Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
March 2009
 Right Arrow
Su M Tu W Th F Sa
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    March 02, 2009 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    February 27Cisco Releases Security Advisory for ACE 4710 Appliance and ACE Module
    February 25Adobe Releases Security Bulletin for Flash Player
    February 24Microsoft Releases Security Advisory (968272)
    February 23New Variant of Conficker/Downadup Worm Circulating
    February 20Adobe Releases Security Bulletin for Critical Vulnerability
    February 17Active Exploitation of Microsoft Internet Explorer 7 Vulnerability
    February 17Apple Releases Security Updates
    February 10BlackBerry Security Advisory
    February 10Microsoft Releases February Security Bulletin Summary
    February 9HP Releases Security Bulletin to Address a Vulnerability in Multiple Printers


    Cisco Releases Security Advisory for ACE 4710 Appliance and ACE Module

    added February 27, 2009 at 09:26 am

    Cisco has released a Security Advisory to address multiple vulnerabilities in the ACE Application Control Engine Module, ACE 4710 Application Control Engine. These vulnerabilities may allow an attacker to obtain administrative level access, operate with escalated privileges, or cause a denial-of-service condition.

    US-CERT encourages users and administrators to review Cisco Security Advisory cisco-sa-20090225-ace and apply any necessary workarounds or updates to help mitigate the risks.


    Adobe Releases Security Bulletin for Flash Player

    added February 25, 2009 at 09:54 am

    Adobe has released Security Bulletin APSB09-01 to address multiple vulnerabilities in Flash Player. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial of service condition, conduct Clickjacking attacks, or operate with escalated privileges.

    US-CERT encourages users to review Adobe Security Bulletin APSB09-01 and upgrade to Flash Player 10.0.22.87 to help mitigate the risks.


    Microsoft Releases Security Advisory (968272)

    added February 24, 2009 at 02:10 pm

    Microsoft has released Security Advisory 968272 to address reports of a vulnerability in Microsoft Office Excel. By convincing a user to open a specially crafted Excel document, an attacker may be able to execute arbitrary code.

    US-CERT strongly encourages users and administrators to review Microsoft Security Advisory 968272 and apply the Suggested Actions to help mitigate the risks.

    US-CERT will provide additional information as it becomes available.


    New Variant of Conficker/Downadup Worm Circulating

    added February 23, 2009 at 05:02 pm

    US-CERT is aware of public reports concerning a new variant of the Conficker/Downadup worm, named Conficker B++. This variant propagates itself via multiple methods, including exploitation of the previously patched vulnerability addressed in MS08-067, password guessing, and the infection of removable media. Most significantly, Conficker B++ implements a new backdoor with "auto-update" functionality, allowing machines compromised by the new variant to have additional malicious code installed on them. According to Microsoft, there is no indication that systems infected with previous variants of Conficker can automatically be re-infected with the B++ variant.

    US-CERT strongly encourages users to review Microsoft Security Bulletin MS08-067 and update unpatched systems as soon as possible.

    Additionally, US-CERT recommends that users take the following preventative measures to help mitigate the security risks:

    • Install antivirus software, and keep the virus signatures up to date.
    • Review the Microsoft Malware Protection Center blog entry for details regarding the worm.
    • Review the Using Caution with USB Drives Cyber Security Tip for more information on protecting removable media.


    Adobe Releases Security Bulletin for Critical Vulnerability

    added February 20, 2009 at 11:20 am | updated February 20, 2009 at 03:55 pm

    Adobe has released a Security Bulletin to alert users of a vulnerability in Adobe Reader and Acrobat. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Adobe indicates that it has received reports of active exploitation.

    US-CERT encourages users to take the following actions to help mitigate the risks:

    • Review Adobe Security Bulletin APSA09-01.
    • Review US-CERT Vulnerability Note VU#905281.
    • Review US-CERT Technical Cyber Security Alert TA09-051A.
    • Disable JavaScript in Adobe Reader and Acrobat. Acrobat JavaScript can be disabled in the General preferences dialog (Edit, Preferences, JavaScript, and un-check "Enable Acrobat JavaScript").
    • Prevent Internet Explorer from automatically opening PDF documents.
    • Disable the displaying of PDF documents in the web browser. This can be disabled in the the General preferences dialog (Edit, Preferences, Internet, and un-check "Display PDF in browser").
    • Use caution when opening untrusted PDF files.
    • Install antivirus software, and keep virus signatures up to date.
    US-CERT will provide additional information as it becomes available.


    Active Exploitation of Microsoft Internet Explorer 7 Vulnerability

    added February 17, 2009 at 04:25 pm

    US-CERT is aware of a public report indicating active exploitation of a previously patched vulnerability in Microsoft Internet Explorer 7. This vulnerability was addressed in Microsoft Security Advisory MS09-002. Additional information is available in US-CERT Technical Cyber Security Alert TA09-041A.

    US-CERT encourages users to apply the update or workarounds as specified in Microsoft Security Advisory MS09-002. Additional information can be found in Microsoft Knowledge Base Article 961260.


    Apple Releases Security Updates

    added February 17, 2009 at 04:25 pm

    Apple has released the following security updates:

    • Security Update 2009-001
    • Java for Mac OS X 10.5 Update 3
    • Java for Mac OS X 10.4 Release 8
    • Safari 3.2.2 for Windows   
    These security updates address vulnerabilities in multiple Apple products. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, access the system with escalated privileges, or obtain sensitive information.

    US-CERT encourages users and administrators to review the following Apple Security Articles and apply any necessary updates:


    BlackBerry Security Advisory

    added February 10, 2009 at 03:39 pm

    Research In Motion has released a Security Advisory to address a vulnerability in the BlackBerry Application Web Loader ActiveX control. By convincing a user to view a specially crafted HTML document, an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer to crash.

    US-CERT encourages users to review BlackBerry Security Advisory KB16248 and apply the resolution or implement the workaround listed in the document to help mitigate the risk.


    Microsoft Releases February Security Bulletin Summary

    added February 10, 2009 at 03:37 pm

    Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Exchange Server, and SQL Server as part of the Microsoft Security Bulletin Summary for February 2009. These vulnerabilities may allow an attacker to execute arbitrary code.

    US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.


    HP Releases Security Bulletin to Address a Vulnerability in Multiple Printers

    added February 9, 2009 at 09:26 am

    Hewlett-Packard has released Security Bulletin HPSBPI02398 SSRT080166 to address a vulnerability in multiple HP printers. This vulnerability may allow an unauthorized remote attacker to gain access to files.

    US-CERT encourages users to review HP Security Bulletin  HPSBPI02398 SSRT080166 and apply any necessary updates.