DarkFiber Consulting – IT Managed Services

DarkFiber Consulting is aware of a public report describing how MD5 collisions can be leveraged to generate rogue SSL CA certificates. A rogue CA certificate could be used by an attacker to generate valid SSL certificates for arbitrary web sites. Using these certificates in DNS redirection attacks, an attacker could spoof an SSL protected web site and obtain sensitive information.  

DarkFiber Consulting will provide additional information as it becomes available.

Trend Micro has released a patch to address a vulnerability in HouseCall 6.6. This vulnerability may allow an attacker to execute arbitrary code. Visitors to the publicly available HouseCall application may receive an older, vulnerable version of the control.

DarkFiber Consulting encourages users to review Hot Fix B1285  and apply any necessary updates.
 

Microsoft has released Security Advisory 961040 to address reports of attacks against a new vulnerability in Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine, Microsoft SQL Server 2000 Desktop Engine, and Windows Internal Database. The vulnerability occurs in the extended stored procedure “sp_replwriteovarbin.” Exploitation of this vulnerability may allow an authenticated attacker to execute arbitrary code. Additionally, if a web application is vulnerable to SQL injection, an unauthenticated, remote attacker may be able to execute arbitrary code.

DarkFiber Consulting encourages users to review the Microsoft Security Advisory 961040 and implement any Suggested Actions to help mitigate the risks.

Mozilla has released Firefox 3.0.5 to address multiple vulnerabilities. The impacts of these vulnerabilities include cross-site scripting and information disclosure. As described in the Mozilla Foundation Security Advisories, some of these vulnerabilities may also affect Thunderbird.

DarkFiber Consulting encourages users to do the following to help mitigate the risks:

• Review the Mozilla Foundation Security Advisory.
• Update to Firefox 3.0.5.
  

Opera Software has released Opera Version 9.63 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site scripting, or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Opera advisories: 920, 921, 922, 923, and 924 and upgrade to version 9.63 to help mitigate the risks.

Microsoft has released Security Bulletin MS08-078 to address a vulnerability in Internet Explorer. This vulnerability is due to an invalid pointer reference in the data binding function. By convincing a user to view a specially crafted document that performs data binding (e.g., a web page, email message, or attachment), a remote, unauthenticated attacker may be able to execute arbitrary code.

DarkFiber Consulting encourages users to review Microsoft Security Bulletin MS08-078 and apply the update or workarounds listed in the bulletin to help mitigate the risks. Users may also want to consider implementing the best security practices listed in the Securing Your Web Browser document to strengthen their web browsers against future vulnerabilities.

Additional information regarding this vulnerability can be found in the Vulnerability Notes Database.

Microsoft has released a Security Bulletin Advance Notification indicating that an out-of-band Security Bulletin will be released. This bulletin will address a remote code execution vulnerability in Microsoft Internet Explorer. Release of this Bulletin is scheduled for Wednesday, December 17.

DarkFiber Consulting encourages users to review the Security Bulletin Advance Notification and apply any necessary updates when they become available. Additional information about this vulnerability can be found in the Vulnerability Notes Database.

DarkFiber Consulting will provide additional information as it becomes available.

Apple has released Security Update 2008-008 and Mac OS X v10.5.6 to address multiple vulnerabilities in Mac OS X and related products. The impacts of these vulnerabilities include arbitrary code execution, privilege escalation, denial of service, or information disclosure.

DarkFiber Consulting encourages users to review Apple article HT3338 and apply the appropriate updates.

Microsoft has released Security Advisory 961051 to address reports of attacks against a new vulnerability in Internet Explorer 7. By convincing a user to view a specially crafted XML document, an attacker may be able to execute arbitrary code with the privileges of the user. Additionally, Microsoft indicates that it is aware of limited and targeted attacks using this vulnerability.

DarkFiber Consulting encourages users to review the Microsoft Security Advisory 961051 and implement any Suggested Actions to help mitigate the risks.

Additional information is available in the Vulnerability Notes database. DarkFiber Consulting will provide further details as they become available.

DarkFiber Consulting is aware of public reports of an email scam circulating that is targeting holiday travelers. The email messages related to this scam appear to come from legitimate major airlines and contain a .zip attachment.  This .zip attachment appears to contain a purchase invoice and flight ticket. If a user opens this attachment, malicious code may be installed on the system.

DarkFiber Consulting encourages users to do the following to help mitigate the risks:

• Install antivirus software and keep the virus signatures up to date.
• Use caution when opening attachments.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.