Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
December 2007
 Right Arrow
Su M Tu W Th F Sa
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    December 14, 2007 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    December 14HP Info Center Software Public Exploit Code
    December 14Apple Releases Security Update to Address Multiple Vulnerabilities in QuickTime
    December 12Microsoft Releases December Security Bulletins
    December 10Active Exploitation Using Malicious Microsoft Access Databases
    December 6Microsoft Releases Advance Notification for December Security Bulletin
    December 5Cisco Releases Security Documents for Vulnerabilities
    December 4Microsoft Releases Security Advisory to Address Web Proxy Auto-Discovery Vulnerability


    HP Info Center Software Public Exploit Code

    added December 12, 2007 at 10:40 am | updated December 14, 2007 at 03:12 pm

    US-CERT is aware of a vulnerability affecting HP Info Center Software, which allows one-touch access to features on HP laptops. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands or to view or alter the system registry on affected systems.

    These reports also refer to publicly available exploit code for this vulnerability.

    HP has published an HP Quick Launch Buttons Critical Security Update  to address this issue.  US-CERT encourages users to apply this update to mitigate this risk.



    Apple Releases Security Update to Address Multiple Vulnerabilities in QuickTime

    added December 14, 2007 at 08:33 am

    Apple has released a Security Update to address multiple vulnerabilities in QuickTime. The impacts of these vulnerabilities include arbitrary code execution and denial of service.

    More information may be found in the Apple Security Update and in Vulnerability Note VU#659761.

    US-CERT encourages users to apply the appropriate updates as soon as possible.



    Microsoft Releases December Security Bulletins

    added December 11, 2007 at 02:07 pm | updated December 12, 2007 at 08:09 am

    Microsoft has released updates to address vulnerabilities in Windows,  DirectX, DirectShow, Windows Media Format Runtime, and Internet Explorer as part of the Microsoft Security Bulletin Summary for December 2007.

    More information about these vulnerabilities can be found in Technical Cyber Security Alert TA07-345A.

    US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine which updates should be applied.


    Active Exploitation Using Malicious Microsoft Access Databases

    added December 10, 2007 at 01:05 pm

    US-CERT is aware of a stack buffer overflow vulnerability in the way that Microsoft Access handles specially crafted database files. Opening a specially crafted Microsoft Access Database (e.g., .MDB) can cause arbitrary code execution without requiring any additional user interaction. Microsoft Access files are considered to be high-risk, so it may be possible to execute arbitrary code without using a vulnerability in Microsoft Access.

    US-CERT is aware of active exploitation using malicious Microsoft Access databases.

    To help protect against this type of attack, US-CERT recommends the following:

    •     Do not open attachments from unsolicited email messages
    •     Block high-risk file attachments at email gateways
    More information can be found in the following:


    Microsoft Releases Advance Notification for December Security Bulletin

    added December 6, 2007 at 01:32 pm

    Microsoft has issued a Security Bulletin Advance Notification indicating that its December release cycle will contain 7 bulletins, three of which have a severity rating of Critical.  The notification further states that the bulletins are for the Windows operating system, various Windows operating system components and Internet Explorer.  The release is scheduled for Tuesday, December 11, 2007.

    US-CERT will provide additional information as it becomes available.


    Cisco Releases Security Documents for Vulnerabilities

    added December 5, 2007 at 02:48 pm

    Cisco has released security documents in reponse to two vulnerabilities.

    Cisco Security Advisory 99837 was released in response to a vulnerability in Cisco Security Agent for Microsoft Windows.  This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

    Cisco Security Response 100240 was released in response to a vulnerability in CiscoWorks Server.  This vulnerability may allow an attacker to inject malicious script into a web pages by enticing a user to follow a specially crafted URL.

    US-CERT encourages users to do the following:

    • Review Cisco Security Advisory 99837
    • Review Cisco Security Response 100240
    • Apply software updates and workarounds provided by Cisco
    • Do not follow unsolicited links
    More information will be provided as it becomes available.


    Microsoft Releases Security Advisory to Address Web Proxy Auto-Discovery Vulnerability

    added December 4, 2007 at 10:10 am

    Microsoft has released Microsoft Security Advisory 945713 in response to a vulnerability in Web Proxy Auto-Discovery (WPAD).  This vulnerability may allow an attacker to conduct a man-in-the-middle attack and gain access to sensitive information.

    US-CERT encourages users to review Microsoft Security Advisory 945713 and apply the workarounds to mitigate risk.

    More information will be provided as it becomes available.