Archive for the ‘Uncategorized’ Category

Original release date: February 14, 2012
Last revised: –
Source: US-CERT

Systems Affected

* Microsoft Windows
* Microsoft Internet Explorer
* Microsoft .NET Framework
* Microsoft Silverlight
* Microsoft Office
* Microsoft Server Software

Overview

There are multiple vulnerabilities in Microsoft Windows, Internet
Explorer, Microsoft .NET Framework, Silverlight, Office, and
Microsoft Server Software. Microsoft has released updates to
address these vulnerabilities.

I. Description

The Microsoft Security Bulletin Summary for February 2012 describes
multiple vulnerabilities in Microsoft Windows. Microsoft has
released updates to address the vulnerabilities.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code,
cause a denial of service, or gain unauthorized access to your
files or system.

III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for February 2012, which
describes any known issues related to the updates. Administrators
are encouraged to note these issues and test for any potentially
adverse effects. In addition, administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS). Home users are encouraged to enable
automatic updates.

IV. References

* Microsoft Security Bulletin Summary for February 2012 -
<https://technet.microsoft.com/en-us/security/bulletin/ms12-feb>

* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>

* Microsoft Update – <https://www.update.microsoft.com/>

* Microsoft Update Overview -
<http://www.microsoft.com/security/updates/mu.aspx>

* Turn Automatic Updating On or Off -
<http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off>

US-CERT is aware of public reports that DigiCert Sdn. Bhd has issued
22 certificates with weak encryption keys. This could allow an attacker to use these certificates to impersonate legitimate site owners. DigiCert Sdn. Bhd has revoked all the weak certificates that they issued. Entrust, the parent Certificate Authority to DigiCert Sdn. Bhd, has released a statement containing more information.

Mozilla has released Firefox 8 and Firefox 3.6.24 to address this issue. Additional information can be found in the Mozilla Security Blog.

Microsoft has provided an update for all supported versions of Microsoft Windows to address this issue. Additional information can be found in Microsoft Security Advisory 2641690.

US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risks. US-CERT will provide additional information as it becomes available.

Relevant Url(s):
<http://blog.mozilla.com/security/2011/11/03/revoking-trust-in-digicert-sdn-bhd-intermediate-certificate-authority/>

<http://technet.microsoft.com/en-us/security/advisory/2641690>

<http://www.entrust.net/advisories/malaysia.htm>

On November 9, 2011 US Federal prosecutors announced Operation Ghost Click, an ongoing investigation that resulted in the arrests of a cyber ring of seven people who allegedly ran a massive online advertising fraud scheme that used malicious software to infect at least 4 million computers in more than 100 countries.

The cyber ring, comprised of individuals from Estonia and Russia, allegedly used the malicious software, or malware, to hijack web searches to generate advertising and sales revenue by diverting users from legitimate websites to websites run by the cyber ring. In some cases, the software, known as DNSChanger, would replace advertising on popular websites with other ads when viewed from an infected computer.
The malware also could have prevented users’ anti-virus software from functioning properly, thus exposing infected machines to unrelated malicious software.

US-CERT encourages users and administrators to use caution when surfing the web and to take the following preventative measures to protect themselves from malware campaigns:
* Refer to the FBI’s announcement of Operation Ghost Click for
additional information on how to protect yourself and recover from
DNSChanger attacks.
* Maintain up-to-date antivirus software.
* Configure your web browser as described in the Securing Your Web
Browser document.
* Do not follow unsolicited web links in email messages.
* Use caution when opening email attachments. Refer to the Using
Caution with Email Attachments Cyber Security Tip for more
information on safely handling email attachments.

RIM has released a security advisory to address a vulnerability in the BlackBerry MDS Connection Service and BlackBerry Messaging Agent for the BlackBerry Enterprise Server.  The vulnerability may allow an attacker to execute arbitrary code or gain unauthorized access to the BlackBerry Enterprise Server.

US-CERT encourages users and administrators to review the BlackBerry security advisory KB27244 and apply any necessary updates to help mitigate the risks.

Relevant Url(s):
<http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27244>

US-CERT is aware of public reports of a phishing attack that specifically targets US government and military officials’ Gmail accounts. The attack arrives via an email sent from a spoofed address of an individual or agency known to the targeted user. The email contains a “view download” link that leads to a fake Gmail login page. The login information is then sent to an attacker. Google has indicated that this phishing campaign has been disrupted and that affected parties have been notified.

US-CERT encourages users and administrators to do the following to help mitigate the risks:
* Review the Google blog entry Ensuring your information is safe
online.
* Do not follow unsolicited web links or attachments in email
messages.
* Use caution when providing personal information online.
* Verify the legitimacy of the email by contacting the organization
directly through a trusted contact method.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on social engineering attacks.
* Refer to the Using Caution with Email Attachments document for
more information on safely handling email attachments.

