSL protected web site and obtain sensitive information.

US-CERT encourages users to review VU#836068 in the Vulnerability Notes Database.

US-CERT will provide additional information as it becomes available.

Worm Exploiting Vulnerability described in MS08-067

added December 31, 2008 at 02:04 pm | updated December 31, 2008 at 05:54 pm

US-CERT is aware of a public report of a worm circulating that has the capability of exploiting the patched vulnerability described in Microsoft Security Bulletin MS08-067.

US-CERT encourages users to do the following to help mitigate the risks:

Review Microsoft Security Bulletin MS08-067 and apply the update or workarounds listed.
Install antivirus software, and keep the virus signatures up to date.

US-CERT will continue to monitor this activity and provide updates as needed.

Malware Spreading via Malicious Ecards

added December 31, 2008 at 02:04 pm | updated December 31, 2008 at 05:54 pm

US-CERT is aware of public reports of malware spreading via malicious electronic greeting cards (ecards) related to the Christmas and New Year's holidays. The reports indicate that the malware is spreading via emails containing a link to a malicious ecard. If a user clicks on the link, they will be prompted to download an executable file. If the user accepts the download, malware may be installed onto their system.

US-CERT encourages users and administrators to take the following preventive measures to help mitigate the security risks:

Install anti-virus software, and keep its virus signature files up-to-date.
Do not follow unsolicited web links received in email messages.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Mozilla Releases Thunderbird 2.0.0.19

added December 31, 2008 at 02:04 pm

Mozilla has released Thunderbird 2.0.0.19 to address multiple vulnerabilities. The impacts of these vulnerabilities include arbitrary code execution, information disclosure, and denial of service. As described in the Mozilla Foundation Security Advisories, some of these vulnerabilities also affect Firefox but were addressed in the previously released Firefox 3.0.5 update.

US-CERT encourages users to review the relevant Mozilla Foundation Security Advisories and to update to Thunderbird 2.0.0.19.

Trend Micro Releases Updates for HouseCall

added December 23, 2008 at 10:53 am

Trend Micro has released a patch to address a vulnerability in HouseCall 6.6. This vulnerability may allow an attacker to execute arbitrary code. Visitors to the publicly available HouseCall application may receive an older, vulnerable version of the control.

US-CERT encourages users to review Hot Fix B1285 and apply any necessary updates.

Microsoft Releases Security Advisory (961040)

added December 23, 2008 at 08:29 am | updated December 23, 2008 at 10:44 am

Microsoft has released Security Advisory 961040 to address reports of attacks against a new vulnerability in Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine, Microsoft SQL Server 2000 Desktop Engine, and Windows Internal Database. The vulnerability occurs in the extended stored procedure "sp_replwriteovarbin." Exploitation of this vulnerability may allow an authenticated attacker to execute arbitrary code. Additionally, if a web application is vulnerable to SQL injection, an unauthenticated, remote attacker may be able to execute arbitrary code.

US-CERT encourages users to review the Microsoft Security Advisory 961040 and implement any Suggested Actions to help mitigate the risks.

Microsoft Releases Security Bulletin MS08-078

added December 17, 2008 at 01:39 pm

Microsoft has released Security Bulletin MS08-078 to address a vulnerability in Internet Explorer. This vulnerability is due to an invalid pointer reference in the data binding function. By convincing a user to view a specially crafted document that performs data binding (e.g., a web page, email message, or attachment), a remote, unauthenticated attacker may be able to execute arbitrary code.

US-CERT encourages users to review Microsoft Security Bulletin MS08-078 and apply the update or workarounds listed in the bulletin to help mitigate the risks. Users may also want to consider implementing the best security practices listed in the Securing Your Web Browser document to strengthen their web browsers against future vulnerabilities.

Additional information regarding this vulnerability can be found in the Vulnerability Notes Database.

Mozilla has released Firefox 3.0.5

added December 17, 2008 at 10:00 am

Mozilla has released Firefox 3.0.5 to address multiple vulnerabilities. The impacts of these vulnerabilities include cross-site scripting and information disclosure. As described in the Mozilla Foundation Security Advisories, some of these vulnerabilities may also affect Thunderbird.

US-CERT encourages users to do the following to help mitigate the risks:

Review the Mozilla Foundation Security Advisory.
Update to Firefox 3.0.5.

Opera Software releases Opera Version 9.63

added December 17, 2008 at 09:45 am

Opera Software has released Opera Version 9.63 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site scripting, or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Opera advisories: 920, 921, 922, 923, and 924 and upgrade to version 9.63 to help mitigate the risks.

Microsoft Releases Advance Notification

added December 16, 2008 at 06:11 pm

Microsoft has released a Security Bulletin Advance Notification indicating that an out-of-band Security Bulletin will be released. This bulletin will address a remote code execution vulnerability in Microsoft Internet Explorer. Release of this Bulletin is scheduled for Wednesday, December 17.

US-CERT encourages users to review the Security Bulletin Advance Notification and apply any necessary updates when they become available. Additional information about this vulnerability can be found in the Vulnerability Notes Database.

US-CERT will provide additional information as it becomes available.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory