Network Critical Security Alerts
May 8, 2012 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office and Microsoft Silverlight on 8 May 2012. A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA12-129A.html
April 10, 2012 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft Server Software, Microsoft SQL Server, Microsoft Developer Tools and Microsoft Forefront United Access Gateway on 10 April 2012. A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA12-101A.html
April 10, 2012 - Adobe Updates for Multiple Vulnerabilities
There are multiple vulnerabilities affecting Adobe Reader and Acrobat. These vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF file.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA12-101B.html
February 14, 2012 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in Microsoft Windows Microsoft Windows, Microsoft Internet Explorer, Microsoft .NET Framework, Microsoft Silverlight, Microsoft Office and Microsoft Server Software. A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA12-045A.html
January 10, 2012 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in Microsoft Windows and Microsoft Developer Tools and Software. These vulnerabilities could allow a remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA12-010A.html
December 16, 2011 - Adobe Updates for Multiple Vulnerabilities
There are multiple vulnerabilities affecting Adobe Reader and Acrobat. These vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF file.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA11-350A.html
December 13, 2011 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in Microsoft Windows, Office,
and Internet Explorer. A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA11-347A.html
November 8, 2011 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in Microsoft Windows. A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA11-312A.html
October 13, 2011 - Apple Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in Mac OS X 10.6.8, 10.7, and 10.7.1 and Mac OS X Server 10.6.8, 10.7, and 10.7.1. A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA11-286A.html
http://support.apple.com/kb/HT5002
October 11, 2011 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in Microsoft Windows, .NET Framework, Silverlight, Internet Explorer, Forefront Unified Access Gateway, and Host Integration Server. A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA11-284A.html
September 13, 2011 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in Microsoft Windows, Microsoft Server Software, and Microsoft Office. Microsoft has released updates to address these vulnerabilities. A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA11-256A.html
August 10, 2011 - Adobe Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in Adobe Shockwave Player, Flash Media Server, Flash Player, Photoshop CS5, and RoboHelp. Adobe has released updates to address these vulnerabilities. An attacker may use these vulnerabilities to run malicious code or cause a denial of service on an affected system. Adobe has released updates to address these vulnerabilities.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA11-222A.html
August 9, 2011 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET Framework, and Microsoft Developer Tools on 9 August 2011. A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA11-221A.html
July 13, 2011 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in Microsoft Windows and Office. A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. Microsoft has released updates to address these vulnerabilities.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA11-193A.html
June 14, 2011 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in Microsoft Windows, Office, Internet Explorer, ISA, Visual Studio, and .NET Framework. A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. Microsoft has released updates to address these vulnerabilities.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA11-165A.html
May 10, 2011 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in in Microsoft Windows, Microsoft Office. A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. Microsoft has released updates to address these vulnerabilities.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA11-130A.html
April 12, 2011 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in in Microsoft Windows, Microsoft Office, Internet Explorer and Visual Studio. Microsoft has released updates to address these vulnerabilities. A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
March 08, 2011 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in in Microsoft Windows, Microsoft Office. Microsoft has released updates to address these vulnerabilities. A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA11-067A.html
February 08, 2011 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in Microsoft Windows, Microsoft Office and Internet Explorer. Microsoft has released updates to address these vulnerabilities. A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA11-039A.html
January 11, 2011 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in Microsoft Data Access Components and Windows Backup Manager. Microsoft has released updates to address these vulnerabilities.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA11-011A.html
December 14, 2010 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, Office, Sharepoint, and Exchange. Microsoft has released updates to address these vulnerabilities.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-348A.html
November 9, 2010 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in Microsoft Office and Microsoft Forefront United Access Gateway. A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable system or application to crash.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-313A.html
October 13, 2010 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in Microsoft Windows, Microsoft Office, and Internet Explorer. Microsoft has released updates to address these vulnerabilities. A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable system or application to crash.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-285A.html
October 6, 2010 - Adobe Reader and Acrobat Affected by Multiple Vulnerabilities
Adobe has released Security Bulletin, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat. These vulnerabilities affect Reader and Acrobat 9.3.4, earlier 9.x versions, 8.2.4, and earlier 8.x versions.
An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in, which can automatically open PDF documents hosted on a website, is available for multiple web browsers and operating systems.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-279A.html
September 20, 2010 - Adobe Flash Vulnerabilities
According to Adobe Security Bulletin APSB10-22 there are vulnerabilities in Adobe Flash. These vulnerabilities affect Flash Player, Reader, and possibly other products that support Flash. A remote attacker could exploit these vulnerabilities to execute arbitrary code.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-263A.html
September 14, 2010 - Microsoft Updates for Multiple Vulnerabilities
There are multiple vulnerabilities in Microsoft Windows and Microsoft Office. Microsoft has released updates to address these vulnerabilities. A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable system or application to crash.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-257A.html
August 26, 2010 - Microsoft Windows Insecurely Loads Dynamic Libraries
Any application running on the Microsoft Windows platform that uses dynamically linked libraries (DLLs) may be affected. Whether or not an application is vulnerable depends on how it specifically loads a DLL. Please see the Vendor Information section of Vulnerability Note VU#707943 for information about specific vendors.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-238A.html
August 19, 2010 - Adobe Reader and Acrobat Vulnerabilities
Adobe Security Bulletin APSB10-17 describes a number of vulnerabilities affecting Adobe Reader and Acrobat. These vulnerabilities affect Reader and Acrobat 9.3.3, earlier 9.x versions, 8.2.3, and earlier 8.x versions.
An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in, which can automatically open PDF documents hosted on a website, is available for multiple web browsers and operating systems.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-231A.html
August 11, 2010 - Adobe Flash and AIR Vulnerabilities
According to Adobe Security Bulletin, there are vulnerabilities in Adobe Flash and AIR. These vulnerabilities may also affect other products that independently support Flash, such as Adobe Reader, Acrobat, Photoshop, Photoshop Lightroom, Freehand MX, and Fireworks.
An attacker could exploit these vulnerabilities by convincing a user to open specially crafted Flash content. Flash content is commonly hosted on a web page, but it can also be embedded in a PDF and other documents or provided as a stand-alone file.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-223A.html
August 10, 2010 - Microsoft Updates for Multiple Vulnerabilities
The Microsoft Security Bulletin Summary for August 2010 describes multiple vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, Microsoft .NET framework, and Microsoft Silverlight. Microsoft has released updates to address the vulnerabilities. A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable system or application to crash.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
July 13, 2010 - Microsoft Updates for Vulnerabilities
Microsoft has released 4 Security Bulletins (Severity: 3 are critical; 1 is important) that address vulnerabilities in Microsoft Windows and Microsoft Office. A remote, unauthenticated attacker could execute arbitrary code or cause, or cause a vulnerable application to crash.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-194A.html
June 11, 2010 - Adobe Flash and AIR Vulnerabilities
There are vulnerabilities in Adobe Flash and AIR. These vulnerabilities affect Flash Player, AIR, and possibly other products that support Flash. A remote attacker could exploit these vulnerabilities to execute arbitrary code.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-162A.html
June 8, 2010 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Office, Microsoft SharePoint Services, and Microsoft .NET Framework.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-159B.html
June 8, 2010 - Adobe Flash, Reader, and Acrobat Vulnerability
According to Adobe, there is a vulnerability in Adobe Flash. This vulnerability affects Flash Player, Reader, Acrobat, and possibly other products that support Flash. A remote attacker could exploit this vulnerability to execute arbitrary code.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-159A.html
May 11, 2010 - Microsoft Updates for Vulnerabilities
Microsoft has released two Security Bulletin that address vulnerability in Microsoft Outlook Express, Microsoft Windows Mail, Microsoft Windows Live Mail, Microsoft Office, and Microsoft Visual Basic for Applications. A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-131A.html
April 13, 2010 - Microsoft Updates for Vulnerabilities
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Exchange.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-103A.html
April 13, 2010 - Adobe Reader and Acrobat Vulnerabilities
Adobe has released Security Bulletin APSB10-09, which describes a number of vulnerabilities affecting Adobe Reader and Acrobat. These vulnerabilities affect Reader and Acrobat 9.3.1 and earlier 9.x versions, and 8.2.1 and earlier versions.
An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in is available for multiple web browsers and operating systems, which can automatically open PDF documents hosted on a website.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-103C.html
March 30, 2010 - Microsoft Updates for Vulnerabilities
Microsoft has released one Security Bulletin that address vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-089A.html
March 9, 2010 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office. A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-068A.html
February 24, 2010 - Malicious Activity Associated with "Aurora" Internet Explorer Exploit
Malicious activity detected in mid-December targeted at least 20
organizations representing multiple industries including chemical,
finance, information technology, and media. Investigation into this
activity revealed that third parties routinely accessed the personal
email accounts of dozens of users based in the United States, China,
and Europe.
Further analysis revealed these users were victims of previous
phishing scams through which threat actors successfully gained
access to their email accounts.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-055A.html
February 9, 2010 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Windows Server, Internet Explorer, and Microsoft Office.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-040A.html
January 21, 2010 - Microsoft Internet Explorer Vulnerabilities
Microsoft has released out-of-band updates to address critical vulnerabilities in Internet Explorer.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-021A.html
January 13, 2010 - Adobe Reader and Acrobat Vulnerabilities
Adobe Security Advisory APSB10-02 describes a number of vulnerabilities affecting Adobe Reader and Acrobat. These vulnerabilities affect Reader 9.2 and earlier 9.x versions and 8.1.7 and earlier 8.x versions. Further details are available in the US-CERT Vulnerability Notes Database.
An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in is available for multiple web browsers and operating systems, which can automatically open PDF documents hosted on a website.
Some of these vulnerabilities are being actively exploited.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-013A.html
January 12, 2010 - Microsoft Updates and Adobe Flash Player 6 Vulnerabilities
Microsoft has released a Security Bulletin that addresses vulnerability in Microsoft Windows and Internet Explorer. Microsoft has also published an Advisory about multiple vulnerabilities in Adobe (Macromedia) Flash Player 6 that is included with Windows XP.
A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA10-012B.html
December 09, 2009 - Adobe Flash Vulnerabilities Affect Flash Player and Adobe AIR
Adobe Security Bulletin describes vulnerabilities affecting Adobe Flash Player and Adobe AIR. Flash Player version 10.0.32.18 and earlier versions as well as Adobe AIR versions 1.5.2 and earlier are affected.
An attacker could exploit this vulnerability by convincing a user to visit a website that hosts a specially crafted SWF file. The Adobe Flash browser plugin is available for multiple web browsers and operating systems, any of which could be affected.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA09-343A.html
December 08, 2009 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released 6 Security Bulletins that address several vulnerabilities in Microsoft Windows, Windows Server, Internet Explorer and Microsoft Office. A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA09-342A.html
November 10, 2009 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released 6 Security Bulletins that address several vulnerabilities in Microsoft Windows and Windows Server, Office Word and Excel. A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA09-314A.html
October 13, 2009 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released 13 Security Bulletins that address several vulnerabilities in Microsoft Windows and Windows Server, Internet Explorer, Office, .NET Framework, Silverlight, SQL Server, Developer Tools and Forefront. A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA09-286A.html
October 13, 2009 - Adobe Acrobat and Reader Vulnerabilities
Adobe has released Security bulletin APSB09-15, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat. These vulnerabilities allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA09-286B.html
September 9, 2009 - Multiple Vulnerabilities in Firefox
Multiple vulnerabilities are found in Firefox. These vulnerabilities may be exploited to spoof the URL in location bar, run JavaScript in elevated privileges, corrupt memory, install malicious PKCS11 module or maniplulate XUL tree element. There are a multitude of attack vectors, one of the probable ways is to entice a user to open a URL with malicious content.
Mozilla has released new versions of Firefox to address these vulnerabilities
- Firefox 3.0.14:
http://www.mozilla.com/en-US/firefox/all-older.html
- Firefox 3.5.3:
http://www.mozilla.com/en-US/firefox/all.html
For details, please refer to:
http://www.mozilla.org/security/announce/
September 8, 2009 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates to address vulnerabilities in Microsoft Windows and Windows Server. A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA09-251A.html
August 11, 2009 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Windows Server, Office Web Components and RemoteDesktop Connection for Mac. An attacker may be able to execute arbitrary code, in some cases without user interaction.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA09-223A.html
August 9, 2009 - Apple Updates for Multiple Vulnerabilities
Apple has released Mac OS X v10.5.8 / Security Update to correct multiple vulnerabilities affecting components of Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
August 3, 2009 - Multiple Vulnerabilities in Firefox
Multiple vulnerabilities are found in Firefox. These vulnerabilities may be exploited to spoof the URL in location bar, cause memory corruption or execute arbitrary code. There are a multitude of attack vectors, one of the probable ways is to entice a user to open an URL with malicious content. Depending on the vulnerability exploited, a successful attack could lead to a number of conditions ranging from memory corruption to arbitrary code
execution. Affected Systems include Firefox 3 prior to 3.0.13 and Firefox 3.5 prior to 3.5.
Mozilla has released new versions of Firefox to address these vulnerabilities. They can be downloaded at the following URL:
- Firefox 3.0.13:
http://www.mozilla.com/en-US/firefox/all-older.html
- Firefox 3.5.2:
http://www.mozilla.com/en-US/firefox/all.html
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
For details, please refer to:
http://www.mozilla.org/security/announce/
July 28, 2009 - Microsoft Windows, Internet Explorer, and Active Template Library (ATL) Vulnerabilities
Microsoft has released out-of-band updates to address critical vulnerabilities in Microsoft Internet Explorer running on most supported versions of Windows. The updates also help mitigate attacks against ActiveX controls developed with vulnerable versions of the Microsoft Active Template Library (ATL).
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA09-209A.html
July 23, 2009 - Adobe Flash Vulnerability Affects Flash Player and Other Adobe Products
Adobe has released Security advisory, which describes a vulnerability affecting Adobe Flash. Other Adobe applications that include the Flash runtime, such as Adobe Reader 9, are also affected. This vulnerability allows a remote attacker to execute arbitrary code as the result of a user viewing a web page or opening a PDF document.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA09-204A.html
July 14, 2009 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates that address several Vulnerabilities in Microsoft Windows, Windows Server, Direct Show, Windows Virtual PC and Server, Office Publisher and ISA Server. A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA09-195A.html
http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx
July 6, 2009 - Microsoft Video ActiveX Control Vulnerability
An unpatched vulnerability in the Microsoft Video ActiveX control that could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the victim user.
http://www.us-cert.gov/cas/techalerts/TA09-187A.html
June 10, 2009 - Adobe Acrobat and Reader Vulnerabilities
Adobe has released Security Bulletin, which describes several buffer overflow vulnerabilities that could allow a remote attacker to execute arbitrary code.
http://www.us-cert.gov/cas/techalerts/TA09-161A.html
June 9, 2009 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates that address vulnerabilities in Microsoft Windows, Office, and Internet Explorer. A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash.
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
May 13, 2009 - Apple Updates for Multiple Vulnerabilities
Apple has released multiple Security Updates to correct multiple vulnerabilities affecting Apple Mac OS X , Mac OS X Server, and the Safari web browser. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service.
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
May 13, 2009 - Adobe Reader and Acrobat JavaScript Vulnerabilities
Adobe has released Security Bulletin, which describes Adobe Reader and Acrobat updates for two JavaScript vulnerabilities that could allow a remote attacker to execute arbitrary code.
http://www.us-cert.gov/cas/techalerts/TA09-133B.html
May 12, 2009 - Microsoft PowerPoint Multiple Vulnerabilities
Microsoft released updates to address vulnerabilities that affect Microsoft PowerPoint. By convincing a user to open a specially crafted PowerPoint file, a remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause PowerPoint to crash.
http://www.us-cert.gov/cas/techalerts/TA09-132A.html
April 14, 2009 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates that address vulnerabilities in Microsoft Windows, Office, Windows Server, and ISA Server. A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA09-104A.html
March 30, 2009 - Conficker/Downadup Worm Targets Microsoft Windows Systems
There is a widespread infection of the Conficker worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a network if the host is not patched with MS08-067 (part of Security Update KB958644, which was published by Miscrosoft in October 2008). Exploitation of these vulnerabilities
could execute arbitrary code on a vulnerable system.
The presence of a Conficker/Downadup infection may be detected if a user is unable to surf to their security solution website or if they are unable to connect to the websites, by downloading detection/removal tools available free from those sites:
* http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
* http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
* http://www.mcafee.com
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA09-088A.html
March 18, 2009 - Adobe Updates for Multiple Vulnerabilities
Critical vulnerabilities have been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Reader and Acrobat 9 update to Adobe Reader 9.1 and Acrobat 9.1. Adobe recommends users of Acrobat 8 update to Acrobat 8.1.4, and users of Acrobat 7 update to Acrobat 7.1.1. For Adobe Reader users who can’t update to Adobe Reader 9.1, Adobe has provided the Adobe Reader 8.1.4 and Adobe Reader 7.1.1 updates.
Users who have previously updated to Adobe Reader 9.1 and Acrobat 9.1 for Windows and Macintosh need not take any action. Adobe now plans to make available Adobe Reader 9.1 and Adobe Reader 8.1.4 for Unix by March 24.
For details, please refer to:
http://www.adobe.com/support/security/bulletins/apsb09-04.html
March 10, 2009 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates that address vulnerabilities in Microsoft Windows and Windows Server. A remote, unauthenticated attacker could gain elevated privileges, poison the DNS cache, execute arbitrary code, or cause a vulnerable application to crash.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA09-069A.html
February 23, 2009 - Adobe Acrobat and Reader Vulnerability
Adobe has released Security Bulletin which describes a vulnerability that affects Adobe Reader and Acrobat. This vulnerability could allow a remote attacker to execute arbitrary code.
System affected:
- Adobe Reader version 9 and earlier
- Adobe Acrobat (Professional, 3D, and Standard) version 9 and earlier
Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates of older versions of Adobe Reader and Acrobat will follow soon after this.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA09-051A.html
http://www.adobe.com/support/security/advisories/apsa09-01.html
February 10, 2009 - Microsoft Updates for Multiple Vulnerabilities
Microsoft released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, Exchange Server, SQL Server, Office, and other related components. A remote, unauthenticated attacker could gain elevated privileges, execute arbitrary code or cause a vulnerable application to crash.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA09-041A.html
January 22, 2009 - Apple QuickTime Updates for Multiple Vulnerabilities
Apple has released QuickTime 7.6 to correct multiple vulnerabilities affecting QuickTime for Mac OS X and Windows. Attackers may be able to exploit these vulnerabilities to execute arbitrary code or cause a denial of service.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA09-022A.html
January 20, 2009 - Microsoft Windows Does Not Disable AutoRun Properly
Microsoft Windows includes an AutoRun feature, which can automatically run code when removable devices are connected to the computer. AutoRun (and the closely related AutoPlay) can unexpectedly cause arbitrary code. execution.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA09-020A.html
January 13, 2009 - Microsoft Updates for Multiple SMB Protocol Vulnerabilities
Microsoft released updates to address vulnerabilities in the Server Message Block (SMB) Protocol that affects all supported versions Microsoft Windows. A remote, unauthenticated attacker could exploit these vulnerabilities to gain elevated privileges, execute arbitrary code, or cause a denial of service. Systems affected:
- Microsoft Windows 2000, XP, and Vista
- Microsoft Windows Server 2000, 2003, and 2008
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA09-013A.html
December 17, 2008 - Microsoft Internet Explorer Data Binding Vulnerability
Microsoft Internet Explorer contains an invalid pointer vulnerability in its data binding code, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Exploit code for this vulnerability is publicly available and is being actively exploited.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-352A.html
http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx
December 15, 2008 - Apple Updates for Multiple Vulnerabilities
Apple has released Security Update 2008-008 and Mac OS X version 10.5.6 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-350A.html
December 9, 2008 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates that address vulnerabilities in Microsoft Windows, Internet Explorer, Word, Excel, SharePoint Server, Visual Basic 6 and related components. A remote, unauthenticated attacker could gain elevated privileges, execute arbitrary code or cause a vulnerable application to crash.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-344A.html
December 5, 2008 - Sun Java Updates for Multiple Vulnerabilities
Sun has released alerts to address multiple vulnerabilities affecting the Sun Java Runtime Environment. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-340A.html
November 11, 2008 - Microsoft Updates for Multiple Vulnerabilities
Microsoft released updates to address vulnerabilities that affect Microsoft Windows, Microsoft Office, and Microsoft XML Core Services. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-316A.html
November 4, 2008 - Adobe Reader and Acrobat Vulnerabilities
Adobe has released Security Bulletin APSB08-19 to address multiple vulnerabilities affecting Adobe Reader and Acrobat. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-309A.html
October 23, 2008 - Microsoft Updates for Security Vulnerabilities
Microsoft has released one Security Bulletins (Severity: Windows 2000, XP and Server 2003 rated critical and Vista and Server 2008 rated important) that address vulnerabilities in Server service. This vulnerabilities could allow a remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, XP and Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. This vulnerability could be used in the crafting of a wormable exploit.
For details, please refer to:
http://www.kb.cert.org/vuls/id/827267
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx
October 14, 2008 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, and Microsoft Office. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
September 18, 2008 - Apple Updates for Multiple Vulnerabilities
Apple has released Security Update 2008-006 and Mac OS X version 10.5.5 to
correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X
Server. Attackers could exploit these vulnerabilities to execute arbitrary
code, gain access to sensitive information, or cause a denial of service.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-260A.html
September 9, 2008 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Office, and Windows Media Encoder. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-253A.html
August 12, 2008 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Office, Internet Explorer, and other related components. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-225A.html
July 8, 2008 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Windows Server, Microsoft SQL Server, and Microsoft Outlook Web Access. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-190A.html
July 7, 2008 - Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access
Microsoft is investigating active, targeted attacks leveraging a potential vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
For details, please refer to:
http://www.kb.cert.org/vuls/id/837785
http://www.microsoft.com/technet/security/advisory/955179.mspx
June 10, 2008 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Windows Server, and Internet Explorer. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-162B.html
June 10, 2008 - Apple Quicktime Updates for Multiple Vulnerabilities
Apple QuickTime prior to version 7.5 has multiple image and media file handling vulnerabilities. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file that could be hosted on a web page. Apple QuickTime 7.5 addresses these vulnerabilities.
Note that Apple iTunes for Windows installs QuickTime, so any system with iTunes may be vulnerable.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-162C.html
May 29, 2008 - Apple Updates for Multiple Vulnerabilities
Apple has released Security Update and OS X version 10.5.3 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
May 28, 2008 - Exploitation of Adobe Flash Vulnerability
A vulnerability that affects Adobe Flash Player 9 is being actively exploited to install malicious software.
Systems affected: Microsoft Windows, Apple Mac OS X, and other operating systems that use Adobe Flash Player are affected.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-149A.html
May 13, 2008 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Office, Jet Database Engine, Windows Live OneCare, Antigen, Windows Defender, and Forefront Security. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-134A.html
April 24, 2008 - Intel Centrino 2200BG Wireless Driver vulnerability
The Intel Centrino 2200BG is a wireless network
card used in some notebook computers.
Its driver for Microsoft Windows can get your computer infected
if it is in range of an attacker even if it is not connected.
For details, please refer to:
http://www.sans.org/newsletters/risk/display.php?v=7&i=17#widely1
If your notebook computer has Intel Centrino Wireless 2200BG
Network Card installed and is using Microsoft
Windows,
your system could be affected.
Recommendation:
-
Note that if you have purchased any of the following notebook computer models
through the HKU Notebook Computer Programme which use the
Intel Centrino 2200BG Wirelss Driver, they could be affected:
HKU Notebook Computer Programme 2005:
- IBM ThinkPad X32
- IBM ThinkPad X41
- IBM ThinkPad X41 Tablet
- IBM ThinkPad R52
- IBM ThinkPad T43
HKU Notebook Computer Programme 2006:
- You can download the up-to-date driver
from the following Intel web site to fix the
vulnerability:
http://support.intel.com/support/wireless/wlan/sb/cs-010623.htm
- You can also check whether your network card uses
Intel Centrino 2200BG Wirelss Driver at the above web site.
April 8, 2008 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer and Office. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-099A.html
April 3, 2008 -
QuickTime Updates for Multiple Vulnerabilities - for Apple OS & Microsoft Windows
Apple QuickTime contains multiple vulnerabilities as described in the Apple Knowledgebase article HT1241. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Note that Apple iTunes installs QuickTime, so any system with iTunes may be
vulnerable.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-094A.html
March 19, 2008 - Apple Updates for Multiple Vulnerabilities
Apple has released the Apple Security Update 2008-002 and Apple Safari 3.1 to correct multiple vulnerabilities affecting Apple Mac OS X, Mac OS X Server, and Apple Safari. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, execute cross-site scripting attacks or cause a denial of service.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-079A.html
March 11, 2008 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates to address vulnerabilities that affect Microsoft Office, Outlook, Excel, Excel Viewer, Office for Mac, and Office Web Components. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-071A.html
February 12, 2008 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Office, Visual Basic and Internet Information Services (IIS). Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code, gain elevated privileges, or crash a vulnerable system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-043C.html
February 12, 2008 - Apple Updates for Multiple Vulnerabilities
Apple has released Security Update 2008-001 and OS X version 10.5.2 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-043B.html
February 12, 2008 - Adobe Reader and Acrobat Vulnerabilities
Adobe has released Security advisory APSA08-01 to address multiple vulnerabilities affecting Adobe Reader and Acrobat. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-043A.html
January 16, 2008 - Apple QuickTime Updates for Multiple Vulnerabilities
Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. .
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-016A.html
January 8, 2008 - Microsoft Windows Updates for Multiple Vulnerabilities
Microsoft has released 3 Security Bulletins (Severity: 1 update is critical; 1 update is important) that address critical vulnerabilities in Microsoft Windows. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary commands.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA08-008A.html
http://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx
December 27, 2007 - Adobe Updates for Multiple Vulnerabilities
Adobe has released Security bulletin APSB07-20 to address multiple vulnerabilities affecting Adobe Flash Player. Attackers could exploit these vulnerabilities to execute arbitrary code, perform DNS rebinding and cross-site scripting attacks, conduct port scans, or cause a denial of service.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA07-355A.html
December 18, 2007 - Apple Updates for Multiple Vulnerabilities
Apple has released Security Update 2007-009 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, surreptitiously initate a video conference, or cause a denial of service.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
December 12, 2007 - Microsoft Windows Updates for Multiple Vulnerabilities
Microsoft has released 7 Security Bulletins (Severity: 3 updates are critical; 4 updates are important) that address critical vulnerabilities in Microsoft Windows, Microsoft Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary commands.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA07-345A.html
http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx
November 30, 2007 - Apple QuickTime RTSP Buffer Overflow
Apple QuickTime contains a buffer overflow vulnerability in the way QuickTime processes Real Time Streaming Protocol (RTSP) streams. Exploitation of this vulnerability could allow an attacker to execute arbitrary code. Systems Affected: Microsoft
Windows and Apple MAC OS X are affected.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA07-334A.html
November 15, 2007 - Apple Updates for Mac OS X 10.3.x and 10.4.x
Multiple Vulnerabilities
Apple has released Mac OS X 10.4.11 and Security Update 2007-008 to
address multiple vulnerabilities affecting version 10.3.x and 10.4.x
of Apple Mac OS X and Mac OS X Server.
The most serious of these vulnerabilities may allow a remote
attacker to execute arbitrary code. Attackers may take advantage of
the less serious vulnerabilities to bypass security restrictions or
cause a denial of service.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA07-319A.html
November 13, 2007 - Microsoft Windows Updates for Multiple Vulnerabilities
Microsoft has released updates that address critical vulnerabilities in
Microsoft Windows and Microsoft Windows DNS Server. Exploitation of
these vulnerabilities could allow a remote, unauthenticated attacker
to execute arbitrary commands or to cause a Windows DNS server to
provide incorrect DNS responses.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA07-317A.html
November 7, 2007 - Apple QuickTime Updates for Multiple Vulnerabilities
Apple QuickTime 7.3 resolves multiple vulnerabilities in the way different types of image and media files are handled. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file that could be hosted on a web page. Note that Apple iTunes installs QuickTime, so any system with iTunes is vulnerable.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA07-310A.html
October 24, 2007
- RealNetworks RealPlayer ActiveX Playlist Buffer Overflow
RealNetworks RealPlayer client for Microsoft Windows contains a stack buffer overflow in the playlist paramater passed to the client by an ActiveX control. This vulnerability could allow a remote, unauthenticated attacker to execute arbitrary code using a specially crafted web page or HTML email message.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA07-297A.html
October 24, 2007
- Adobe Updates for Microsoft Windows URI Vulnerability
Adobe has released updates for the Adobe Reader and Adobe Acrobat product families. The update addresses a URI handling vulnerability in Microsoft Windows XP and Server 2003 systems with Internet Explorer 7.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA07-297B.html
October 9, 2007
- Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Outlook Express and Windows Mail, Microsoft Office, Microsoft Office for Mac, and Microsoft SharePoint. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA07-282A.html
September 11, 2007
- Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Microsoft Visual Studio, Microsoft Windows Services for Unix, and Microsoft MSN Messenger. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA07-254A.html
August 14, 2007
- Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Windows Media Player, Office, Office for Mac, XML Core Services, Visual Basic, Virtual PC, and Virtual Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA07-226A.html
July 12, 2007
- Apple Releases Security Updates for QuickTime
Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Systems affected include Apple Mac OS X and Microsoft Windows.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA07-193A.html
July 10, 2007
- Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Excel, Publisher, .NET Framework, Internet Information Services, and Windows Vista Firewall. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA07-191A.html
June 12, 2007
- Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows, Windows Secure Channel, Internet Explorer,
Win32 API, Windows Mail and Outlook Express. Exploitation
of these vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code or cause a denial of
service on a vulnerable system.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA07-163A.html
May 24, 2007
- 20070710
Apple has released
Security Update 2007-005 to address multiple vulnerabilities in various products.
The impacts of these vulnerabilities include denial of service,
arbitrary code execution, information disclosure, and privilege
escalation.
For details, please refer to:
http://www.kb.cert.org/vuls/id/221876
http://www.kb.cert.org/vuls/id/116100
May 8, 2007
- Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows, Internet Explorer, Office, Exchange,
Cryptographic API Component Object Model (CAPICOM), and
BizTalk. Exploitation of these vulnerabilities could allow
a remote, unauthenticated attacker to execute arbitrary
code or cause a denial of service on a vulnerable system.
For details, please refer to: http://www.us-cert.gov/cas/techalerts/TA07-128A.html
April 19, 2007
- Apple Updates for Multiple Vulnerabilities
Apple has released Security Update 2007-004
to correct multiple vulnerabilities affecting Apple Mac
OS X and Mac OS X Server. The most serious of these vulnerabilities
may allow a remote attacker to execute arbitrary code. Attackers
may take advantage of the less serious vulnerabilities to
bypass security restrictions or cause a denial of service.
For details, please refer to: http://www.us-cert.gov/cas/techalerts/TA07-109A.html
April 10, 2007
- Microsoft Updates for Multiple Vulnerabilities
Microsoft has updated their Security Bulletin Summary for
April 2007 and released 6 Security Bulletin (Severity: 5
update are critical; 1 update are important) on 10 April
2007 that address critical vulnerabilities that affect Microsoft
Windows, Microsoft Content Management Server and Microsoft
Internet Explorer. Exploitation of these vulnerabilities
could allow a remote, unauthenticated attacker to execute
arbitrary code or cause a denial of service on a vulnerable
system.
Users are advised to perform Windows Update or apply the
required services pack or update as soon as possible either
by clicking the Windows "Start" button => Windows
Update or clicking the IE 7/6/5.5 browser's "Tools"
menu => "Windows Update".
For more complete information, please refer to the following
links:
http://www.us-cert.gov/cas/techalerts/TA07-100A.html
http://www.microsoft.com/technet/security/bulletin/ms07-apr.mspx
http://www.microsoft.com/technet/security/Bulletin/ms07-017.mspx
http://www.microsoft.com/technet/security/Bulletin/ms07-018.mspx
http://www.microsoft.com/technet/security/Bulletin/ms07-019.mspx
http://www.microsoft.com/technet/security/Bulletin/ms07-020.mspx
http://www.microsoft.com/technet/security/Bulletin/ms07-021.mspx
http://www.microsoft.com/technet/security/Bulletin/ms07-022.mspx
April 3, 2007
- Microsoft Update for Windows Animated Cursor Vulnerability
Microsoft has released updates to address vulnerabilities
in the way that Microsoft Windows handles image files. A
fix for the animated cursor buffer overflow vulnerability
(VU#191609) is included in these updates.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA07-093A.html
http://www.microsoft.com/technet/security/bulletin/ms07-017.mspx
March 30, 2007
- Microsoft Windows ANI header stack buffer overflow
An unpatched buffer overflow vulnerability in the way Microsoft
Windows handles animated cursor files is actively being
exploited. Systems Affected: Microsoft
Windows 2000, XP, Server 2003, and Vista are affected.
Applications that provide attack vectors include:
* Microsoft Internet Explorer
* Microsoft Outlook
* Microsoft Outlook Express
* Microsoft Windows Mail
* Microsoft Windows Explorer
For details, please refer to http://www.us-cert.gov/cas/techalerts/TA07-089A.html
March 13, 2007
- Apple Updates for Multiple Vulnerabilities
Apple has released Security Update 2007-003 to correct
multiple vulnerabilities affecting Apple Mac OS X and Mac
OS X Server. The most serious of these vulnerabilities may
allow a remote attacker to execute arbitrary code. Attackers
may take advantage of the less serious vulnerabilities to
bypass security restrictions or cause a denial of service.
For details, please refer to http://www.us-cert.gov/cas/techalerts/TA07-072A.html.
March 6, 2007
- Apple Releases Security Updates for QuickTime
Apple QuickTime contains multiple vulnerabilities. Exploitation
of these vulnerabilities could allow a remote attacker to
execute arbitrary code or cause a denial-of-service condition.
For details, please refer to:
http://www.us-cert.gov/cas/techalerts/TA07-065A.html
http://www.apple.com/support/downloads/quicktime715forwindows.html
http://www.apple.com/support/downloads/quicktime715formac.html
February 21,
2007 - Apple Updates for Multiple Vulnerabilities
Apple has released Security Update 2007-002 to correct
multiple vulnerabilities affecting Apple Mac OS X, Mac OS
X Server, and iChat. The most serious of these vulnerabilities
may allow a remote attacker to execute arbitrary code. Attackers
may take advantage of the less serious vulnerabilities to
bypass security restrictions or cause a denial of service.
For details, please refer to http://www.us-cert.gov/cas/techalerts/TA07-047A.html.
February 14,
2007 - Microsoft Updates for Multiple Vulnerabilities
Microsoft has released 12 Security Bulletin (Severity:
6 update are critical; 6 update are important) on 12 February
2007 that address critical vulnerabilities in Microsoft
Windows, Internet Explorer, Office, Works, Malware Protection
Engine, Visual Studio and Step-by-Step Interactive Training
. The most severe vulnerabilities could allow an attacker
to gain control of your computer.
For more complete information, please refer to the following
link:
http://www.us-cert.gov/cas/techalerts/TA07-044A.html
http://www.microsoft.com/technet/security/bulletin/ms07-feb.mspx
http://www.microsoft.com/technet/security/Bulletin/ms07-005.mspx
http://www.microsoft.com/technet/security/Bulletin/ms07-006.mspx
http://www.microsoft.com/technet/security/Bulletin/ms07-007.mspx
http://www.microsoft.com/technet/security/Bulletin/ms07-008.mspx
http://www.microsoft.com/technet/security/Bulletin/ms07-009.mspx
http://www.microsoft.com/technet/security/Bulletin/ms07-010.mspx
http://www.microsoft.com/technet/security/Bulletin/ms07-011.mspx
http://www.microsoft.com/technet/security/Bulletin/ms07-012.mspx
http://www.microsoft.com/technet/security/Bulletin/ms07-013.mspx
http://www.microsoft.com/technet/security/Bulletin/ms07-014.mspx
http://www.microsoft.com/technet/security/Bulletin/ms07-015.mspx
http://www.microsoft.com/technet/security/Bulletin/ms07-016.mspx
January 24,
2007 - Apple QuickTime RTSP Buffer Overflow
Apple QuickTime contains a buffer overflow in the handling
of RTSP URLs. This can allow a remote attacker to execute
arbitrary code on a vulnerable system. For more complete
information, please refer to the following link:
http://www.us-cert.gov/cas/techalerts/TA07-005A.html
January 9, 2007 - Microsoft Updates for Multiple
Vulnerabilities
Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows, Internet Explorer, Outlook, and Excel.
Exploitation of these vulnerabilities could allow a remote,
unauthenticated attacker to execute arbitrary code or cause
a denial of service on a vulnerable system.
For more complete information, please refer to:
http://www.us-cert.gov/cas/techalerts/TA07-009A.html
December 20,
2006 - Mozilla Addresses Multiple Vulnerabilities
The Mozilla web browser and derived products contain several
vulnerabilities, the most severe of which could allow a
remote attacker to execute arbitrary code on an affected
system.
For more complete information, please refer to:
http://www.us-cert.gov/cas/techalerts/TA06-354A.html
December
12, 2006 - Windows Security Update Summary for December, 2006
Microsoft has released 6 Security Bulletins (Severity:
3 updates are critical; 4 updates are important) on 12 December
2006 that address critical vulnerabilities in Microsoft
Windows, Visual Studio, Microsoft Outlook Express, Microsoft
Media Player, and Microsoft Internet Explorer as part of
the Microsoft Security Bulletin Summary for December 2006.
The most severe vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code or cause a denial of
service on a vulnerable system.
Users are advised to perform Windows Update or apply the
required services pack or update as soon as possible either
by clicking the Windows "Start" button => "Windows
Update" or clicking the IE browser's "Tools"
menu => "Windows Update".
For more complete information, please refer to the following
links:
http://www.microsoft.com/athome/security/update/bulletins/200612.mspx
http://www.us-cert.gov/cas/techalerts/TA06-346A.html
http://www.microsoft.com/technet/security/bulletin/ms06-dec.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-072.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-073.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-074.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-075.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-076.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-077.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx
November 29,
2006 - Apple Releases Security Update to Address Multiple
Vulnerabilities
Apple has released Security Update 2006-007 to correct
multiple vulnerabilities affecting Mac OS X, Mac OS X Server,
Safari web browser. Vulnerabilities in OpenSSL, gzip, and
other products are also addressed. The most serious of these
vulnerabilities may allow a remote attacker to execute arbitrary
code. Attackers may take advantage of the less serious vulnerabilities
to bypass security restrictions or cause a denial of service.
For more complete information, please refer to:
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
November 14,
2006 - Windows Security Update Summary for November, 2006
Microsoft has released 6 Security Bulletins (Severity:
5 update are critical; 1 update is important) on 14 November
2006 that address critical vulnerabilities in Microsoft
Windows, Internet Explorer and Adobe Flash. Exploitation
of these vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code or cause a denial of
service on a vulnerable system. Microsoft has included updates
to Adobe Flash, which is installed with Internet Explorer.
Users are advised to perform Windows Update or apply the
required services pack or update as soon as possible either
by clicking the Windows "Start" button => Windows Update
or clicking the clicking the IE browser's "Tools" menu =>
"Windows Update".
For more complete information, please refer to the following
links:
http://www.us-cert.gov/cas/techalerts/TA06-318A.html
http://www.microsoft.com/technet/security/bulletin/ms06-nov.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-066.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-067.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-068.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-069.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-070.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-071.mspx
October 11,
2006 - Windows Security Update Summary for October, 2006
Microsoft has released 10 Security Bulletins (Severity:
6 updates are critical; 1 update is important; 2 updates
are moderate; 1 update is low) on 10 October 2006 that address
critical vulnerabilities in Microsoft Windows, Internet
Explorer and MS Office. Exploitation of these vulnerabilities
could allow a remote, unauthenticated attacker to execute
arbitrary code or cause a denial of service on a vulnerable
system.
Users are advised to perform Windows Update or apply the
required services pack or update as soon as possible either
by clicking the Windows "Start" button => Windows
Update or clicking the clicking the IE browser's "Tools"
menu => "Windows Update".
For the Microsoft Office update please go to:
http://office.microsoft.com/en-us/officeupdate/default.aspx
clicking the "Check of Updates" link.
For more complete information, please refer to the following
links:
http://www.us-cert.gov/cas/techalerts/TA06-283A.html
http://www.microsoft.com/technet/security/bulletin/ms06-oct.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-056.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-057.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-058.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-059.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-060.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-061.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-062.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-063.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-064.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-065.mspx
October 2, 2006 - Multiple
Vulnerabilities in Apple and Adobe Products
Apple has released Security Update 2006-006 and Mac OS
X 10.4.8 Update to correct multiple vulnerabilities affecting
Mac OS X, OS X Server, Safari, Adobe Flash Player, and other
products. The most serious of these vulnerabilities may
allow a remote attacker to execute arbitrary code. Impacts
of other vulnerabilities include bypass of security restrictions
and denial of service.
For details see: http://www.us-cert.gov/cas/techalerts/TA06-275A.html
September 27, 2006 -
Technical Cyber Security Alert TA06-270A - Microsoft Internet
Explorer WebViewFolderIcon ActiveX Vulnerability
The Microsoft Windows WebViewFolderIcon ActiveX control
contains an integer overflow vulnerability that could allow
a remote attacker to execute arbitrary code.
For details see: http://www.us-cert.gov/cas/techalerts/TA06-270A.html
September 26, 2006 -
Technical Cyber Security Alert TA06-262A - Microsoft Internet
Explorer VML Buffer Overflow
Microsoft Internet Explorer (IE) fails to properly handle
Vector Markup Language (VML) tags. This creates a buffer
overflow vulnerability that could allow a remote attacker
to execute arbitrary code.
For details see: http://www.us-cert.gov/cas/techalerts/TA06-262A.html
September 13,
2006 Apple QuickTime Vulnerabilities
Systems Affected: Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Apple QuickTime contains multiple vulnerabilities. Exploitation
of these vulnerabilities could allow a remote attacker to
execute arbitrary code or cause a denial-of-service condition.
For details see:
http://www.us-cert.gov/cas/techalerts/TA06-256A.html
September 12,
2006 Windows Vulnerabilities Update
Microsoft has released 3 Security Bulletin (Severity: 1
update is critical; 1 update is important; 1 update is moderate)
on 12 September 2006 that address critical vulnerabilities
in Microsoft Windows and MS Publisher. Exploitation of these
vulnerabilities could allow a remote, unauthenticated attacker
to execute arbitrary codes.
Users are advised to perform Windows Update or apply the
required services pack or update as soon as possible either
by clicking the Windows "Start" button => Windows
Update or clicking the IE browser's "Tools" menu
=> "Windows Update".
For the Microsoft Office update please go to:
http://office.microsoft.com/en-us/officeupdate/default.aspx
click the "Check of Updates" link.
For more complete information, please refer to the following
links:
http://www.us-cert.gov/cas/techalerts/TA06-255A.html
http://www.microsoft.com/technet/security/bulletin/ms06-sep.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-051.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-052.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-053.mspx
August 8, 2006
- Technical Cyber Security Alert TA06-220A -
Microsoft Products Contain Multiple Vulnerabilities
Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows, Office, Works Suite, Visual Basic
for Applications, and Internet Explorer. Exploitation of
these vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code or cause a denial of
service on a vulnerable system.
For details, see: http://www.us-cert.gov/cas/techalerts/TA06-220A.html
August 2, 2006
- Technical Cyber Security Alert TA06-214A - Apple Mac Products Affected by Multiple Vulnerabilities
Apple has released Security Update 2006-004 to correct
multiple vulnerabilities affecting Mac OS X, Mac OS X Server,
Safari web browser, Mail, and other products. The most serious
of these vulnerabilities may allow a remote attacker to
execute arbitrary code. Impacts of other vulnerabilities
include bypass of security restrictions and denial of service.
For details, see: http://www.us-cert.gov/cas/techalerts/TA06-214A.html
Security Update 2006-004 http://docs.info.apple.com/article.html?artnum=304063
July 11, 2006
- Microsoft Windows, Office, and IIS Vulnerabilities
Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows, IIS, and Office. Exploitation of these
vulnerabilities could allow a remote, unauthenticated attacker
to execute arbitrary code or cause a denial of service on
a vulnerable system.
For details, see: http://www.us-cert.gov/cas/techalerts/TA06-192A.html
June 16, 2006
- Technical Cyber Security Alert TA06-167A - Microsoft Excel
Vulnerability
An unspecified vulnerability in Microsoft Excel could allow
an attacker to execute arbitrary code on a vulnerable system.
The following systems are effected:
- Microsoft Excel 2003
- Microsoft Excel XP (2002)
- Microsoft Excel for Mac
Solution: At the time of writing, there
is no complete solution available. Consider the following
workarounds:
- Do not open untrusted Excel documents
- Do not rely on file extension filtering
For details, see: http://www.us-cert.gov/cas/techalerts/TA06-167A.html
June 13, 2006 - Windows Security
Update Summary for June, 2006
Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows, Word, PowerPoint, Media Player, Internet
Explorer, and Exchange Server. Exploitation of these vulnerabilities
could allow a remote, unauthenticated attacker to execute
arbitrary code or cause a denial of service on a vulnerable
system.
For more complete information, please refer to the following
links:
http://www.us-cert.gov/cas/techalerts/TA06-164A.html
http://www.microsoft.com/technet/security/bulletin/ms06-jun.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-022.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-023.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-024.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-025.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-026.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-027.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-028.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-029.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-030.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-031.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-032.mspx
May 30, 2006 - Symantec Antivirus
Corporate Edition 10.x Remote Buffer Overflow
Affected: Symantec Antivirus Corporate version 10.0 and
10.1 and Symantec Client Security 3.0 and 3.1
Description: The affected Symantec Antivirus software is
vulnerable to a remote buffer overflow. By sending
specially-crafted requests to the antivirus engine, a remote
user can exploit this buffer overflow and execute malicious
code with "SYSTEM" privileges. No user interaction
is required on the vulnerable system and the system is vulnerable
in its default configuration.
Status: Symantec confirmed. Updates available.
For details, see: http://securityresponse.symantec.com/avcenter/security/Content/2006.05.25.html
May 19, 2006
- Technical Cyber Security Alert TA06-139A - Microsoft Word
Vulnerability
A buffer overflow vulnerability in Microsoft Word could
allow an attacker to execute arbitrary code on a vulnerable
system. Systems Affected:
- Microsoft Word 2003
- Microsoft Word XP (2002)
- Microsoft Word 2000
For details, see: http://www.us-cert.gov/cas/techalerts/TA06-139A.html
SANS @RISK Vol. 5 No. 20 http://www.sans.org/newsletters/risk/display.php?v=5&i=20
May 12, 2006
- Technical Cyber Security Alert TA06-132A - Apple Mac Products
Affected by Multiple Vulnerabilities
Apple has released Security Update 2006-003 to correct
multiple vulnerabilities affecting Mac OS X, Mac OS X Server,
Safari web browser, Mail, and other products. The most serious
of these vulnerabilities may allow a remote attacker to
execute arbitrary code. Impacts of other vulnerabilities
include bypassing security restrictions and denial of service.
For details, see:
http://www.us-cert.gov/cas/techalerts/TA06-132A.html
http://docs.info.apple.com/article.html?artnum=303737
Also
see Security Update 2006-002 and other Security Updates
at
http://docs.info.apple.com/article.html?artnum=61798
May 9, 2006
- Windows Security Update Summary for May, 2006
Users are advised to perform Windows Update or apply the
required services pack or update as soon as possible either
by clicking the Windows "Start" button => Windows
Update or clicking the IE 6/5.5 browser's "Tools"
menu => "Windows Update".
For more complete information, please refer to the following
links:
http://www.microsoft.com/technet/security/bulletin/ms06-may.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-018.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-019.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-020.mspx
http://www.us-cert.gov/cas/techalerts/TA06-129A.html
April 17, 2006
- Mozilla Products Contain Multiple Vulnerabilities
The Mozilla web browser and derived products contain several
vulnerabilities, the most serious of which could allow a
remote attacker to execute arbitrary code on an affected
system. The following systems are affected:
Mozilla web browser, email and newsgroup client
Mozilla SeaMonkey
Firefox web browser
Thunderbird email client
Mozilla Suite
For details, see:
http://www.us-cert.gov/cas/techalerts/TA06-107A.html
April 11, 2006
- Windows Security Update Summary for April, 2006
Users are advised to perform Windows Update or apply the
required services pack or update as soon as possible either
by clicking the Windows "Start" button => Windows
Update or clicking the IE 6/5.5 browser's "Tools"
menu => "Windows Update".
For more complete information, please refer to the following
links:
http://www.microsoft.com/technet/security/bulletin/ms06-apr.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-016.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-017.mspx
http://www.us-cert.gov/cas/techalerts/TA06-101A.html
For the Microsoft Office and Front Page Update please click
the "Check of Updates" link at the following URL:
http://office.microsoft.com/en-us/officeupdate/default.aspx
March 16, 2006
- Technical Cyber Security Alert TA06-075A
- Adobe Macromedia Flash Products Contain Vulnerabilities
There are critical vulnerabilities in Macromedia Flash
player and related software. Exploitation of these vulnerabilities
could allow a remote, unauthenticated attacker to execute
arbitrary code or cause a denial of service on a vulnerable
system. For details, see:
http://www.us-cert.gov/cas/techalerts/TA06-075A.html
March 14, 2006
- Windows Security Update for March, 2006
On vulnerable versions of Office, if a
user is logged on with administrative user rights, an attacker
who successfully exploited this vulnerability could take
complete control of the client workstation. An attacker
could then install programs; view, change, or delete data;
or create new accounts with full user rights. Users whose
accounts are configured to have fewer user rights on the
system could be less impacted than users who operate with
administrative user rights. For details, see:
http://www.microsoft.com/technet/security/bulletin/ms06-mar.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-011.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx
http://www.us-cert.gov/cas/techalerts/TA06-073A.html
March 3, 2006
- Technical Cyber Security Alert TA06-062A - Apple Mac Products
are Affected by Multiple Vulnerabilities
Apple has released Security Update 2006-001 to correct
multiple vulnerabilities affecting Mac OS X, Mac OS X Server,
Safari web browser, and other products. The most serious
of these vulnerabilities may allow a remote attacker to
execute arbitrary code. Impacts of other vulnerabilities
include bypassing security restrictions and denial of service.
For details, see:
http://www.us-cert.gov/cas/techalerts/TA06-062A.html
http://www.sans.org/newsletters/newsbites/newsbites.php?vol=8&issue=16#200
February 14,
2006 - Windows Security Update for February 2006
Microsoft has released updates that address critical vulnerabilities
in Windows, Windows Media Player, and Internet Explorer.
Exploitation of these vulnerabilities could allow a remote,
unauthenticated attacker to execute arbitrary code or cause
a denial of service on a vulnerable system. For details
see:
http://www.us-cert.gov/cas/techalerts/TA06-045A.html
http://www.microsoft.com/technet/security/bulletin/ms06-feb.mspx
January 10,
2006 - Windows Security Update for January 2006
Microsoft has released updates that address critical vulnerabilities
in Windows, Outlook, and Exchange. Exploitation of
these vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code or cause a denial of
service on a vulnerable system.
In particular, it includes the following Windows Critical
Update:
Microsoft Security Bulletin MS06-002 -- Vulnerability
in Embedded Web Fonts Could Allow Remote Code Execution
If a user is logged on with administrative user rights,
an attacker who successfully exploited this vulnerability
could take complete control of an affected system. An attacker
could then install programs; view, change, or delete data;
or create new accounts with full user rights. For
details, see:
http://www.us-cert.gov/cas/techalerts/TA06-010A.html
http://www.microsoft.com/technet/security/bulletin/ms06-002.mspx
January 5, 2006
- US-CERT Technical Cyber Security Alert TA06-005A -- Update
for Microsoft Windows Metafile Vulnerability
Microsoft Security Bulletin MS06-001 contains an update
to fix a vulnerability in the way Microsoft Windows handles
images in the Windows Metafile (WMF) format. This
vulnerability could allow a remote attacker to execute arbitrary
code. For more details, see:
http://www.us-cert.gov/cas/techalerts/TA06-005A.html
http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx
December 28,
2005 - US-CERT Technical Cyber Security Alert TA05-362A --
Microsoft Windows Metafile Handling Buffer Overflow
Microsoft Windows is vulnerable to remote code execution
via an error in handling files using the Windows Metafile
image format. Exploit code has been publicly posted and
used to successfully attack fully-patched Windows XP SP2
systems. However, other versions of the the Windows operating
system may be at risk as well. Details can be found at http://www.us-cert.gov/cas/techalerts/TA05-362A.html.