Microsoft Updates for Multiple Vulnerabilities

Original release date: April 12, 2011
Last revised: –
Source: US-CERT

Systems Affected

* Microsoft Windows
* Microsoft Office
* Microsoft Internet Explorer
* Microsoft Visual Studio

Overview

There are multiple vulnerabilities in Microsoft Windows, Office,
Internet Explorer, and Visual Studio. Microsoft has released
updates to address these vulnerabilities.

I. Description

The Microsoft Security Bulletin Summary for April 2011 describes
multiple vulnerabilities in Microsoft Windows, Office, Internet
Explorer, and Visual Studio. Microsoft has released updates to
address the vulnerabilities.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code,
cause a denial of service, or gain unauthorized access to your
files or system.

III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for April 2011. That bulletin
describes any known issues related to the updates. Administrators
are encouraged to note these issues and test for any potentially
adverse effects. In addition, administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS).

IV. References

* Microsoft Security Bulletin Summary for April 2011 -
<http://www.microsoft.com/technet/security/bulletin/ms11-apr.mspx>

* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>

Research In Motion has released a security notice to alert users of a vulnerability affecting the WebKit browser engine provided in BlackBerry Device Software versions 6.0 and later. By convincing a user to browse to specially crafted website, a remote attacker may be able to execute arbitrary code. Exploitation of this vulnerability may allow an attacker to access user data stored on the media card and the built-in media storage on the affected BlackBerry device.

US-CERT encourages users and administrators to review BlackBerry security notice KB26132 and do the following to help mitigate the
risks:
* Exercise caution when accessing untrusted websites in browsers,
email messages, or instant messages.
* Disable the use of JavaScript in the BlackBerry Browser or Disable
the BlackBerry Browser as suggested in BlackBerry security notice
KB26132.

Additional information regarding this vulnerability can be found in US Department of Energy Cyber Incident Response Capability (DOE-CIRC) technical bulletin T-579. US-CERT will provide additional information as it becomes available.

Relevant Url(s):
<http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB26132#environmentSection>

<http://www.doecirc.energy.gov/bulletins/t-579.shtml>

US-CERT would like to warn users of potential email scams, fake antivirus and phishing attacks regarding the Japan earthquake and the tsunami disasters. Email scams may contain links or attachments which may direct users to phishing or malware-laden websites. Fake antivirus attacks may come in the form of pop-ups which flash security warnings and ask the user for credit card information. Phishing emails and websites requesting donations for bogus for charitable organizations commonly appear after these types of natural disasters.

US-CERT encourages users to take the following measures to protect
themselves:

Do not follow unsolicited web links or attachments in email messages.
Maintain up-to-date antivirus software.
Review the Recognizing Fake Antivirus document for additional information on recognizing fake antivirus.
Refer to the Avoiding Social Engineering and Phishing Attacks document for additional information on social engineering attacks.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for additional information on avoiding email scams.
Review the Federal Trade Commission’s Charity Checklist.
Verify the legitimacy of the email by contacting the organization directly through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.

US-CERT will provide additional information as it becomes available.

Relevant Url(s):
<http://www.us-cert.gov/cas/tips/ST04-014.html>

<https://www.us-cert.gov/cas/tips/ST10-001.html>

<http://www.ftc.gov/bcp/edu/pubs/consumer/telemarketing/tel01.shtm>

<http://www.us-cert.gov/reading_room/emailscams_0905.pdf>

<http://www.bbb.org/charity-reviews/national/>

Original release date: March 08, 2011
Last revised: –
Source: US-CERT

Systems Affected

* Microsoft Windows
* Microsoft Office

Overview

There are multiple vulnerabilities in Microsoft Windows and
Microsoft Office. Microsoft has released updates to address these
vulnerabilities.

Solution

Install updates

The updates to address these vulnerabilities are available on the
Microsoft Update site (requires Internet Explorer). We recommend
enabling Automatic Updates.

Description

The Microsoft Security Bulletin Summary for March 2011 describes
multiple vulnerabilities in Microsoft Windows and Microsoft Office.
Microsoft has released updates to address the vulnerabilities.

References

* Microsoft Security Bulletin Summary for March 2011 -
<https://www.microsoft.com/technet/security/bulletin/ms11-mar.mspx>

* Microsoft Update – <https://www.update.microsoft.com/>

* Microsoft Update Overview -
<http://www.microsoft.com/security/updates/mu.aspx>

* Managing Automatic Updates -
<http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off>

VMware has released an advisory to alert users of an issue affecting VMware on the Microsoft Windows 7 platform. This issue prevents VMware from connecting from the View Client on Windows 7 to the View Connection Server after installing the Microsoft patches 2482017 and
2467023 from Microsoft Security Bulletin MS11-003.

VMware users on the Windows 7 platform should upgrade to VMware View Client build 353760 prior to applying Microsoft patches 2482017 and 2467023. VMware users who have previously applied these Microsoft patches should upgrade to VMware View Client build 353760 to mitigate the issue.

Additional information can be found in the VMware Knowledge Base advisory.

Relevant Url(s):
<http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1034262>

<http://support.microsoft.com/kb/2467023>

<http://support.microsoft.com/kb/2482017>