July 30th, 2009 . by DarkFiber Consulting
Adobe has released Shockware Player 11.5.1.601 because previous versions used a vulnerable version of the Microsoft Active Template Library (ATL). Additionally, Adobe has released Flash Player 10.0.22.87 and 9.0.246.0 to address the ATL issue and additional vulnerabilities in Flash Player. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.
DarkFiber Consulting encourages users and administrators to review Adobe security bulletins APSB09-11 and APSB09-10 and apply any necessary updates to help mitigate the risks. Additional information can be found in the Adobe PSIRT blog and in Adobe security advisory APSA09-04.
Posted in Security Alerts | No Comments »
Tagged With: Active Template Library • Adobe Update • Arbitrary Code • Atl • Attacker • Blog • Flash Player 10 • Microsoft • Microsoft Active Template Library • Necessary Updates • Previous Versions • Psirt • Security Advisory • Security Bulletins • Shockwave Flash • Shockwave Player • Vulnerabilities • Vulnerable Version
July 30th, 2009 . by DarkFiber Consulting
Cisco has released a security advisory to address multiple vulnerabilities in IOS Software. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition when handling specific Border Gateway Protocol (BGP) updates. The advisory indicates that these vulnerabilities affect only Cisco IOS
Software with support for four-octet AS number space and BGP routing
configured.
DarkFiber Consulting encourages users and administrators to review Cisco Security Advisory cisco-sa-20090729-bgp and apply any necessary updates to help mitigate the risks.
Posted in Security Alerts | No Comments »
Tagged With: Address Software • Attacker • Border Gateway Protocol • Cisco • Cisco Ios • Cisco Security Advisory • Cisco Software • Denial Of Service • Necessary Updates • Number Space • Octet • Security Software • Software Support • Software Vulnerabilities
July 30th, 2009 . by DarkFiber Consulting
The Internet Systems Consortium (ISC) has released BIND versions 9.4.3-P3, 9.5.1-P3, and 9.6.1-P1 to address a vulnerability. By sending a specially crafted dynamic update packet to an affected BIND 9 server, a remote, unauthenticated attacker may be able to cause a denial-of-service condition.
DarkFiber Consulting encourages users and administrators to review the Internet Systems Consortium advisory and apply any necessary updates to help mitigate the risks. Additional information can be found in the Vulnerability Notes Database.
Posted in Security Alerts | No Comments »
Tagged With: Address • Attacker • Bind 9 • Consortium • Denial Of Service • Internet Systems • Isc • Necessary Updates • P1 • Vulnerability Notes Database
July 30th, 2009 . by DarkFiber Consulting
Microsoft has released two out-of-band security bulletins. The first bulletin, MS09-034, is a cumulative security update for Internet Explorer that addresses several vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code. The second bulletin, MS09-035, addresses vulnerabilities in the Visual Studio Active Template Library (ATL). Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.
Additionally, Microsoft has released security advisory 973882 to provide specific guidance for developers, IT professionals, consumers, and home users regarding the vulnerabilities in Active Template Library (ATL).
DarkFiber Consulting encourages users and administrators to review Microsoft Security Bulletins MS09-034 and MS09-035 and Microsoft Security Advisory 973882 and apply any necessary updates or workarounds to help mitigate the risks. Additional information can be found in Technical Cyber Security Alert TA09-209A.
Posted in Security Alerts | No Comments »
Tagged With: Active Template Library • Arbitrary Code • Atl • Attacker • Consumers • Cumulative Security Update • Cyber Security • Developers • Guidance • Home Users • Internet Explorer • Microsoft • Microsoft Security Advisory • Microsoft Security Bulletins • Necessary Updates • Visual Studio • Workarounds
July 30th, 2009 . by DarkFiber Consulting
Cisco has released a security advisory to address multiple vulnerabilities in Wireless LAN Controllers. The advisory addresses the following:
- Malformed HTTP or HTTPS authentication response denial-of-service vulnerability.
- SSH connections denial-of-service vulnerability.