December 14, 2005 - US-CERT
Technical Cyber Security Alert TA05-347A -- Microsoft Internet
Explorer Vulnerabilities
Systems affected are Microsoft Windows and Microsoft Internet
Explorer. Microsoft has released updates that address critical
vulnerabilities in Internet Explorer (IE). A remote, unauthenticated
attacker could exploit these vulnerabilities to execute
arbitrary code or cause a denial of service on an affected
system. Details can be found at http://www.us-cert.gov/cas/techalerts/TA05-347A.html
http://www.microsoft.com/technet/security/bulletin/MS05-dec.mspx
November 08,
2005 - US-CERT Technical Cyber Security Alert TA05-312 A --
Microsoft Windows Image Processing Vulnerabilities
Systems Affected : Microsoft Windows 2000 , Microsoft Windows
XP, Microsoft Windows Server 2003
Details of the vulnerabilities and the solution are provided
at:
http://www.us-cert.gov/cas/techalerts/TA05-312A.html
http://www.microsoft.com/technet/security/bulletin/MS05-053.mspx
October 11,
2005 - US-CERT Technical Cyber Security Alert TA05-284A --
Microsoft Windows, Internet Explorer, and Exchange Server
Vulnerabilities
Details of the vulnerabilities and the solution are provided
at:
http://www.us-cert.gov/cas/techalerts/TA05-284A.html
http://www.microsoft.com/technet/security/bulletin/ms05-oct.mspx
October 12,
2005 - Beware of Fake Email
There have been a lot of
fake email sent to HKU members from xxx@hku.hk
e.g.:
- support@hku.hk
- service@hku.hk
- register@hku.hk etc... etc...
The mail contains an attachment and a password urging the
reader to open it. It may read as follows:
---- begin quote ----
>Dear Hkucc Member,
>
>We have temporarily suspended your email account account-name@hkucc.hku.hk.
> ...
> ...
> Sincerely,
> The Hkucc Support Team
---- end quote ----
DO NOT open the .zip files
in these fake emails as they contain PC viruses! These viruses
may not be detected by the anti-virus program on an email
server because they are embedded in the attachment files
which are encrypted.
The Computer Centre would
not send email attachments to our users,
so do not open any attachment even if the sender address
is from ithelp@hku.hk.
August 17, 2005
- US-CERT Technical Cyber Security Alert TA05-229A -- Apple
Mac Products are Affected by Multiple Vulnerabilities
Details of the vulnerabilities and the solution are provided
at:
http://www.us-cert.gov/cas/techalerts/TA05-229A.html
August 9, 2005
- US-CERT Technical Cyber Security Alert TA05-221A -- Microsoft
Windows and Internet Explorer Vulnerabilities
Details of the vulnerabilities and the solution are provided
at:
http://www.us-cert.gov/cas/techalerts/TA05-221A.html
http://www.microsoft.com/technet/security/bulletin/ms05-aug.mspx
July 12, 2005
- US-CERT Security Alert TA05-193A Microsoft Windows, Internet
Explorer, and Word Vulnerabilities
Details of the vulnerabilities and the solution are provided
at:
http://www.us-cert.gov/cas/techalerts/TA05-193A.html
http://www.microsoft.com/technet/security/bulletin/ms05-jul.mspx
July 8, 2005
- US-CERT Security Alert TA05-189A Targeted Trojan Email Attacks
Details of the vulnerabilities and the solution are provided
at:
http://www.us-cert.gov/cas/techalerts/TA05-189A.html
June 29, 2005
- US-CERT Security Alert TA05-180A VERITAS Backup Exec Software
is actively being exploited
The VERITAS Backup Exec Remote Agent for Windows contains
a buffer overflow that may allow an unauthenticated, remote
attacker to compromise a system and execute arbitrary code
with administrative privileges. A remote, unauthenticated
attacker may be able to execute arbitrary code with administrative
privileges on a vulnerable system. Details of the vulnerabilities
and the solution are provided at:
http://www.us-cert.gov/cas/techalerts/TA05-180A.html
June 14, 2005
- US-CERT Security Alert TA05-165A Microsoft Windows and Internet
Explorer Vulnerabilities
Microsoft has released updates that address critical vulnerabilities
in Windows and Internet Explorer. Exploitation of these
vulnerabilities could allow a remote, unauthenticated attacker
to execute arbitrary code or cause a denial of service.
Details of the vulnerabilities and their impacts are provided
at:
http://www.us-cert.gov/cas/techalerts/TA05-165A.html
http://www.microsoft.com/technet/security/bulletin/ms05-jun.mspx
April 12, 2005
- US-CERT Security Alert TA05-102A Multiple Vulnerabilities
in Microsoft Windows Components
Microsoft has released a Security Bulletin Summary for
April, 2005. This summary includes several bulletins that
address vulnerabilities in various Windows applications
and components. Exploitation of some vulnerabilities can
result in the remote execution of arbitrary code by a remote
attacker. Details of the vulnerabilities and their impacts
are provided at:
http://www.us-cert.gov/cas/techalerts/TA05-102A.html
February 21,
2005 - Sophos' Alert: W32/MyDoom-BC and Symantec's Alert:
W32.Mydoom.BA@mm
W32.Mydoom.BA@mm is a mass-mailing worm that uses it own
SMTP engine to send an email to addresses that it retrieves
from Windows Address book on the infected computer. See
details at:
Symantec site: W32.Mydoom.BA@mm
Sophos site: W32/MyDoom-BC
February 8,
2005 - Windows Security Update Summary for February 2005
Users are advised to perform Windows Update for February
2005 as soon as possible by visiting http://windowsupdate.microsoft.com
or start the Internet Explorer browser and click menu "Tools"
and select "Window Update".
For more details, please refer to the following links:
http://www.microsoft.com/security/bulletins/200502_windows.mspx
http://www.microsoft.com/security/bulletins/200502_office.mspx
http://www.us-cert.gov/cas/techalerts/TA05-039A.html
http://www.microsoft.com/technet/security/bulletin/MS05-004.mspx
http://www.microsoft.com/technet/security/bulletin/MS05-005.mspx
http://www.microsoft.com/technet/security/bulletin/MS05-006.mspx
http://www.microsoft.com/technet/security/bulletin/MS05-007.mspx
http://www.microsoft.com/technet/security/bulletin/MS05-008.mspx
http://www.microsoft.com/technet/security/bulletin/MS05-009.mspx
http://www.microsoft.com/technet/security/bulletin/MS05-010.mspx
http://www.microsoft.com/technet/security/bulletin/MS05-011.mspx
http://www.microsoft.com/technet/security/bulletin/MS05-012.mspx
http://www.microsoft.com/technet/security/bulletin/MS05-013.mspx
http://www.microsoft.com/technet/security/bulletin/MS05-014.mspx
http://www.microsoft.com/technet/security/bulletin/MS05-015.mspx
January 26 ,
2005 - Symantec's Alert! W32.Beagle.AZ@mm
W32.Beagle.AZ@mm is a mass-mailing worm that also spreads
through file-sharing networks. The email will have a variable
subject and attachment name. The attachment will have a
.com, .cpl, .exe, or .scr file extension. For details, see
Symantec site: http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.az@mm.html
Sophos site: http://www.sophos.com/virusinfo/analyses/w32baglebk.html
January 11,
2005 - Windows Security Update Summary for January 2005
Users are advised to perform Windows Update for January
2005 as soon as possible by visiting http://windowsupdate.microsoft.com
or start the Internet Explorer browser and click menu "Tools"
and select "Window Update".
For more details, please refer to the following links:
http://www.microsoft.com/technet/security/bulletin/ms05-001.mspx
http://www.microsoft.com/technet/security/bulletin/ms05-002.mspx
http://www.microsoft.com/technet/security/bulletin/ms05-003.mspx
If you have further enquiries, please contact our Helpdesk at
Room 104, Run Run Shaw Building (tel: 28592491) or email to
ithelp@hku.hk.
 |
