DarkFiber Consulting – IT Managed Services

Adobe Releases Shockwave Player Update and Flash Player Update

July 30th, 2009 . by DarkFiber Consulting

Adobe has released Shockware Player 11.5.1.601 because previous versions used a vulnerable version of the Microsoft Active Template Library (ATL). Additionally, Adobe has released Flash Player 10.0.22.87 and 9.0.246.0 to address the ATL issue and additional vulnerabilities in Flash Player. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review Adobe security bulletins APSB09-11 and APSB09-10 and apply any necessary updates to help mitigate the risks. Additional information can be found in the Adobe PSIRT blog and in Adobe security advisory APSA09-04.

Cisco Releases Security Advisory for IOS Software Vulnerabilities

July 30th, 2009 . by DarkFiber Consulting

Cisco has released a security advisory to address multiple vulnerabilities in IOS Software. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition when handling specific Border Gateway Protocol (BGP) updates. The advisory indicates that these vulnerabilities affect only Cisco IOS
Software with support for four-octet AS number space and BGP routing
configured.

DarkFiber Consulting encourages users and administrators to review Cisco Security Advisory cisco-sa-20090729-bgp and apply any necessary updates to help mitigate the risks.

Internet Systems Consortium BIND 9 Vulnerability

July 30th, 2009 . by DarkFiber Consulting

The Internet Systems Consortium (ISC) has released BIND versions 9.4.3-P3, 9.5.1-P3, and 9.6.1-P1 to address a vulnerability. By sending a specially crafted dynamic update packet to an affected BIND 9 server, a remote, unauthenticated attacker may be able to cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review the Internet Systems Consortium advisory and apply any necessary updates to help mitigate the risks. Additional information can be found in the Vulnerability Notes Database.

Microsoft Releases Two Out-of-Band Security Bulletins and a Security Advisory

July 30th, 2009 . by DarkFiber Consulting

Microsoft has released two out-of-band security bulletins. The first bulletin, MS09-034, is a cumulative security update for Internet Explorer that addresses several vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code. The second bulletin, MS09-035, addresses vulnerabilities in the Visual Studio Active Template Library (ATL). Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

Additionally, Microsoft has released security advisory 973882 to provide specific guidance for developers, IT professionals, consumers, and home users regarding the vulnerabilities in Active Template Library (ATL).

DarkFiber Consulting encourages users and administrators to review Microsoft Security Bulletins MS09-034 and MS09-035 and Microsoft Security Advisory 973882 and apply any necessary updates or workarounds to help mitigate the risks. Additional information can be found in Technical Cyber Security Alert TA09-209A.

Cisco Releases Security Advisory for Vulnerabilities in Cisco Wireless LAN Controllers

July 30th, 2009 . by DarkFiber Consulting

Cisco has released a security advisory to address multiple vulnerabilities in Wireless LAN Controllers. The advisory addresses the following:

  • Malformed HTTP or HTTPS authentication response denial-of-service vulnerability.
  • SSH connections denial-of-service vulnerability.
  • Crafted HTTP or HTTPS request denial-of-service vulnerability.
  • Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability.

Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition or gain full control over the Wireless LAN Controller.

DarkFiber Consulting encourages users and administrators to review Cisco Security Advisory cisco-sa-20090727-wlc and apply any necessary updates or workarounds to help mitigate the risks.

Microsoft Releases Advance Notification for Out-of-Band Security Bulletins

July 30th, 2009 . by DarkFiber Consulting

Microsoft has issued a Security Bulletin Advance Notification indicating that it will be releasing two out-of-band security bulletins. The first bulletin will address issues with Internet Explorer and has the severity rating of critical. The second bulletin will address issues with Visual Studio and has the severity rating of moderate. The notification states that release of these bulletins is scheduled for July 28, 2009.

DarkFiber Consulting will provide additional information as it becomes available.

Adobe Reader, Acrobat and Flash Player Vulnerability

July 30th, 2009 . by DarkFiber Consulting

Adobe has released a security advisory to address a vulnerability in Adobe Reader and Acrobat 9.1.2 and Flash Player 9 and 10. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review the security advisory and implement the following workarounds until a fix is available:

  • Disable Flash in Adobe Reader 9 on Windows platforms by renaming the following files: “%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll” and “%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll”.

Additional information regarding this vulnerability can be found in Technical Cyber Security Alert TA09-204A.

DarkFiber Consulting will provide additional information as it becomes available.

Mozilla Releases Firefox 3.0.12

July 30th, 2009 . by DarkFiber Consulting

The Mozilla Foundation has released Firefox 3.0.12 to address multiple vulnerabilities in Firefox 3.0.x. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or launch cross-site-scripting attacks.

DarkFiber Consulting encourages users and administrators to review Mozilla Foundation Security Advisories released on July 21, 2009 and upgrade to Firefox 3.0.12 to help mitigate the risks.

WordPress Releases Version 2.8.2

July 30th, 2009 . by DarkFiber Consulting

WordPress has released version 2.8.2 to address a cross-site-scripting vulnerability.

DarkFiber Consulting encourages users and administrators to review the WordPress Blog entry on WordPress 2.8.2 and apply the upgrade to help mitigate the risks.

Mozilla Firefox 3.5 Vulnerability

July 30th, 2009 . by DarkFiber Consulting

The Mozilla Foundation has released Firefox 3.5.1 to address a vulnerability. This vulnerability is due to an error in the way the Just-in-Time (JIT) compiler returns from native functions. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review Mozilla Foundation Security Advisory 2009-41 and upgrade to Firefox 3.5.1 or apply the suggested workaround provided in the advisory. Additional information can also be found in the Vulnerability Notes Database.

« Previous Entries