Language:
switch to room list switch to menu My folders
Go to page: First ... 10 11 12 13 [14] 15
[#] Tue Dec 09 2008 18:34:45 EST from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA08-344A -- Microsoft Updates for Multiple Vulnerabilities

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA08-344A


Microsoft Updates for Multiple Vulnerabilities

Original release date: December 09, 2008
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows and related components
* Microsoft Internet Explorer
* Microsoft Word, Excel and related components
* Microsoft Office SharePoint Server
* Microsoft Visual Basic 6


Overview

Microsoft has released updates that address vulnerabilities in
Microsoft Windows, Internet Explorer, Word, Excel, SharePoint
Server, Visual Basic 6 and related components.


I. Description

As part of the Microsoft Security Bulletin Summary for November
2008, Microsoft released updates to address vulnerabilities that
affect Microsoft Windows, Internet Explorer, Word, Excel,
SharePoint Server, Visual Basic 6 and other related components.


II. Impact

A remote, unauthenticated attacker could gain elevated privileges,
execute arbitrary code or cause a vulnerable application to crash.


III. Solution

Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for December 2008. The security
bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any
potentially adverse effects. Administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS). 


IV. References

* Microsoft Security Bulletin Summary for December 2008 -
<http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx>

* Microsoft Update -
<https://www.update.microsoft.com/microsoftupdate/>

* Windows Server Update Services -
<http://www.microsoft.com/windowsserversystem/updateservices/
default.mspx>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA08-344A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-344A Feedback VU#752876" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2008 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

December 09, 2008: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBST7+DXIHljM+H4irAQJNKAf8C8IB6g6MpH+fK+8IrxVnfYkmWr+42Mar
0tCIZ++mz3BumPsqFyRfMoNtCwfetS27A0Ijx7m9f0gCT8ve5uQm7x53W1flUxwj
ZLC4Pp47CK2UCJx4B8VDrbm/LYgZxUelU9sKzRL0EFoR/qUanS6FtJHuX7Wyysbn
1e79m20uSMZCmFs1xrlvsiDmDTelyUjKJ9uAqltVUvutIurJduWi1Dk/5VFflPvE
daEOFg78v9ECJWywFKNXYMSUrsQ3QtewKHC+tRQCQsC9PPBmKr7TEJ/J5aTzO/p6
u8Xyg8NoranbCtMG3tEEvspl5iFsFzHz1hO9vXeUcF4VzHHrJPC7+w==
=3w32
-----END PGP SIGNATURE-----

[#] Mon Dec 15 2008 17:17:45 EST from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA08-350A -- Apple Updates for Multiple Vulnerabilities

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA08-350A


Apple Updates for Multiple Vulnerabilities

Original release date: December 15, 2008
Last revised: --
Source: US-CERT


Systems Affected

* Apple Mac OS X versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard)
* Apple Mac OS X Server versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard)


Overview

Apple has released Security Update 2008-008 and Mac OS X version
10.5.6 to correct multiple vulnerabilities affecting Apple Mac OS X
and Mac OS X Server. Attackers could exploit these vulnerabilities
to execute arbitrary code, gain access to sensitive information, or
cause a denial of service.


I. Description

Apple Security Update 2008-008 and Apple Mac OS X version 10.5.6
address a number of vulnerabilities affecting Apple Mac OS X and
Mac OS X Server versions prior to and including 10.4.11 and 10.5.5.
The update also addresses vulnerabilities in other vendors'
products that ship with Apple Mac OS X or Mac OS X Server.


II. Impact

The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
denial of service, or privilege escalation.


III. Solution

Install Apple Security Update 2008-008 or Apple Mac OS X version
10.5.6. These and other updates are available via Software Update
or via Apple Downloads.


IV. References

* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>

* About the security content of Security Update 2008-008 / Mac OS X
v10.5.6 -
<https://support.apple.com/kb/HT3338>

* Mac OS X: Updating your software -
<https://support.apple.com/kb/HT1338?viewlocale=en_US>

* Apple Downloads - <http://support.apple.com/downloads/>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA08-350A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-350A Feedback VU#901332" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2008 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

December 15, 2008: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSUbT5nIHljM+H4irAQLfMggAvH7VNoR3th5dBLhuq/f43ka1G5cecyAK
g4gucF6+frxTfsVz2FGbawFdD/sAxAb/CnASFIkbuHItPwI526uy8MjXOmi/kYm2
ESZgD8U0OBtb2mqQRfhURz9sF97yVFhvHAZS3VOOCH85d1R6dr4ncxIWMGn2cgon
Cjlll1WTx2BuMZO/AFn2UM7OooV9VVXtMht9D48X7i9bCWoU2W0mFSCHr+bJPE3d
fI8v9+kyCQnjB3R9J+eGxmFClXl9PeMxOvsjPh/bQ8PpmAYMCH1Qp7vaSjjqSlVE
ljRuyK8e6TIirse/RoK0YOwqBWudpgyJZvsV89ft9v55+a0l+2UlJw==
=yvkk
-----END PGP SIGNATURE-----

[#] Wed Dec 17 2008 16:03:27 EST from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA08-352A -- Microsoft Internet Explorer Data Binding Vulnerability

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA08-352A


Microsoft Internet Explorer Data Binding Vulnerability

Original release date: December 17, 2008
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Internet Explorer
* Microsoft Outlook Express
* Other software that uses Internet Explorer components to render documents


Overview

Microsoft Internet Explorer contains an invalid pointer
vulnerability in its data binding code, which can allow a remote,
unauthenticated attacker to execute arbitrary code on a vulnerable
system. Exploit code for this vulnerability is publicly available
and is being actively exploited.


I. Description

Microsoft Internet Explorer contains an invalid pointer
vulnerability in its data binding code. When Internet Explorer
renders a document that performs data binding, it may crash in a
way that is exploitable to run arbitrary code. Any program that
uses Internet Explorer's MSHTML layout engine, such as Outlook
Express, may be at risk. Further details are available in US-CERT
Vulnerability Note VU#493881.


II. Impact

By convincing a user to view a specially crafted document that
performs data binding (e.g., a web page or email message or
attachment), an attacker may be able to execute arbitrary code with
the privileges of the user.


III. Solution

Apply an update

This issue is addressed in Microsoft Security Bulletin MS08-078.
This update provides new versions of mshtml.dll and wmshtml.dll,
depending on the target operating system. More details are
available in Microsoft Knowledge Base Article 960714.

Disable Active Scripting This vulnerability can be mitigated by
disabling Active Scripting in the Internet Zone, as specified in
the Securing Your Web Browser document. Note that this will not
block the vulnerability. IE still may crash when parsing specially
crafted content. Disabling Active Scripting will mitigate a common
method used to achieve code execution with this vulnerability.
Enable DEP in Internet Explorer 7 Enabling DEP in Internet
Explorer 7 on Windows Vista can help mitigate this vulnerability by
making it more difficult to achieve code execution using this
vulnerability.

Additional workarounds

Microsoft Security Bulletin MS08-078 provides additional details
for the above workarounds, as well as other workarounds not listed
here. These workarounds are further explained in the Microsoft SWI
Blog.


IV. References

* Microsoft Security Bulletin MS08-078 -
<https://www.microsoft.com/technet/security/bulletin/ms08-078.mspx>

* MS08-078: Security update for Internet Explorer -
<http://support.microsoft.com/kb/960714>

* Microsoft Security Advisory (961051) -
<http://www.microsoft.com/technet/security/advisory/961051.mspx>

* Update on Internet Explorer 7, DEP and Adobe Software -
<http://blogs.msdn.com/michael_howard/archive/2006/12/12/update-on-internet-explorer-7-dep-and-adobe-software.aspx>

* Data Binding -
<http://msdn.microsoft.com/en-us/library/ms531388(vs.85).aspx>

* MSHTML Reference -
<http://msdn.microsoft.com/en-us/library/aa741317.aspx>

* US-CERT Vulnerability Note VU#493881 -
<http://www.kb.cert.org/vuls/id/493881>

* Securing Your Web Browser -
<https://www.us-cert.gov/reading_room/securing_browser/#Internet_Explorer>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA08-352A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-352A Feedback VU#493881" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2008 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

December 17, 2008: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSUloq3IHljM+H4irAQJ5WggAilfQXBGc2UPVScZTIA81uf0dloPwzgJF
xM5M5r0a5j8Km5g5mHdhzqs4Ni1DY0enftvm6JeagUmOzVPzOGemqXxTeAx/G6ZD
ttW687bsX9OdDJ2cmq6EixRwgVPR6kVnSK5s/MLw8yYWg7RS0lY0Mrc42QUL2GXR
KKBb3redelGZ6Szm5PKOcumYSP9bsQtxOqGZUx+d3l9cDeIDPn3c2aHFSkPP5mGr
LyEEqXw5+ifpx6v1gGyRyFOtFHP2QBSOOrnt05S0KTuoBJQ9QtyC9TEyGVwWjeq8
68BuGiOakwNdsjpFLLjW4W34N3oXnGFKh6jXAi4KW3d9wcIidZj0+w==
=T3zy
-----END PGP SIGNATURE-----

[#] Tue Jan 13 2009 19:19:02 EST from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA09-013A -- Microsoft Updates for Multiple SMB Protocol Vulnerabilities

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-013A


Microsoft Updates for Multiple SMB Protocol Vulnerabilities

Original release date: January 13, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows 2000, XP, and Vista
* Microsoft Windows Server 2000, 2003, and 2008


Overview

Microsoft has released updates that address vulnerabilities in
Microsoft Windows and Windows Server.


I. Description

In their bulletin for January 2009, Microsoft released updates to
address vulnerabilities in the Server Message Block (SMB) Protocol
that affects all supported versions Microsoft Windows.


II. Impact

A remote, unauthenticated attacker could gain elevated privileges,
execute arbitrary code, or cause a denial of service.


III. Solution

Microsoft has provided updates for this vulnerability in the
Microsoft Security Bulletin Summary for January 2009. The security
bulletin describes any known issues related to the
updates. Administrators are encouraged to note these issues and
test for any potentially adverse effects. Administrators should
also consider using an automated update distribution system such as
Windows Server Update Services (WSUS).


IV. References

* Microsoft Security Bulletin Summary for January 2009 -
<http://www.microsoft.com/technet/security/bulletin/ms09-jan.mspx>

* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>



____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-013A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-013A Feedback VU#914388" in the
subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________


Revision History

January 13, 2009: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSW0bDnIHljM+H4irAQLx0Af/b03sL+OgksDzO95k6jApkaMunERyHGu+
e4W4KRZ8e6felHu8bqRlXfiPbJgCXn9JkUPfc+GwhBS0q5QXmLmygLZiSP2KyQFW
u2Px2X60OyDveK3Qhl9vd09tmcw1iQYkoq+II7PcmErDwMww8ya/0d+KCBTiB73j
8kf5Odb3aD10iOqwCjJO8N8mq2T1vjb332qnhHLAZFaWArgyE1E8Dukmz6gVT84l
mSkQYObCoPIdaUsQgNrOh7pz2TjnI0PCzZoBHmV1ItF8W9vXmTQ1tCPDGHnSCe9q
TdjD+UlnowZ4Q8Vnh/XPrUU6IG6CH0lyN2GMBLsgEfnY4DrSmrvLeA==
=lISj
-----END PGP SIGNATURE-----

[#] Thu Jan 15 2009 14:46:35 EST from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA09-015A -- Oracle Updates for Multiple Vulnerabilities

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-015A


Oracle Updates for Multiple Vulnerabilities

Original release date: January 15, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Oracle Database 11g, version 11.1.0.6
* Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3, and
10.2.0.4
* Oracle Database 10g, version 10.1.0.5
* Oracle Database 9i Release 2, versions 9.2.0.8 and 9.2.0.8DV
* Oracle Secure Backup, versions 10.1.0.1, 10.1.0.2, 10.1.0.3,
10.2.0.2, and 10.2.0.3
* Oracle TimesTen In-Memory Database, versions 7.0.5.1.0,
7.0.5.2.0, 7.0.5.3.0, and 7.0.5.4.0
* Oracle Application Server 10g Release 3 (10.1.3), version
10.1.3.3.0
* Oracle Application Server 10g Release 2 (10.1.2), versions
10.1.2.2.0 and 10.1.2.3.0
* Oracle Collaboration Suite 10g, version 10.1.2
* Oracle E-Business Suite Release 12, version 12.0.6
* Oracle E-Business Suite Release 11i, version 11.5.10.2
* Oracle Enterprise Manager Grid Control 10g Release 4, version
10.2.0.4
* PeopleSoft Enterprise HRMS, versions 8.9 and 9.0
* JD Edwards Tools, version 8.97
* Oracle WebLogic Server (formerly BEA WebLogic Server) 10.0
released through MP1, 10.3 GA
* Oracle WebLogic Server (formerly BEA WebLogic Server) 9.0 GA,
9.1 GA, 9.2 released through MP3
* Oracle WebLogic Server (formerly BEA WebLogic Server) 8.1
released through SP6
* Oracle WebLogic Server (formerly BEA WebLogic Server) 7.0
released through SP7
* Oracle WebLogic Portal (formerly BEA WebLogic Portal) 10.0
released through MP1, 10.2 GA, 10.3 GA
* Oracle WebLogic Portal (formerly BEA WebLogic Portal) 9.2
released through MP3
* Oracle WebLogic Portal (formerly BEA WebLogic Portal) 8.1
released through SP6

For more information regarding affected product versions, please
see the Oracle Critical Patch Update - January 2009.


Overview

Oracle products and components are affected by multiple
vulnerabilities. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service.


I. Description

The Oracle Critical Patch Update - January 2009 addresses 41
vulnerabilities in different Oracle products and components. The
document provides information about affected components, access and
authorization required, and the impact from the vulnerabilities on
data confidentiality, integrity, and availability.

Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database.


II. Impact

The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information.


III. Solution

Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update - January 2009. Note that this document only
lists newly corrected issues. Updates to patches for previously
known issues are not listed.


IV. References

* Oracle Critical Patch Update for January 2009 -
<http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html>

* Critical Patch Updates and Security Alerts -
<http://www.oracle.com/technology/deploy/security/alerts.htm>

* Map of Public Vulnerability to Advisory/Alert -
<http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-015A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-015A Feedback VU#897316" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

January 15, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSW+R2HIHljM+H4irAQLnswf/f0DIMhNOZ/sC88dH+pCeSXEDMl7/HZtL
MJEzLABKMeWElPFiA3QY5EVGUEd6CJvdPq9aA2F0f85On+nm6+7SPV2uwc8xl+KM
QEkAOc2jS7fvw7QOXbrUo0kgTg8Z4vyR8km6OpCNOIHopCZ2KDwwSEg31UaOCKW1
JumHsB0unwEKoR3s8/OvWUkKgnWuhz4AtrYFZjzSCxrC+S2sB0gukW+z8RffNRgF
82MijTz62S3I9dcV4ssuBXldBMqeGfY40HxduQjoDBrBdmBuWb5+pEeMd3GblJet
mxgqACcMLIzozfJZczejK4m+K41RZd1nbEK/rpMCsdr9y+a7qFmM9g==
=Wkfo
-----END PGP SIGNATURE-----

[#] Tue Jan 20 2009 23:42:23 EST from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA09-020A -- Microsoft Windows Does Not Disable AutoRun Properly

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-020A


Microsoft Windows Does Not Disable AutoRun Properly

Original release date: January 20, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows


Overview

Disabling AutoRun on Microsoft Windows systems can help prevent the
spread of malicious code. However, Microsoft's guidelines for
disabling AutoRun are not fully effective, which could be
considered a vulnerability.


I. Description

Microsoft Windows includes an AutoRun feature, which can
automatically run code when removable devices are connected to the
computer. AutoRun (and the closely related AutoPlay) can
unexpectedly cause arbitrary code execution in the following
situations:

* A removable device is connected to a computer. This includes, but
is not limited to, inserting a CD or DVD, connecting a USB or
Firewire device, or mapping a network drive. This connection can
result in code execution without any additional user interaction.

* A user clicks the drive icon for a removable device in Windows
Explorer. Rather than exploring the drive's contents, this action
can cause code execution.

* The user selects an option from the AutoPlay dialog that is
displayed when a removable device is connected. Malicious
software, such as W32.Downadup, is using AutoRun to
spread. Disabling AutoRun, as specified in the CERT/CC
Vulnerability Analysis blog, is an effective way of helping to
prevent the spread of malicious code.

The Autorun and NoDriveTypeAutorun registry values are both
ineffective for fully disabling AutoRun capabilities on Microsoft
Windows systems. Setting the Autorun registry value to 0 will not
prevent newly connected devices from automatically running code
specified in the Autorun.inf file. It will, however, disable Media
Change Notification (MCN) messages, which may prevent Windows from
detecting when a CD or DVD is changed. According to Microsoft,
setting the NoDriveTypeAutorun registry value to 0xFF "disables
Autoplay on all types of drives." Even with this value set, Windows
may execute arbitrary code when the user clicks the icon for the
device in Windows Explorer.


II. Impact

By placing an Autorun.inf file on a device, an attacker may be able
to automatically execute arbitrary code when the device is
connected to a Windows system. Code execution may also take place
when the user attempts to browse to the software location with
Windows Explorer.


III. Solution

Disable AutoRun in Microsoft Windows

To effectively disable AutoRun in Microsoft Windows, import the
following registry value:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

To import this value, perform the following steps:

* Copy the text
* Paste the text into Windows Notepad
* Save the file as autorun.reg
* Navigate to the file location
* Double-click the file to import it into the Windows registry

Microsoft Windows can also cache the AutoRun information from
mounted devices in the MountPoints2 registry key. We recommend
restarting Windows after making the registry change so that any
cached mount points are reinitialized in a way that ignores the
Autorun.inf file. Alternatively, the following registry key may be
deleted:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

Once these changes have been made, all of the AutoRun code
execution scenarios described above will be mitigated because
Windows will no longer parse Autorun.inf files to determine which
actions to take. Further details are available in the
CERT/CC Vulnerability Analysis blog. Thanks to Nick Brown and Emin
Atac for providing the workaround.


IV. References

* The Dangers of Windows AutoRun -
<http://www.cert.org/blogs/vuls/2008/04/the_dangers_of_windows_autorun.html>

* US-CERT Vulnerability Note VU#889747 -
<http://www.kb.cert.org/vuls/id/889747>

* Nick Brown's blog: Memory stick worms -
<http://nick.brown.free.fr/blog/2007/10/memory-stick-worms>

* TR08-004 Disabling Autorun -
<http://www.publicsafety.gc.ca/prg/em/ccirc/2008/tr08-004-eng.aspx>

* How to Enable or Disable Automatically Running CD-ROMs -
<http://support.microsoft.com/kb/155217>

* NoDriveTypeAutoRun -
<http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/91525.mspx>

* Autorun.inf Entries -
<http://msdn.microsoft.com/en-us/library/bb776823(VS.85).aspx>

* W32.Downadup -
<http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99>

* MS08-067 Worm, Downadup/Conflicker -
<http://www.f-secure.com/weblog/archives/00001576.html>

* Social Engineering Autoplay and Windows 7 -
<http://www.f-secure.com/weblog/archives/00001586.html>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-020A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-020A Feedback VU#889747" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

January 20, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSXYqQnIHljM+H4irAQL9EAgAwE5XWd+83CTwTl1vAbDW3sNfCaucmj79
VmXJ+GktQorbcp29fktYaQxXZ2A6qBREJ1FfwlM5BT0WftvGppLoQcQO3vbbwEQF
M0VG5xZhTOi8tf4nedBDgDj0ENJBgh6C73G5uZfVatQdFi79TFkf9SVe6xn5BkQm
5kKsly0d/CX/te15zZLd05AJVEVilbZcECUeDVAYDvWcQSkx2OsJFb+WkuWI9Loh
zkB7uOeZFY9bgrC04nr9DPHpaPFd8KCXegsxjqN1nIraaCabfvNamriqyUFHwAhK
sk/DFSjdI6xJ4fXjDQ77wfgLYyTeYQ/b2U/1sqkbOTdCgXqSop5RrA==
=6/cp
-----END PGP SIGNATURE-----

[#] Thu Jan 22 2009 17:47:30 EST from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA09-022A -- Apple QuickTime Updates for Multiple Vulnerabilities

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-022A


Apple QuickTime Updates for Multiple Vulnerabilities

Original release date: January 22, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Apple QuickTime 7.5 for Windows and Mac OS X


Overview

Apple has released QuickTime 7.6 to correct multiple
vulnerabilities affecting QuickTime for Mac OS X and Windows.
Attackers may be able to exploit these vulnerabilities to execute
arbitrary code or cause a denial of service.


I. Description

Apple QuickTime 7.6 addresses a number of vulnerabilities affecting
QuickTime. An attacker could exploit these vulnerabilities by
convincing a user to access a specially crafted media or movie
file. This file could be hosted on a web page or sent via email.


II. Impact

The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution and denial of service.


III. Solution

Upgrade to QuickTime 7.6. This and other updates are available via
Software Update or via Apple Downloads.


IV. References

* About the security content of QuickTime 7.6 -
<http://support.apple.com/kb/HT3403>

* Apple Support Downloads - <http://support.apple.com/downloads/>

* Mac OS X - updating your software -
<http://support.apple.com/kb/HT1338?viewlocale=en_US>

* Securing Your Web Browser -
<https://www.us-cert.gov/reading_room/securing_browser/>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-022A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-022A Feedback VU#703068" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

January 22, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSXj25HIHljM+H4irAQKNIgf+LSBKBzHWdjxmJgYw3vYmAXtwpUxAVThs
Ma4vIB1vSjv8Us83S2XrKIGcKrdPgQgeS7Vji9WRMmlzEv/AYlFJseqq17ufGely
5YosATUh+C0SjY6OAYeJNYMws7fgGcGJagtfQp0gJTRLruknEoB/iqlASBQ7MtNg
7viHKIR8r2BxCNB1A4ir1kzPELIHFF/pmmuaD+E2PnxH1XtYLM9b9t6xbkjie2PG
vEwv7JCGH/RrJtst480ZMIHOghsZ0ONoMkTjZB7o5S0ww3guktGOMB+/QiZI8eFB
KbU6nB6JGscZ8Fb1E4K3yOU9MvpzEfurIvYmyMcAdxFCiq5CSUjOug==
=B5D3
-----END PGP SIGNATURE-----

[#] Tue Feb 10 2009 16:05:02 EST from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA09-041A -- Microsoft Updates for Multiple Vulnerabilities

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-041A


Microsoft Updates for Multiple Vulnerabilities

Original release date: February 10, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Internet Explorer
* Microsoft Office Visio
* Microsoft Exchange and SQL Server


Overview

Microsoft has released updates that address vulnerabilities in
Microsoft Windows and Windows Server.


I. Description

As part of the Microsoft Security Bulletin Summary for February
2009, Microsoft released updates to address vulnerabilities that
affect Microsoft Windows, Internet Explorer, Exchange Server, SQL
Server, Office, and other related components.


II. Impact

A remote, unauthenticated attacker could gain elevated privileges,
execute arbitrary code or cause a vulnerable application to crash.


III. Solution

Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for February 2009. The security
bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any
potentially adverse effects. Administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS).


IV. References

* Microsoft Security Bulletin Summary for February 2009 -
<http://www.microsoft.com/technet/security/bulletin/ms09-feb.mspx>

* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-041A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-041A Feedback VU#139636" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

February 10, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSZHrgXIHljM+H4irAQJd3Qf+PPj7rh6MdXpVtPwNvjuM/nMisAe2tEpj
Y11YLvM6QK80vZy/DRNnS+TIuClTCb73v7gOpZP6CsuV+4dNQLZ7YMXSnZhpNlO/
Rd5OgaMyd0JvdMppuzvgcsa6IZtDlQPFbjsD0nnIcC8uo97OUI88XUw/V3tpwUvn
sc5jmIfsdNEOb/PGNRujW4pp1OPGVcwH85F5Wzv8KgnDeFecPgU1Wr9xofc0Lbhb
5O253AfQ8ImCWaEZ2P2tIh1Q61HgxROmZ18cFa7IEU2dubNg9WyfFTdSLb0VmqVA
h+GP2y5om5dpgtENkH/gT3INOk3JdIRPaj5uflrPsx/mO/8Cpvl5ow==
=uN2s
-----END PGP SIGNATURE-----

[#] Fri Feb 20 2009 16:05:30 EST from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA09-051A -- Adobe Acrobat and Reader Vulnerability

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-051A


Adobe Acrobat and Reader Vulnerability

Original release date: February 20, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Adobe Reader version 9 and earlier
* Adobe Acrobat (Professional, 3D, and Standard) version 9 and earlier


Overview

Adobe has released Security Bulletin APSB09-01, which describes a
vulnerability that affects Adobe Reader and Acrobat. This
vulnerability could allow a remote attacker to execute arbitrary
code.


I. Description

Adobe Security Bulletin APSB09-01 describes a memory-corruption
vulnerability that affects Adobe Reader and Acrobat. Further
details are available in Vulnerability Note VU#905281. An attacker
could exploit these vulnerabilities by convincing a user to load a
specially crafted Adobe Portable Document Format (PDF) file.
Acrobat integrates with popular web browsers, and visiting a
website is usually sufficient to cause Acrobat to load PDF content.


II. Impact

An attacker may be able to execute arbitrary code.


III. Solution

Disable JavaScript in Adobe Reader and Acrobat

Disabling Javascript may prevent some exploits from resulting in
code execution. Acrobat JavaScript can be disabled using the
Preferences menu (Edit -> Preferences -> JavaScript and un-check
Enable Acrobat JavaScript).


Prevent Internet Explorer from automatically opening PDF documents

The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to the safer option of
prompting the user by importing the following as a .REG file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\AcroExch.Document.7]
"EditFlags"=hex:00,00,00,00


Disable the display of PDF documents in the web browser

Preventing PDF documents from opening inside a web browser will
partially mitigate this vulnerability. If this workaround is
applied it may also mitigate future vulnerabilities. To prevent PDF
documents from automatically being opened in a web browser, do the
following:
1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the preferences option.
4. Choose the Internet section.
5. Un-check the "Display PDF in browser" check box.


Do not access PDF documents from untrusted sources

Do not open unfamiliar or unexpected PDF documents, particularly
those hosted on web sites or delivered as email attachments. Please
see Cyber Security Tip ST04-010.


IV. References

* Adobe Security Bulletin apsa09-01 -
<http://www.adobe.com/support/security/advisories/apsa09-01.html>

* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>

* Vulnerability Note VU#905281 -
<http://www.kb.cert.org/vuls/id/905281>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-051A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-051A Feedback VU#905281" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

February 20, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSZ8ayXIHljM+H4irAQIUcAf+M01pEVt0f1ZdRvCQwSYw1efnHu4YGdhI
xT27jeKvaW/h6ghGx0L9YWCSn/A2LY3D+fDU1PZmWi7TT/SMEQ8LvKomyCu026Dv
fD63qIXYj3NoPu11bINKFX4HFQCOYWKuM/58Y8mDQXOg0RLhePfMhMbB/S5/xpNT
J09FupEgMvbD+tjVILP+W8JSY4YtAxUJLHfB7cTTHGtlKZyAsnnmJM3Oi4au10DW
vqZD8JefoMLeV2MTGRyP4HGTaRxVY1+yucXO1KBGnKX7otCRkCWOupEuKw+tIEkT
YsYIlkH5MzftkesSEDpDMIAiIE+uprJRv2HGkc38Rhbs/03JyxxVlA==
=HSro
-----END PGP SIGNATURE-----

[#] Tue Mar 10 2009 16:08:47 EDT from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA09-069A -- Microsoft Updates for Multiple Vulnerabilities

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-069A


Microsoft Updates for Multiple Vulnerabilities

Original release date: March 10, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows
* Windows Server


Overview

Microsoft has released updates that address vulnerabilities in
Microsoft Windows and Windows Server.


I. Description

As part of the Microsoft Security Bulletin Summary for March 2009,
Microsoft released updates to address vulnerabilities that affect
Microsoft Windows and Windows Server.


II. Impact

A remote, unauthenticated attacker could gain elevated privileges,
poison the DNS cache, execute arbitrary code, or cause a vulnerable
application to crash.


III. Solution

Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for March 2009. The security
bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any
potentially adverse effects. Administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS).


IV. References

* Microsoft Security Bulletin Summary for March 2009 -
<http://www.microsoft.com/technet/security/bulletin/ms09-mar.mspx>

* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>

* US-CERT Vulnerability Notes for Microsoft March 2009 updates -
<http://www.kb.cert.org/vuls/byid?searchview&query=ms09-mar>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-069A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-069A Feedback VU#319331" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

March 10, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSbbFV3IHljM+H4irAQL3sQgAh6Z6TXMAYoaf5C6IZu28OjS5SvXWgseT
pGXdeira1h3GsfK509rvholzbi9tMO8m1Xk+nO8ct7/NrKu13T3wudERyqxTN120
XMRVuNOuVsKLNrRYciAw+sl8d6cYQrwmVHDLRP1x8LOxlTl2lEuPwj808Q4TiKbz
zecw7rOAXEHPxwy8sWivuFbIqPVWKMY2Cl5bXN7/M63FHD3wC0arw1q2EoUUrZCD
/GNusyesTps3SNGZc5tHLDLS2pdDbIlI+Yf2BrsUV8nS8z9FqgPjtkdkiOC8ZLYP
gBwLnjcH2TDIf6dW1GzOVX0QKKB6mcoPzks5xtJ0S4f3FSULW2mtqQ==
=ujTi
-----END PGP SIGNATURE-----

[#] Sun Mar 29 2009 21:36:12 EDT from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-088A


Conficker Worm Targets Microsoft Windows Systems

Original release date: March 29, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows


Overview

US-CERT is aware of public reports indicating a widespread
infection of the Conficker worm, which can infect a Microsoft
Windows system from a thumb drive, a network share, or directly
across a network if the host is not patched with MS08-067.


I. Description

The presence of a Conficker infection may be detected if a user is
unable to surf to the following websites:

* http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
* http://www.mcafee.com

If a user is unable to reach either of these websites, a Conficker
infection may be indicated (the most current variant of Conficker
interferes with queries for these sites, preventing a user from
visiting them). If a Conficker infection is suspected, the
infected system should be removed from the network. Major
anti-virus vendors and Microsoft have released several free tools
that can verify the presence of a Conficker infection and remove
the worm. Instructions for manually removing a Conficker infection
from a system have been published by Microsoft in
http://support.microsoft.com/kb/962007.


II. Impact

A remote, unauthenticated attacker could execute arbitrary code on
a vulnerable system.


III. Solution

US-CERT encourages users to prevent a Conficker infection by
ensuring all systems have the MS08-067 patch (part of Security
Update KB958644, which was published by Miscrosoft in October
2008), disabling AutoRun functionality (see
http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and
maintaining up-to-date anti-virus software.


IV. References

* Virus alert about the Win32/Conficker.B worm -
<http://support.microsoft.com/kb/962007>

* Microsoft Security Bulletin MS08-067 - Critical -
<http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>

* Microsoft Windows Does Not Disable AutoRun Properly -
<http://www.us-cert.gov/cas/techalerts/TA09-020A.html>

* MS08-067: Vulnerability in Server service could allow remote code
execution -
<http://support.microsoft.com/kb/958644>

* The Conficker Worm -
<http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm>

* W32/Conficker.worm -
<http://us.mcafee.com/root/campaign.asp?cid=54857>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-088A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-088A Feedback VU#827267" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

March 29, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSdAg4XIHljM+H4irAQJ16Af9G3xHegmJB2Nx9u6J3kl8un/2Tz5J40sr
DW/GTU0rvHtXDg/2Xs3Gv2IHYWqBRWG6HjZ1FbuTWbBqHvlWk0QVrjeeihNeXElP
hp+ZRN6y+tHDCPRz1XT2YLE3zDldLv4v2c9YmsIEVdICiQZYe6Y/ECKNDWXcUzNt
EweRdI6/ZsAnyfZU24TxESH0L2/vQ4Qb3bRReCcVK4SWhno4cewsiiM5eAXs2EOP
VcSH6UnEE2V/841IHcCV9i5NM7aO2VDvh1lolsr/HvpWROThKslLX/FO2nIdA78d
ktvdaddRdHhJAWOkErlT8cj3nGXj0g2H1HQcDK8Nua/gEc2zOfog/Q==
=sk7E
-----END PGP SIGNATURE-----

[#] Mon Mar 30 2009 15:10:34 EDT from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-088A


Conficker Worm Targets Microsoft Windows Systems

Original release date: March 29, 2009
Last revised: March 30, 2009
Source: US-CERT


Systems Affected

* Microsoft Windows


Overview

US-CERT is aware of public reports indicating a widespread
infection of the Conficker/Downadup worm, which can infect a
Microsoft Windows system from a thumb drive, a network share, or
directly across a corporate network, if the network servers are not
patched with the MS08-067 patch from Microsoft.


I. Description

Home users can apply a simple test for the presence of a
Conficker/Downadup infection on their home computers. The presence
of a Conficker/Downadup infection may be detected if a user is
unable to surf to their security solution website or if they are
unable to connect to the websites, by downloading detection/removal
tools available free from those sites:

* http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
* http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
* http://www.mcafee.com

If a user is unable to reach any of these websites, it may indicate
a Conficker/Downadup infection. The most recent variant of
Conficker/Downadup interferes with queries for these sites,
preventing a user from visiting them. If a Conficker/Downadup
infection is suspected, the system or computer should be removed
from the network or unplugged from the Internet - in the case for
home users.


II. Impact

A remote, unauthenticated attacker could execute arbitrary code on
a vulnerable system.


III. Solution

Instructions, support and more information on how to manually
remove a Conficker/Downadup infection from a system have been
published by major security vendors. Please see below for a few of
those sites. Each of these vendors offers free tools that can
verify the presence of a Conficker/Downadup infection and remove
the worm:

Symantec:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99

Microsoft:
http://support.microsoft.com/kb/962007

http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

Microsoft PC Safety hotline at 1-866-PCSAFETY, for assistance.

US-CERT encourages users to prevent a Conficker/Downadup infection by
ensuring all systems have the MS08-067 patch (see
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx),
disabling AutoRun functionality (see
http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and
maintaining up-to-date anti-virus software.


IV. References

* Microsoft Windows Does Not Disable AutoRun Properly -
<http://www.us-cert.gov/cas/techalerts/TA09-020A.html>

* Virus alert about the Win32/Conficker.B worm -
<http://support.microsoft.com/kb/962007>

* Microsoft Security Bulletin MS08-067 - Critical -
<http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>

* MS08-067: Vulnerability in Server service could allow remote code
execution -
<http://support.microsoft.com/kb/958644>

* The Conficker Worm -
<http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm>

* W32/Conficker.worm -
<http://us.mcafee.com/root/campaign.asp?cid=54857>

* W32.Downadup Removal Tool -
<http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-088A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-088A Feedback VU#827267" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

March 29, 2009: Initial release
March 30, 2009: Included additional details

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSdEYX3IHljM+H4irAQIYGQgAiYr6a3OCj8JFRPhDWwwampacVHYxW2o+
fKkXtHu093UYd8tXWv/crvQzMfMPaH/+zwXhO/pEPqyAh+916EvqVpsMnvhOOJzw
1y7y+aCYtxlS+B8/TXbI0GGjzv8HmmlCOoxg4jz9BggR+fnjVC+gqq0Ml16Z539J
2/TRiidVh+QwIUB7KtsPZU0DZgCFkXBoAWEurd2kpqGP8xkK2M3/N6PN2GfftqSg
Apzc80ikWUCXcA2ppbk0V85bRw3NhIiXmN5EBgQr28ZF2WByaSnCE6irTKN0eTX1
E2q21qIdfjd09BVLWgXRa0kXG8eqZBgt6uulf/yfd9S5pPquz4Cyuw==
=zSHY
-----END PGP SIGNATURE-----

[#] Tue Apr 14 2009 15:44:02 EDT from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA09-104A -- Microsoft Updates for Multiple Vulnerabilities

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-104A


Microsoft Updates for Multiple Vulnerabilities

Original release date: April 14, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows
* Microsoft Office
* Microsoft Windows Server
* Microsoft ISA Server


Overview

Microsoft has released updates that address vulnerabilities in
Microsoft Windows, Office, Windows Server, and ISA Server.


I. Description

As part of the Microsoft Security Bulletin Summary for April 2009,
Microsoft released updates to address vulnerabilities that affect
Microsoft Windows, Office, Windows Server, and ISA Server.


II. Impact

A remote, unauthenticated attacker could execute arbitrary code,
gain elevated privileges, or cause a vulnerable application to
crash.


III. Solution

Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for April 2009. The security
bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any
potentially adverse effects. Administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS).


IV. References

* Microsoft Security Bulletin Summary for April 2009 -
<http://www.microsoft.com/technet/security/bulletin/ms09-apr.mspx>

* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-104A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-104A Feedback VU#999892" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

April 14, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSeTi+XIHljM+H4irAQIIWQf/TWAkmQKay9j5fDLBcyMGJ3icTpG05Zp2
rM8UXMjKohKcDBhY1K9mxKxif5L81+y87PlBz/WTl3icn+57wAGMl/pAAeTz3Hp3
T98eKMXfzvVU57WDGGxy+4Ad57DIIF5hRkiGusDjnNJfd5kdH7q+8rPjPCUvtYAu
H+0auzCpmob7NsIv/YuRXIHekkLiX5GPanhecy+mve1cvbSpXGKF9vf7LEGaFEsT
1XOtTeY0r4TjZEk/c5ahKqGehJINujvv4eVdiajqDOCVecaALi+p+XwMSLtlJvgK
Vaa/ioPIFq8nNUz7eefVSadsary2RfmKegDwmg8FZX/UOso+tQ21KQ==
=q59/
-----END PGP SIGNATURE-----

[#] Wed Apr 15 2009 15:42:25 EDT from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA09-105A -- Oracle Updates for Multiple Vulnerabilities

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-105A


Oracle Updates for Multiple Vulnerabilities

Original release date: April 15, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Oracle Database 11g, version 11.1.0.6, 11.1.0.7
* Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4
* Oracle Database 10g, version 10.1.0.5
* Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
* Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0
* Oracle Outside In SDK HTML Export 8.2.2, 8.3.0
* Oracle XML Publisher 5.6.2, 10.1.3.2, 10.1.3.2.1
* Oracle BI Publisher 10.1.3.3.0 10.1.3.3.1, 10.1.3.3.2, 10.1.3.3.3, 10.1.3.4
* Oracle E-Business Suite Release 12, version 12.0.6
* Oracle E-Business Suite Release 11i, version 11.5.10.2
* PeopleSoft Enterprise PeopleTools versions: 8.49
* PeopleSoft Enterprise HRMS versions: 8.9 and 9.0
* Oracle WebLogic Server 10.3
* Oracle WebLogic Server 9.0 GA, 9.1 GA, 9.2 through 9.2 MP3
* Oracle WebLogic Server 8.1 through 8.1 SP6
* Oracle WebLogic Server 7.0 through 7.0 SP7
* Oracle WebLogic Portal 8.1 through 8.1 SP6
* Oracle Data Service Integrator 10.3.0 and Oracle AquaLogic Data Services Platform (formerly BEA ALDSP) 3.2, 3.0.1, 3.0
* Oracle JRockit (formerly BEA JRockit) R27.6.2 and earlier (JDK/JRE 6, 5, 1.4.2)


Overview

Oracle products and components are affected by multiple
vulnerabilities. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service.


I. Description

The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability.

Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database.


II. Impact

The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information.


III. Solution

Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed.


IV. References

* Oracle Critical Patch Update Advisory - April 2009 -
<http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html>

* Critical Patch Updates and Security Alerts -
<http://www.oracle.com/technology/deploy/security/alerts.htm>

* Map of Public Vulnerability to Advisory/Alert -
<http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-105A Feedback VU#955892" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

April 15, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----

[#] Wed May 13 2009 15:23:03 EDT from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA09-133A -- Apple Updates for Multiple Vulnerabilities

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-133A


Apple Updates for Multiple Vulnerabilities

Original release date: May 13, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Apple Mac OS X versions prior to and including 10.4.11 (Tiger) and 10.5.6 (Leopard)
* Apple Mac OS X Server versions prior to and including 10.4.11 (Tiger) and 10.5.6 (Leopard)
* Safari 3 for Windows, Mac OS X 10.4, and Mac OS X 10.5


Overview

Apple has released multiple Security Updates, 2009-002 / Mac OS X
version 10.5.7 and Safari 3.2.3, to correct multiple
vulnerabilities affecting Apple Mac OS X , Mac OS X Server, and the
Safari web browser. Attackers could exploit these vulnerabilities
to execute arbitrary code, gain access to sensitive information, or
cause a denial of service.


I. Description

Apple Security Update 2009-002 / Mac OS X v10.5.7 addresses a
number of vulnerabilities affecting Apple Mac OS X and Mac OS X
Server, the Safari security update addresses vulnerabilities
affecting the Safari web browser (for Windows and OS X). These
updates also address vulnerabilities in other vendors' products
that ship with Apple Mac OS X or Mac OS X Server.


II. Impact

The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
denial of service, or privilege escalation.


III. Solution

Install Apple Security Update 2009-002 / Mac OS X v10.5.7, or
Safari 3.2.3. These and other updates are available via Software
Update or via Apple Downloads.


IV. References

* Apple Security Update 2009-002 -
<http://support.apple.com/kb/HT3549>

* Safari 3.2.3 - <http://support.apple.com/kb/HT3550>

* Apple Downloads - <http://support.apple.com/downloads/>

* Software Update -
<https://support.apple.com/kb/HT1338?viewlocale=en_US>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-133A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-133A Feedback VU#175188" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

May 13, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSgsdiHIHljM+H4irAQIsGAf+IykbS/FD1X/R2ooezndAmZjrcT29XnpV
HO4DiMlKmqW+dUffk4mdJLVR7y8pwUuP4TbjwncoT39SDR9UoEankv7+Dao/qkM/
Jp0flkEpb5qtcIm9VnuWvpCE31OZZgwBwJ7f2WWzbBLqoZ5FIWAhCcW6E5v6mjVy
J+Z4BmHYUIapPLzGzV8+HT6/7LRNpg+mZoldEBUoXXjik8o78v5A7iGyMSXoaBlV
vL8N/3GG9a9xecLqbbv5N6ABsncHA9f/GzBnfJUqVHkUM1xnjqmgd7TZikObw+fJ
xcgWvmYmoRdCMzM3b1jPqWPDGJDbo0oHZM3J3hKE+opsLe9xChM1qA==
=dQ2L
-----END PGP SIGNATURE-----

[#] Wed May 13 2009 16:37:52 EDT from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA09-133B -- Adobe Reader and Acrobat JavaScript Vulnerabilities

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-133B


Adobe Reader and Acrobat JavaScript Vulnerabilities

Original release date: May 13, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Adobe Reader versions 9.1, 8.1.4, 7.1.1 and earlier

* Adobe Acrobat Standard, Pro, and Pro Extended versions 9.1,
8.1.4, 7.1.1 and earlier


Overview

Adobe has released Security Bulletin APSB09-06, which describes
Adobe Reader and Acrobat updates for two JavaScript vulnerabilities
that could allow a remote attacker to execute arbitrary code.


I. Description

Adobe Security Bulletin APSB09-06 announces updates for two
JavaScript vulnerabilities that affect Adobe Reader and Acrobat.

* A vulnerability in the getAnnots() method (CVE-2009-1492)
affects Adobe Reader and Acrobat for Microsoft Windows, Apple
Mac OS X, and UNIX.

* A vulnerability in the customDictionaryOpen() method
(CVE-2009-1493) appears to only affect Adobe Reader for UNIX.

Further details are available in Vulnerability Note VU#970180.

An attacker could exploit these vulnerabilities by convincing a
user to open a specially crafted Adobe Portable Document Format
(PDF) file. Acrobat integrates with popular web browsers, and
visiting a website is usually sufficient to cause Reader or Acrobat
to open a PDF file.


II. Impact

By convincing a victim to open a specially crafted PDF file, a
remote, unauthenticated attacker may be able to execute arbitrary
code.


III. Solution

Update

Adobe has released updates to address this issue. Users are
encouraged to read Adobe Security Bulletin APSB09-06 and update
vulnerable versions of Adobe Reader and Acrobat. According to
APSB09-06, these vulnerabilities are addressed in versions 9.1.1,
8.1.5, and 7.1.2 of Adobe Reader and Acrobat.

Disable JavaScript in Adobe Reader and Acrobat

Disabling JavaScript prevents these vulnerabilities from being
exploited and reduces attack surface. If this workaround is
applied to updated versions of the Adobe Reader and Acrobat, it
may protect against future vulnerabilities.

To disable JavaScript in Adobe Reader:

1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the Preferences... option.
4. Choose the JavaScript section.
5. Uncheck the Enable Acrobat JavaScript check box.

Disabling JavaScript will not resolve the vulnerabilities, it
will only disable the vulnerable JavaScript component. When
JavaScript is disabled, Adobe Reader and Acrobat prompt to
re-enable JavaScript when opening a PDF that contains JavaScript.

Prevent Internet Explorer from automatically opening PDF documents

The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to the safer option of
prompting the user by importing the following as a .REG file:

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\AcroExch.Document.7]"EditFlags"=hex:00,00,00,00

Disable the display of PDF documents in the web browser

Preventing PDF documents from opening inside a web browser
reduces attack surface. If this workaround is applied to updated
versions of the Adobe Reader and Acrobat, it may protect against
future vulnerabilities. To prevent PDF documents from
automatically being opened in a web browser with Adobe Reader:

1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the preferences option.
4. Choose the Internet section.
5. Un-check the "Display PDF in browser" check box.

Rename or remove Annots.api

To disable the vulnerable getAnnots() method, rename or remove
the Annots.api file. This will disable some Annotation
functionality, however annotations can still be viewed. This does
not protect against the customDictionaryOpen() vulnerability. On
Windows, Annots.api is typically located here:

"%ProgramFiles%\Adobe\Reader 9.0\Reader\plug_ins"

Example location on GNU/Linux:

/opt/Adobe/Reader8/Reader/intellinux/plug_ins/Annots.api

Do not access PDF documents from untrusted sources

Do not open unfamiliar or unexpected PDF documents, particularly
those hosted on web sites or delivered as email
attachments. Please see Cyber Security Tip ST04-010.


IV. References

* Vulnerability Note VU#970180 -
<http://www.kb.cert.org/vuls/id/970180>

* Cyber Security Tip ST04-010: Using Caution with Email Attachments -
<http://www.us-cert.gov/cas/tips/ST04-010.html>

* Adobe Security Bulletin APSB09-06 -
<http://www.adobe.com/support/security/bulletins/apsb09-06.html>

* CVE-2009-1492 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1492>

* CVE-2009-1493 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1493>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-133B.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-133B Feedback VU#970180" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

May 13, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSgsuwnIHljM+H4irAQLRAQf+OjeDGX/M6wdh8SkqOru0HB3KsqmzZjOq
BvwX7B3Z/my9FVUmxIz1nQH4MjZqSlxIZdmAVU2YW+jv1oFgyT9ltminL4v6RGM1
oEaQHIEiu+N+dXwWqvtsOrszEN/Q9GMOckxUGkDNran/9OvplZJfh6pFjCxP02Im
2Y07Z0eIBqx5ULoIXHzfvGBe/7k5djxr2F2KaEZFwL3vSmw3Xlz9+/OD2iJC/yT6
sxuiKXX8OCRRiLe0B5pInFgS9o01L8y5AMqfET6QqyIqkFq2KnwV5eKhWqLNAljq
EFOKJHN8IQPTwJi+qbd9uHlRrqf6ekOkfkql49ZXvSbUSdYcnlfMPQ==
=uewj
-----END PGP SIGNATURE-----

[#] Tue Jun 09 2009 16:29:44 EDT from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA09-160A -- Microsoft Updates for Multiple Vulnerabilities

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-160A


Microsoft Updates for Multiple Vulnerabilities

Original release date: June 09, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows
* Microsoft Office
* Microsoft Internet Explorer


Overview

Microsoft has released updates that address vulnerabilities in
Microsoft Windows, Office, and Internet Explorer.


I. Description

As part of the Microsoft Security Bulletin Summary for June 2009,
Microsoft released updates to address vulnerabilities that affect
Microsoft Windows, Office, and Internet Explorer.


II. Impact

A remote, unauthenticated attacker could execute arbitrary code,
gain elevated privileges, or cause a vulnerable application to
crash.


III. Solution

Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for June 2009. The security
bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any
potentially adverse effects. Administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS).


IV. References

* Microsoft Security Bulletin Summary for June 2009 -
<http://www.microsoft.com/technet/security/bulletin/ms09-jun.mspx>

* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>

* US-CERT Vulnerability Notes for Microsoft June 2009 updates -
<http://www.kb.cert.org/vuls/byid?searchview&query=ms09-jun>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-160A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-160A Feedback VU#983731" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

June 09, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSi7EY3IHljM+H4irAQKpUwgAqcYG1SVf4dPt7wevUx9UIKyw/RWG/wCI
+ns9UEmk4Pbdu8Tj+snDsNxxOnvdUGnWzfbuBFrzexr+u3zY0BgvBQ50eaYnYyVn
Iv9yxxxKfdvQEQIiPi/5gWl05k4axYdSjEYLZqNkQIj1VvqJOhCWaHKPsJZykdZq
ZZLd8aFxxM7fj0RrKeorXGiApw45kP9a133EN7NRf8CvYsNKnUTMYVPC2bTaq0Jb
HCjjEOwBWaP6YjqQ1laVslCHzOVpFzQnkl+IKBsoDAu1397KjwobIR340YyW6K4g
ckdod5TwdG77KOcNZHAp+uQMffGOaCfqj/MFk7qEYxN7/0gJXuB8mQ==
=9e4w
-----END PGP SIGNATURE-----

[#] Wed Jun 10 2009 12:01:56 EDT from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA09-161A -- Adobe Acrobat and Reader Vulnerabilities

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-161A


Adobe Acrobat and Reader Vulnerabilities

Original release date: June 10, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Adobe Reader versions 9.1.1 and earlier, 8.1.5 and earlier, and 7.1.2 and earlier
* Adobe Acrobat (Standard, Professional, and 3D) versions 9.1.1 and earlier, 8.1.5 and earlier, and 7.1.2 and earlier


Overview

Adobe has released Security Bulletin APSB09-07, which describes
several buffer overflow vulnerabilities that could allow a remote
attacker to execute arbitrary code.


I. Description

Adobe Security Bulletin APSB09-07 describes several
memory-corruption vulnerabilities that affect Adobe Reader and
Acrobat. Some of these vulnerabilities occur when Adobe Reader and
Acrobat handle files with specially crafted JBIG2 streams. An
attacker could exploit these vulnerabilities by convincing a user
to load a specially crafted Adobe Portable Document Format (PDF)
file. Acrobat integrates with popular web browsers, and visiting a
website is usually sufficient to cause Acrobat to load PDF content.


II. Impact

An attacker may be able to execute arbitrary code.


III. Solution

Update

Adobe has released updates to address this issue. Users are
encouraged to read Adobe Security Bulletin APSB09-07 and update
vulnerable versions of Adobe Reader and Acrobat.

Disable JavaScript in Adobe Reader and Acrobat

Disabling Javascript may prevent some exploits from resulting in
code execution. Acrobat JavaScript can be disabled using the
Preferences menu:

* Open the Edit menu.
* Select Preferences.
* Choose JavaScript.
* Un-check Enable Acrobat JavaScript.
Prevent Internet Explorer from automatically opening PDF documents

The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to the safer option of
prompting the user by importing the following as a .REG file:

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\AcroExch.Document.7] "EditFlags"=hex:00,00,00,00

Disable the display of PDF documents in the web browser

Preventing PDF documents from opening inside a web browser will
partially mitigate this vulnerability. This workaround may also
mitigate future vulnerabilities.

To prevent PDF documents from automatically being opened in a web
browser, do the following:

* Open Adobe Acrobat Reader.
* Open the Edit menu.
* Choose the Preferences option.
* Choose the Internet section.
* Un-check the Display PDF in browser check box.
Do not access PDF documents from untrusted sources

Do not open unfamiliar or unexpected PDF documents, particularly
those hosted on websites or delivered as email attachments. See
Cyber Security Tip ST04-010.

Additional workarounds are available in Vulnerability Note
VU#568153.


IV. References

* Adobe Security Bulletin APSB09-07 -
<http://www.adobe.com/support/security/bulletins/apsb09-07.html>

* Vulnerability Note VU#568153 -
<http://www.kb.cert.org/vuls/id/568153>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-161A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-161A Feedback VU#568153" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

June 10, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSi/XyHIHljM+H4irAQI1UAf/XkvVGoLfOjb04Rzn7CpnYNzPp4E2JA2d
PvPZ8DEVOJqR7aMNRA+VYwBcFOOHYEMnkTB7LmPdhAm6UxwaX+ZZ2v10CWXQ+BXQ
GD5vBUK+wS78nD9jahrtLMlCYa0/uO1UYN9AdUyJE0+F5c/Z9JasBNGCCMR4nqbT
21kzQPyORyy1RuaTb6uBqBYrLqpTOJUe3XQw5Fweqnfd5bQgbOheqFpyRBW6vVmj
T3v+QjNk4jO71j7qq6HeTz7hWdlvzha9f0tIWrBC801Ez9ofS5+q9NHp2cY/NI/x
tNYQDhshjlvB9AFGpAN53Hd2h9ovJ6Iljcx87rGMWODd0ZsYGJY8BA==
=1L9P
-----END PGP SIGNATURE-----

[#] Mon Jul 06 2009 17:13:56 EDT from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA09-187A -- Microsoft Video ActiveX Control Vulnerability

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-187A


Microsoft Video ActiveX Control Vulnerability

Original release date: July 06, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows XP
* Microsoft Windows Server 2003


Overview

An unpatched vulnerability in the Microsoft Video ActiveX control
is being used in attacks.


I. Description

Microsoft has released Security Advisory (972890) to describe
attacks on a vulnerability in the Microsoft Video ActiveX control.
Because no fix is currently available for this vulnerability,
please see the Security Advisory and US-CERT Vulnerability Note
VU#180513 for workarounds.


II. Impact

A remote, unauthenticated attacker could execute arbitrary code
with the privileges of the victim user.


III. Solution

Apply workarounds

Microsoft has provided workarounds for this vulnerability in
Security Advisory (972890). Additional details and workarounds are
provided in US-CERT Vulnerability Note VU#180513.

The most effective workaround for this vulnerability is to set kill
bits for the Microsoft Video ActiveX control, as outlined in the
documents noted above. Other workarounds include disabling
ActiveX, as specified in the Securing Your Web Browser document,
and upgrading to Internet Explorer 7 or later, which can help
mitigate the vulnerability with its ActiveX opt-in feature.


IV. References

* US-CERT Vulnerability Note VU#180513 -
<http://www.kb.cert.org/vuls/id/180513>

* Microsoft Security Advisory (972890) -
<http://www.microsoft.com/technet/security/advisory/972890.mspx>

* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-187A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-187A Feedback VU#180513" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

July 06, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSlJnyXIHljM+H4irAQJuxAgAmY94zTKwprhMdsYJ8/6z5Td2APg0Keyt
wR/ihBM423Lp9NXRNkZQkxk+Fv+whjShJnB6yDBWpDDe9RNlguuAzqGd3L6q7B54
TOjfGcn1b61n6DMrKjx20bJvOOrMT3JHgePXwWjF8iDo8AnHYdv+ARwt2KvyRbxg
Ve4wWRB6tkJtX8cqJwjvYjW2ayo9tjV9sV5+qUSdyhHOvT6jSc/C8JBF4NzE0jx0
R0vfXhfA1QIqz9XjdpdWG7iyAXxa51k92XTHa3ohIQGWDI2qzN8RFHh9xUuCVZWx
UgoRdnc1oKc7lsw6Po9oW4PPQzGVxbzTAqP94eWN0zSTIpw4u75pQA==
=fhVj
-----END PGP SIGNATURE-----

[#] Tue Jul 14 2009 17:35:14 EDT from "US-CERT Technical Alerts" <technical-alerts@us-cert.gov> to technical-alerts@us-cert.gov

Subject: US-CERT Technical Cyber Security Alert TA09-195A -- Microsoft Updates for Multiple Vulnerabilities

[Reply] [ReplyQuoted] [Headers] [Print]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-195A


Microsoft Updates for Multiple Vulnerabilities

Original release date: July 14, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows and Windows Server
* Microsoft DirectShow
* Microsoft Virtual PC and Server
* Microsoft Office Publisher
* Microsoft Internet Security and Acceleration (ISA) Server


Overview

Microsoft has released updates that address vulnerabilities in
Microsoft Windows, Windows Server, DirectShow, Virtual PC and
Server, Office Publisher, and ISA Server.


I. Description

As part of the Microsoft Security Bulletin Summary for July 2009,
Microsoft has released updates that address several vulnerabilities
in Microsoft Windows, Windows Server, DirectShow, Windows Virtual
PC and Server, Office Publisher, and ISA Server. Microsoft
indicates that two of these vulnerabilities, CVE-2009-1537 and
CVE-2008-0015, are being actively exploited.


II. Impact

A remote, unauthenticated attacker could execute arbitrary code,
gain elevated privileges, or cause a vulnerable application to
crash.


III. Solution

Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for July 2009. The security
bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any
potentially adverse effects. Administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS).


IV. References

* Microsoft Security Bulletin Summary for July 2009 -
<http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx>

* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>

* New vulnerability in quartz.dll Quicktime parsing -
<http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx>

* CVE-2009-1537 -
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1537>

* VU#180513 - Microsoft Video ActiveX control stack buffer overflow -
<http://www.kb.cert.org/vuls/id/180513>

* TA09-187A - Microsoft Video ActiveX Control Vulnerability -
<http://www.us-cert.gov/cas/techalerts/TA09-187A.html>

* CVE-2008-0015 -
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0015>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-195A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-195A Feedback VU#631820" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

July 14, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSlz5hHIHljM+H4irAQJAAQf/alOhtn6chnXPtgR7M4oI32H3UWHWj0B3
9GKVVMVcg4gR7g/C14hYk4E42djFDTG2t2I/0MjfkaIfMW0olvrGnzxNOh6b8koB
0Orp/BwoMeNNg5xQzSynH4jvU565HDbmPznedJ5h7GxJOqhpO5V2UiHqpRh/A3BS
bz2Kxs2v87Hek+2+K/Y6VE80cvx3zk55c/J4gD4HsYXvTKpFh/isZ2bV6VvkZZRO
FmJF7N1t9La7xuY1bQB7eIrmKcHBTVV1j/cpWnRPse1cQ1B9R0pB+IykSCxIIw7W
9ZEyPoigjYX1MJUfVj/OkI0pUTDF+6iCEcwvTQu+QnM8BJGpIbyC5A==
=xm9M
-----END PGP SIGNATURE-----

Go to page: First ... 10 11 12 13 [14] 15