Skip to content

customize
Current Activity Calendar
Left Arrow
April 2009
Right Arrow
Su M Tu W Th F Sa
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30
Please click on a date above to see current activity for that day.

  • Latest Current Activity
  • April 13, 2009 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    April 9Conficker Worm Targets Microsoft Windows Systems
    April 9Microsoft Releases Advance Notification for April Security Bulletin
    April 8Cisco Releases Security Advisory for ASA Adaptive Security Appliance and PIX Security Appliances
    April 3Microsoft Releases Security Advisory 969136
    March 30Mozilla Foundation Releases Firefox 3.0.8
    March 26Sun Releases Updates for Java SE
    March 26OpenSSL Releases Security Advisory
    March 25Cisco Releases Multiple Security Advisories for IOS Vulnerabilities
    March 23Sun Releases Alert for Java System Identity Manager Vulnerabilities
    March 18Adobe Releases Security Bulletin



    Conficker Worm Targets Microsoft Windows Systems

    added March 29, 2009 at 08:18 pm | updated April 9, 2009 at 06:44 pm

    UPDATE: Researchers have discovered a new variant of the Conficker Worm on April 9, 2009. This variant updates earlier infections via its peer to peer (P2P) network as well as resuming scan-and-infect activity against unpatched systems. Public reporting indicates that this variant attempts to download additional malicious code onto victim systems, possibly including copies of the Waledac Trojan, a spam-oriented malicious application which has previously propagated only via bogus email messages containing malicious links.

    US-CERT is aware of public reports indicating a widespread infection of the Conficker/Downadup worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a corporate network, if the network servers are not patched with the MS08-067 patch from Microsoft.

    Home users can apply a simple test for the presence of a Conficker/Downadup infection on their home computers. The presence of a Conficker/Downadup infection may be detected if a user is unable to surf to their security solution website or if they are unable to connect to the websites, by downloading detection/removal tools available free from those sites:

    http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
    http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
    http://www.mcafee.com

    If a user is unable to reach any of these websites, it may indicate a Conficker/Downadup infection. The most recent variant of Conficker/Downadup interferes with queries for these sites, preventing a user from visiting them. If a Conficker/Downadup infection is suspected, the system or computer should be removed from the network or unplugged from the Internet - in the case for home users.

    Instructions, support and more information on how to manually remove a Conficker/Downadup infection from a system have been published by major security vendors. Please see below for a few of those sites. Each of these vendors offers free tools that can verify the presence of a Conficker/Downadup infection and remove the worm:

    Symantec:

    http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99

    Microsoft:

    http://support.microsoft.com/kb/962007

    http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

    Microsoft PC Safety hotline at 1-866-PCSAFETY, for assistance.

    UPDATED: US-CERT encourages users to take the following preventative measures to help prevent a Conficker/Downadup infection:

    • Ensure all systems have the MS08-067 patch.
    • Disable AutoRun functionality. See US-CERT Technical Cyber Security Alert TA09-020A.
    • Maintain up-to-date antivirus software.
    • Do not follow unsolicited links and do not open unsolicited email messages.
    • Use caution when visiting untrusted websites.
    • Use caution when downloading and installing applications.
    • Obtain software applications and updates directly from the vendor's website.
    • Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
    • Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.


    Microsoft Releases Advance Notification for April Security Bulletin

    added April 9, 2009 at 01:36 pm

    Microsoft has issued a Security Bulletin Advance Notification indicating that the April release cycle will contain eight bulletins, five of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Office, and Internet Explorer. There will also be two Important bulletins for Microsoft Windows and Forefront Edge Security and one Moderate bulletin for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, April 14.

    US-CERT will provide additional information as it becomes available.


    Cisco Releases Security Advisory for ASA Adaptive Security Appliance and PIX Security Appliances

    added April 8, 2009 at 03:46 pm

    Cisco has released a security advisory to address multiple vulnerabilities in the ASA Adaptive Security Appliance and PIX Security Appliances. These vulnerabilities may allow an attacker to bypass authentication mechanisms, bypass access control lists, or cause a denial-of-service condition.

    US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20090408-asa and apply any necessary updates or workarounds to help mitigate the risks.


    Microsoft Releases Security Advisory 969136

    added April 3, 2009 at 08:47 am

    Microsoft has released security advisory 969136 to address reports of a vulnerability in Microsoft Office PowerPoint. By convincing a user to open a specially crafted Office file, a remote attacker may be able to gain access to the affected system with the same rights as the user running PowerPoint.

    US-CERT encourages users and administrators to review Microsoft Security Advisory 969136 and implement the suggested workarounds listed in the advisory to help mitigate the risks.

    US-CERT will provide additional information as it becomes available.


    Mozilla Foundation Releases Firefox 3.0.8

    added March 30, 2009 at 09:25 am

    Mozilla Foundation has released Firefox 3.0.8 to address two vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. The Mozilla Foundation Security Advisories also indicate that one of these vulnerabilities also affects SeaMonkey.

    US-CERT encourages users and administrators to review the following Mozilla Foundation Security Advisories and update to Firefox 3.0.8 to help mitigate the risks:

    • Mozilla Foundation Security Advisory 2009-12
    • Mozilla Foundation Security Advisory 2009-13


    Sun Releases Updates for Java SE

    added March 26, 2009 at 08:54 am

    Sun has released updates for Java SE to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with escalated privileges.

    US-CERT encourages users to review the Sun Java SE 6 Update Release Notes and upgrade to Java SE version 1.6.0_13 to help mitigate the risks.


    OpenSSL Releases Security Advisory

    added March 26, 2009 at 08:36 am

    OpenSSL has released a security advisory to address multiple vulnerabilities. These vulnerabilities may allow an attacker to cause a denial-of-service condition or bypass security restrictions in affected applications.

    US-CERT encourages users and administrators to review the OpenSSL security advisory. Because OpenSSL is widely redistributed, users should check for updates from their operating system vendors and vendors of other products using OpenSSL. Users of OpenSSL from the original source distribution should upgrade to OpenSSL 0.9.8k.


    Cisco Releases Multiple Security Advisories for IOS Vulnerabilities

    added March 25, 2009 at 03:41 pm

    Cisco has released multiple security advisories to address vulnerabilities in IOS Software. These vulnerabilities may allow an attacker to cause a denial-of-service condition, interfere with network traffic, or operate with escalated privileges.

    US-CERT encourages users and administrators to review the following Cisco security advisories and apply any necessary workarounds or updates to help mitigate the risks.


    Sun Releases Alert for Java System Identity Manager Vulnerabilities

    added March 23, 2009 at 12:24 pm

    Sun Microsystems has released an alert to address multiple vulnerabilities in the Java System Identity Manager. These vulnerabilities may allow an attacker to execute arbitrary commands, conduct cross-site scripting attacks, modify configuration settings, or obtain sensitive information.

    US-CERT encourages users and administrators to review Sun Alert 253567 and apply any necessary patches.


    Adobe Releases Security Bulletin

    added March 18, 2009 at 04:39 pm

    Adobe has released security bulletin APSB09-04 to address multiple vulnerabilities, one of which is the JBIG2 vulnerability originally addressed in security advisory APSA09-01 and security bulletin APSB09-03. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

    US-CERT encourages users to review Adobe security bulletin APSB09-04 and apply any necessary updates. Additional information regarding the JBIG2 vulnerability can be found in the Vulnerability Notes Database.