- Crafted HTTP or HTTPS request denial-of-service vulnerability.
- Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability.
Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition or gain full control over the Wireless LAN Controller.
DarkFiber Consulting encourages users and administrators to review Cisco Security Advisory cisco-sa-20090727-wlc and apply any necessary updates or workarounds to help mitigate the risks.
Posted in Security Alerts | No Comments »
Tagged With: Address • Addresses • Attacker • Authentication • Cisco • Cisco Security Advisory • Cisco Wireless • Control • Denial Of Service • Full Control • Lan Controller • Lan Controllers • Necessary Updates • Service Vulnerability • Vulnerabilities • Vulnerability Exploitation • Wireless Lan • Wlc • Workarounds
July 30th, 2009 . by DarkFiber Consulting
Microsoft has issued a Security Bulletin Advance Notification indicating that it will be releasing two out-of-band security bulletins. The first bulletin will address issues with Internet Explorer and has the severity rating of critical. The second bulletin will address issues with Visual Studio and has the severity rating of moderate. The notification states that release of these bulletins is scheduled for July 28, 2009.
DarkFiber Consulting will provide additional information as it becomes available.
Posted in Security Alerts | No Comments »
Tagged With: Advance Notification • Internet Explorer • Microsoft • Security Bulletin • Security Bulletins • Severity Rating • Visual Studio
July 30th, 2009 . by DarkFiber Consulting
Adobe has released a security advisory to address a vulnerability in Adobe Reader and Acrobat 9.1.2 and Flash Player 9 and 10. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.
DarkFiber Consulting encourages users and administrators to review the security advisory and implement the following workarounds until a fix is available:
- Disable Flash in Adobe Reader 9 on Windows platforms by renaming the following files: “%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll” and “%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll”.
Additional information regarding this vulnerability can be found in Technical Cyber Security Alert TA09-204A.
DarkFiber Consulting will provide additional information as it becomes available.
Posted in Security Alerts | No Comments »
Tagged With: Acrobat Adobe • Address • Adobe Acrobat • Adobe Reader • Arbitrary Code • Attacker • Cyber Security • Denial Of Service • Dll Reader • Flash Content • Flash Player 9 • Flash Reader • Programfiles • Reader Acrobat • Vulnerability • Windows Platforms • Workarounds
July 30th, 2009 . by DarkFiber Consulting
The Mozilla Foundation has released Firefox 3.0.12 to address multiple vulnerabilities in Firefox 3.0.x. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or launch cross-site-scripting attacks.
DarkFiber Consulting encourages users and administrators to review Mozilla Foundation Security Advisories released on July 21, 2009 and upgrade to Firefox 3.0.12 to help mitigate the risks.
Posted in Security Alerts | No Comments »
Tagged With: Address • Arbitrary Code • Attacker • Denial Of Service • Mozilla Foundation Security Advisories • Mozilla Releases • Vulnerabilities
July 30th, 2009 . by DarkFiber Consulting
WordPress has released version 2.8.2 to address a cross-site-scripting vulnerability.
DarkFiber Consulting encourages users and administrators to review the WordPress Blog entry on WordPress 2.8.2 and apply the upgrade to help mitigate the risks.
Posted in Security Alerts | No Comments »
Tagged With: Address • Blog Entry • Vulnerability
July 30th, 2009 . by DarkFiber Consulting
The Mozilla Foundation has released Firefox 3.5.1 to address a vulnerability. This vulnerability is due to an error in the way the Just-in-Time (JIT) compiler returns from native functions. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.
DarkFiber Consulting encourages users and administrators to review Mozilla Foundation Security Advisory 2009-41 and upgrade to Firefox 3.5.1 or apply the suggested workaround provided in the advisory. Additional information can also be found in the Vulnerability Notes Database.
Posted in Security Alerts | No Comments »
Tagged With: Address • Arbitrary Code • Attacker • Jit Compiler • Mozilla Firefox • Mozilla Foundation Security Advisory • Native Functions • Vulnerability Notes Database • Workaround