Current Activity Calendar

	February 2008
Su	M	Tu	W	Th	F	Sa
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28

Please click on a date above to see current activity for that day.

February 07, 2008 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*February 7*	Microsoft Releases Advance Notification for February Security Bulletin
*February 7*	Adobe Reader Update
*February 7*	Apple QuickTime Update
*February 7*	Sun Java SE 6 Update
*February 6*	Fraudulent Microsoft Update Web Site
*February 6*	Apple Releases Security Update to Address iPhoto Vulnerability
*February 5*	Yahoo! Music Jukebox ActiveX Buffer Overflow Vulnerabilities
*February 4*	Publicly Available Exploit for Facebook and MySpace Image Uploader Vulnerability
*February 1*	Department of Justice Phishing Campaign
*February 1*	Possible Department of Justice Phishing Campaign

Microsoft Releases Advance Notification for February Security Bulletin

added February 7, 2008 at 01:49 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that its February release cycle will contain 12 bulletins, seven of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Office, Visual Basic, VBScript, JScript and Internet Explorer. There will also be five Important bulletins for Windows, IIS, Active Directory, ADAM, Office, Works, and Works Suite. The release is scheduled for Tuesday, February 12, 2008.

US-CERT will provide additional information as it becomes available.

Adobe Reader Update

added February 7, 2008 at 10:20 am

Adobe has released Adobe Reader 8.1.2 to address multiple unspecified vulnerabilities.

US-CERT encourages users to review Adobe Knowledgebase Article kb403079 and apply the update as soon as possible.

Apple QuickTime Update

added February 7, 2008 at 10:07 am

Apple has released QuickTime 7.4.1 to address a vulnerability in QuickTime. By convincing a user to visit a malicious web site, an attacker may be able to execute arbitrary code or cause a denial of service condition.

More information about this vulnerability is located in the Vulnerability Notes Database.

US-CERT encourages users to apply the appropriate updates as soon as possible.

Sun Java SE 6 Update

added February 7, 2008 at 09:55 am

Sun has released an update for Java SE 6. This update addresses two vulnerabilities. These vulnerabilities may allow an untrusted application to execute with elevated privileges on an affected system.

US-CERT encourages users to review the Sun Java SE 6 Update 4 release notes and apply the update.

US-CERT will provide more information as it becomes available.

Fraudulent Microsoft Update Web Site

added February 6, 2008 at 01:20 pm | updated February 6, 2008 at 02:21 pm

US-CERT is aware of a fraudulent Microsoft Update web site. This web site contains an "Urgent Install" button that, when clicked, attempts to download and install malicious software on a user's system. The file that attempts to download is not signed by Microsoft and is called "WindowsUpdateAgent30-x86-x64.exe". Of further interest, this web site is using fast flux DNS for its web hosting.

US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks:

Install anti-virus software, and keep its virus signature files up-to-date.
Do not follow unsolicited web links received in email messages.
Verify the web site by manually typing the URL when attempting to connect to web sites recommended in an email.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
Follow the guidance provided in the Recognize and avoid fraudulent e-mail to Microsoft customers document from Microsoft.

Apple Releases Security Update to Address iPhoto Vulnerability

added February 6, 2008 at 09:35 am

Apple has released iPhoto 7.1.2 to address a vulnerability in this product. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.

US-CERT encourages users to review Apple Article 307398 and apply the update as soon as possible.

Yahoo! Music Jukebox ActiveX Buffer Overflow Vulnerabilities

added February 5, 2008 at 11:18 am

US-CERT is aware of publicly available exploit code for vulnerabilities affecting Yahoo! Music Jukebox. These vulnerabilities are caused by buffer overflows in the Yahoo! MediaGrid ActiveX control and the YMP Datagrid ActiveX control. Successful exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code on a vulnerable system.

More information regarding these vulnerabilities can be found in Vulnerability Notes VU#101676 and VU#340860.

US-CERT encourages users to Disable ActiveX controls as described in the Securing Your Web Browser document.

Publicly Available Exploit for Facebook and MySpace Image Uploader Vulnerability

added February 4, 2008 at 10:28 am | updated February 4, 2008 at 11:38 am

US-CERT is aware of publicly available exploit code for an unpatched vulnerability affecting an image uploader used by Facebook and MySpace. This vulnerability is caused by a buffer overflow in Aurigma's ImageUploader ActiveX control. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code on an affected system.

More information regarding this vulnerability can be found in Vulnerability Note VU#776931.

US-CERT encourages users to Disable ActiveX controls as described in the Securing Your Web Browser document.

US-CERT will continue to investigate and provide additional information as it becomes available.

Department of Justice Phishing Campaign

added February 1, 2008 at 03:35 pm

US-CERT has received reports of a phishing campaign that involves targeted email messages claiming to be from the Department of Justice. The emails include messaging that is designed to convince recipients that they are the subject of a business complaint filed through the Department of Justice. Initial reports indicate that as many as 20,000 users, representing a wide range of companies in the US, Canada, and Australia, have been targeted.

The reports also indicate that a Department of Justice template is being used in these attacks. The Department of Justice released a statement on its website indicating that it does not, and would not send that type of information to the public via email. The statement includes an example of the template being used.

To help protect against this type of attack, US-CERT recommends that users never open attachments or click links contained in unsolicited email messages. More information on how to avoid becoming a victim of such an attack can be found in the US-CERT Cyber Security Tips Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Attacks.

Possible Department of Justice Phishing Campaign

added January 31, 2008 at 09:33 pm | updated February 1, 2008 at 08:02 am

US-CERT has received information indicating that a phishing campaign involving targeted malicious email messages may be imminent. The messages may attempt to convince users that they are the subject of a business complaint filed through the Department of Justice, and could include a malicious attachment or a link to a malicious website.

To help protect against this type of attack, US-CERT recommends that users never open attachments or click links contained in unsolicited email messages. More information on how to avoid becoming a victim of such an attack can be found in the US-CERT Cyber Security Tips Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Attacks .

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory