Microsoft has issued a Security Bulletin Advance Notification indicating that the May release cycle will contain one bulletin with a maximum severity rating of Critical. The notification states that the Critical bulletin is for Microsoft PowerPoint. The release is scheduled for Tuesday, May 12.
DarkFiber Consulting will provide additional information as it becomes available.
Adobe has released Security Bulletin APSB09-05 to address a potential vulnerability in versions of Flash Media Server up to and including version 3.5.1.
This vulnerability may allow an attacker to “execute remote procedures within a server side ActionScript file running on a Flash Media Server.” According to Adobe, this issue affects versions of Flash Media Interactive Server and Flash Media Streaming Server.
DarkFiber Consulting encourages users to review Adobe Security Bulletin APSB09-05 and upgrade to the most current version of Flash Media Server.
Symantec has released three security advisories to address multiple vulnerabilities in Symantec Alert Management System, Log Viewer, and Reporting Server. These vulnerabilities may allow an attacker to execute arbitrary code, bypass security mechanisms, or leverage phishing attacks.
DarkFiber Consulting encourages users and administrators to review the following Symantec Security Advisories and apply any necessary updates or workarounds to help mitigate the risks:
DarkFiber Consulting also encourages users to continue following the best practices provided in the advisories to minimize future risks.
DarkFiber Consulting is aware of public reports of two vulnerabilities affecting Adobe Reader and Acrobat. The JavaScript methods customDictionaryOpen() and getAnnots() do not safely handle specially crafted arguments and can be manipulated to execute arbitrary code.
DarkFiber Consulting encourages users and administrators to disable JavaScript in Adobe Reader to help mitigate the risk:
Additional information regarding these vulnerabilities can be found in the Adobe PSIRT blog entry and in the Vulnerability Notes Database. DarkFiber Consulting will provide additional information as it becomes available.
DarkFiber Consulting is aware of public reports of email scams circulating related to the Swine Flu. The attacks arrive via an unsolicited email message typically containing a subject line related to the Swine Flu. These email messages may contain a link or an attachment. If users click on this link or open the attachment, they may be directed to a phishing website or exposed to malicious code.
DarkFiber Consulting encourages users to take the following measures to protect themselves:
UPDATE: Due to these potential phishing attacks and email scams, DarkFiber Consulting encourages users to visit the Center for Disease Control (CDC) website for trusted information regarding the Swine Flu.
Mozilla Foundation has released Firefox 3.0.10 to address a memory corruption vulnerability. Exploitation of this vulnerability may result in a denial-of-service condition.
DarkFiber Consulting encourages users and administrators to review Mozilla Foundation Security Advisory MFSA 2009-23 and update to Firefox 3.0.10 to help mitigate the risk.
Mozilla Foundation has released Firefox 3.0.9 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, leverage additional attacks, or obtain sensitive information. The Mozilla Foundation security advisories indicate that many of these vulnerabilities also affect SeaMonkey and Thunderbird.
DarkFiber Consulting encourages users and administrators to review the Mozilla Foundation Security Advisories website for more information about the vulnerabilities and upgrade to Firefox 3.0.9 to help mitigate the risks.
Research In Motion has released a security advisory to address multiple vulnerabilities in the PDF distiller of some released versions of the BlackBerry Attachment Service. The advisory lists the affected versions as BlackBerry Enterprise Server 4.1.3 through 4.1.6 and BlackBerry Professional Software 4.1.4. By convincing a user to view a specially crafted PDF file, an attacker may be able to execute arbitrary code on the system that hosts the Blackberry Attachment Service.
DarkFiber Consulting encourages users to review BlackBerry security advisory KB17953 and apply any necessary updates.
Additional information is available in the Vulnerability Notes Database.
Oracle has released their Critical Patch Update for April 2009 to address 43 vulnerabilities across several products. This update contains the following security fixes:
DarkFiber Consulting encourages users and administrators to review the April Critical Patch Update and apply any necessary updates.
In the past, DarkFiber Consulting has received reports of an increased number of phishing scams that take advantage of the United States tax season. Due to the upcoming tax deadline, DarkFiber Consulting would like to remind users to remain cautious when receiving unsolicited email that could be a potential phishing scam.
Phishing scams may appear as a tax refund, an offer to assist in filing for a refund, or contain details about fake e-file websites. These messages may appear to be from the IRS and directly ask users for personal information. These messages may also contain a link and instruct the user to follow the link to a website that requests personal information or contains malicious code.
DarkFiber Consulting encourages users to take the following measures to protect themselves from this type of phishing scam: