Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
July 2008
 Right Arrow
Su M Tu W Th F Sa
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    July 07, 2008 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    July 7Microsoft Releases Security Advisory For Snapshot Viewer ActiveX Control
    July 3Microsoft Releases Advanced Notification for July Security Bulletin
    July 2Mozilla Releases Firefox 2.0.0.15
    July 1Apple Releases Security Updates
    June 30Microsoft Releases Security Advisory
    June 30Cisco Releases Security Advisory
    June 26Microsoft Internet Explorer 6 Cross-Domain Vulnerability
    June 24Microsoft Releases Security Advisory
    June 24Adobe Releases Security Bulletin
    June 20Critical Vulnerability in Microsoft Bluetooth Stack


    Microsoft Releases Security Advisory For Snapshot Viewer ActiveX Control

    added July 7, 2008 at 01:49 pm

    Microsoft has released a Security Advisory to address a vulnerability in a Microsoft Access ActiveX control. By convincing a user to visit a specially crafted web page, a remote, unauthenticated attacker may be able to execute arbitrary code. The Advisory also indicates that the vulnerability is being used in active, targeted attacks.

    US-CERT encourages users to review Microsoft Security Advisory 955179 and apply the workarounds to help mitigate the risks. Additional information regarding this issue can be found in the Vulnerability Notes Database.


    Microsoft Releases Advanced Notification for July Security Bulletin

    added July 3, 2008 at 02:41 pm

    Microsoft has issued a Security Bulletin Advance Notification indicating that its July release cycle will contain four bulletins which all will have a severity rating of Important. The notification states that these Important bulletins are for Microsoft Windows, Microsoft SQL Server, and Microsoft Exchange Server. Release of these bulletins is scheduled for Tuesday, July 8.

    US-CERT will provide additional information as it becomes available.


    Mozilla Releases Firefox 2.0.0.15

    added July 2, 2008 at 09:42 am

    Mozilla has released Firefox 2.0.0.15. This version addresses multiple vulnerabilities that may allow an attacker to execute arbitrary code, conduct cross-site scripting attacks, upload arbitrary files, or escalate privileges. As described in the Mozilla Foundation Security Advisories, some of these vulnerabilities also affect Thunderbird and SeaMonkey.

    US-CERT encourages users to do the following to help mitigate the risks:


    Apple Releases Security Updates

    added July 1, 2008 at 09:30 am

    Apple has released Mac OS X v10.5.4, Security Update 2008-004, and Safari 3.1.2 for Mac OS X 10.4.11 to address multiple vulnerabilities. These vulnerabilities affect a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, bypass security restrictions, or cause a denial-of-service condition.

    US-CERT encourages users to review Apple Article HT2163 and HT2165 and apply any necessary updates.


    Microsoft Releases Security Advisory

    added June 30, 2008 at 07:26 pm

    Microsoft has released a Security Advisory to address public reports of the Microsoft Windows Server Update Services failing to properly deploy updates within certain environments. Environments that rely on this service for updates may be unable to deploy updates to client systems, some of which may be security related.

    US-CERT encourages users and system administrators to review Microsoft Security Advisory 954960 and apply the workarounds listed in the advisory.

    US-CERT will provide additional information as it becomes available.


    Cisco Releases Security Advisory

    added June 30, 2008 at 10:57 am

    Cisco has released a Security Advisory to address multiple vulnerabilities in the Unified Communications Manager. The first vulnerability is due to improper handling of malformed data in the Computer Telephony Integration Manager service. Exploitation of this vulnerability may allow an attacker to cause a denial-of-service condition. The second vulnerability is due to improper access restrictions in the Real-Time Information Server Data Collector process. This vulnerability may allow an attacker to bypass security restrictions and obtain sensitive information which may be used for further attacks.

    US-CERT encourages users to review Cisco Security Advisory cicso-sa-20080625-cucm and apply any necessary updates or fixes.


    Microsoft Internet Explorer 6 Cross-Domain Vulnerability

    added June 26, 2008 at 11:36 am

    US-CERT is aware of publicly available proof-of-concept code for a new vulnerability in Microsoft Internet Explorer 6. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary script in the context of another domain. This could allow an attacker to take a variety of actions, including stealing cookies, hijacking a web session, or stealing authentication credentials. At this time, Internet Explorer 7 does not appear to be affected by this issue.

    US-CERT  strongly encourages users to upgrade to Microsoft Internet Explorer 7 and follow the best security practices as outlined in the Securing Your Web Browser document to help mitigate the risk. Additional information about this vulnerability can be found in the Vulnerability Notes Database.

    US-CERT will provide additional information as it becomes available.


    Microsoft Releases Security Advisory

    added June 24, 2008 at 06:23 pm

    Microsoft has released a Security Advisory to alert users of a recent increase in SQL injection attacks targeting websites using Microsoft ASP and ASP.NET. These attacks target websites that have inadequate secure coding practices for accessing and manipulating data stored in relational databases. If an attack is successful, an attacker may be able to compromise the website and inject arbitrary content or obtain sensitive data. Any user visiting the compromised site may be unknowingly redirected to a malicious website that could attempt install malicious code onto the system.

    US-CERT encourages website administrators to review Microsoft Security Advisory 954462 and implement any necessary Suggested Actions listed in the advisory. Users are encouraged to implement best security practices as described in the Securing Your Web Browser document to help mitigate the risk.


    Adobe Releases Security Bulletin

    added June 24, 2008 at 09:40 am

    Adobe has released a Security Update for Adobe Reader and Acrobat 8.1.2 to address a vulnerability that may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. The Security Bulletin also indicates there are reports of active exploitation.

    US-CERT encourages users to review Adobe Security Bulletin APSB08-15 and apply any necessary updates.


    Critical Vulnerability in Microsoft Bluetooth Stack

    added June 20, 2008 at 09:20 am

    Microsoft has released an update to a previously released security bulletin affecting the Bluetooth stack in Windows. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. This vulnerability is addressed in Microsoft Security Bulletin MS08-030.

    US-CERT encourages users to review the updated MS08-030 and apply the patches and workarounds to help mitigate the risks.