July 15, 2008 - Current Activity

Oracle Releases Critical Patch Update for July 2008

Oracle has released their Critical Patch Update for July 2008 to address 45 vulnerabilities across several products. This update contains the following security fixes:

• 11 updates for Oracle Database
• 3 updates for Times Ten In-Memory Database
• 9 updates for Oracle Application Server
• 6 updates for Oracle E-Business Suite and Applications
• 2 updates for Oracle Enterprise Manager
• 7 updates for Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
• 7 updates for BEA Product Suite

Zone Alarm Releases Security Advisory

Zone Alarm has released a Security Advisory indicating that version 7.0.483.0 has been released to address an issue in the way Microsoft Security Bulletin MS08-037 affects Zone Alarm.

US-CERT encourages users to review the Security Advisory and apply the Recommended Actions listed in the document.

Apple Releases Security Updates for iPhone and iPod touch

Apple has released iPhone v2.0 and iPod touch v2.0 to address multiple vulnerabilities. These vulnerabilities affect CFNetwork, Kernel, Safari, and WebKit. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, spoof websites, conduct cross-site scripting attacks or cause a denial-of-service condition.

US-CERT encourages users to review Apple Article HT2351 and apply any necessary updates.

Oracle Critical Patch Update Pre-Release Announcement for July

Oracle has issued a Critical Patch Update Pre-Release Announcement indicating that its July release cycle will contain 45 security fixes for multiple products including Oracle Database, TimesTen In-Memory Database, Application Server, E-Business Suite, Enterprise, PeopleSoft Enterprise and BEA. Release of these updates is scheduled for Tuesday, July 15.

US-CERT will provide additional information as it becomes available.

Sun Releases Updates for Java SE

Sun has released updates for Java SE. These updates address multiple vulnerabilities in Java Runtime Environment (JRE), Java Web Start, Java Management Extensions (JMX), JDK, and Java Runtime Environment Virtual Machine. These vulnerabilities may allow a remote attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information or cause a denial-of-service condition.

US-CERT encourages users to review the following Sun Alerts and apply any necessary updates:

• Sun Alert 238628 - Security Vulnerabilities in the Java Runtime Environment related to the processing of XML Data
• Sun Alert 238666 - A Security Vulnerability with the processing of fonts in the Java Runtime Environment may allow Elevation of Privileges
• Sun Alert 238687 - Security Vulnerabilities in the Java Runtime Environment Scripting Language Support
• Sun Alert 238905 - Multiple Security Vulnerabilities in Java Web Start may allow Privileges to be Elevated
• Sun Alert 238965 - Security Vulnerability in Java Management Extensions (JMX)
• Sun Alert 238966 - Security Vulnerability in JDK/JRE Secure Static Versioning
• Sun Alert 238967 - Security Vulnerability in the Java Runtime Environment Virtual Machine may allow an untrusted Application or Applet to Elevate Privileges
• Sun Alert 238968 - Security Vulnerabilities in the Java Runtime Environment may allow Same Origin Policy to be Bypassed

New Storm Worm Variant Spreading

US-CERT has received reports of new Storm Worm activity. The latest activity uses messages that refer to the conflict in the Middle East. This Trojan is spread via unsolicited email messages that contain a link to a malicious website. The website is noted as having the following malicious characteristics which may be used to infect the user's system with malicious code.

• A video that, when opened, may run the executable file "iran_occupation.exe."
• A banner add that, when clicked, may run the executable file "form.exe."
• A hidden iframe linked to "ind.php."

• 20000 US soldiers in Iran
• Iran USA conflict developed into war
• More than 10000 Iranians were murdered
• Negotiations between USA and Iran ended in War
• Occupation of Iran
• Plans for Iran attack began
• The Iran's Leader Mahmoud Ahmadinejad declared Jihad to USA
• The World War III has already begun
• The begining of The World War III
• The military operation in Iran has begun
• The secret war against Iran
• Third War in Iran
• Third World War has begun
• US Army crossed Iran's borders
• US Army invaded Iran
• US army is about 20 kilometers from Tegeran
• US soldiers occupied Iran
• USA attacked Iran
• USA declares war on Iran
• USA occupeid Iran
• USA unleashed war on Iran
• War between USA&Iran
• War with Iran is the reality now
• Washington prefers to shoot first

• Install anti-virus software, and keep its virus signature files up-to-date.
• Do not follow unsolicited web links received in email messages.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Microsoft Releases Security Advisory for Word Vulnerability

Microsoft has released a Security Advisory to address a vulnerability in Microsoft Word. The advisory indicates that this vulnerability affects Microsoft Office Word 2002 Service Pack 3. By convincing a user to open a specially crafted Word file, a remote attacker may be able to execute arbitrary code or cause a denial-of-service condition. Additionally, the advisory indicates that Microsoft is aware of limited, targeted attacks attempting to exploit this vulnerability.

US-CERT encourages users to review Microsoft Security Advisory 953635 and apply any necessary workarounds to help mitigate the risks.

US-CERT will provide additional information as it becomes available.

DNS Implementations Vulnerable to Cache Poisoning

US-CERT is aware of deficiencies in the DNS protocol. Implementations of this protocol may leave the affected system vulnerable to DNS cache poisoning attacks. If an attacker can successfully conduct a cache poisoning attack, they may be able to cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services. This may allow an attacker to obtain sensitive information or mislead users into believing they are visiting a legitimate website.

US-CERT encourages users to review "VU#800113 - Multiple DNS implementations vulnerable to cache poisoning" and apply any necessary solutions listed in that document to help mitigate the risks.

US-CERT will provide additional information as it becomes available.

Microsoft Releases July Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows and SQL Server as part of the Microsoft Security Bulletin Summary for July 2008. These vulnerabilities may allow an attacker to execute arbitrary code, redirect network traffic to a malicious location, or access the system with elevated privileges.

US-CERT encourages users to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Microsoft Releases Security Advisory For Snapshot Viewer ActiveX Control

Microsoft has released a Security Advisory to address a vulnerability in a Microsoft Access ActiveX control. By convincing a user to visit a specially crafted web page, a remote, unauthenticated attacker may be able to execute arbitrary code. The Advisory also indicates that the vulnerability is being used in active, targeted attacks.

US-CERT encourages users to review Microsoft Security Advisory 955179 and apply the workarounds to help mitigate the risks. Additional information regarding this issue can be found in the Vulnerability Notes Database.