DarkFiber Consulting - IT Managed Services

Adobe Releases a Security Update for Download Manager

DarkFiber Consulting — Mon, 01 Mar 2010 21:14:03 +0000

Adobe has released a security bulletin to address a vulnerability in the Adobe Download Manager. This vulnerability could allow an attacker to download and install unauthorized software.

DarkFiber Consulting encourages users and administrators to review security bulletin APSB10-08 and review the steps to mitigate the issue.

Tags: Address, Adobe Download Manager, Adobe Update, Attacker, Download Adobe, Security Bulletin, Security Manager, Unauthorized Software, Vulnerability

Mozilla Releases Security Advisories

DarkFiber Consulting — Mon, 01 Mar 2010 21:14:03 +0000

The Mozilla Foundation has released multiple security advisories to address vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or bypass security restrictions.

DarkFiber Consulting encourages users and administrators to review the Mozilla Foundation security advisories. Firefox users may upgrade to version 3.0.18, 3.5.8, or 3.6 to help mitigate the risks. Thunderbird users should upgrade to version 3.0.2, and SeaMonkey users should upgrade to version 2.0.3 once those updates are released by the vendor.

Tags: Address, Arbitrary Code, Attacker, Mozilla Firefox, Mozilla Foundation Security Advisories, Seamonkey, Security Consulting, Security Restrictions, Thunderbird

Cisco Releases Multiple Security Advisories

DarkFiber Consulting — Mon, 01 Mar 2010 21:14:02 +0000

Cisco has released three security advisories to address vulnerabilities.

Security advisory, cisco-sa-20100217-fwsm, addresses a vulnerability in the Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers. Successful and repeated exploitation of this vulnerability could result in a denial-of-service condition.

Security advisory, cisco-sa-20100217-asa, addresses multiple vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances. These vulnerabilities may allow an attacker to gain unauthorized access to an affected system or cause a denial-of-service condition.

Security advisory, cisco-sa-20100217-csa, addresses multiple vulnerabilities in the Cisco Security Agent. These vulnerabilities may allow an attacker to execute arbitrary SQL commands, view and download arbitrary files, or cause a denial-of-service condition.

DarkFiber Consulting encourages users and systems administrators to review Cisco security advisory cisco-sa-20100217-fwsm, cisco-sa-20100217-asa, and cisco-sa-20100217-csa and apply any necessary updates to mitigate the risks.

Tags: Adaptive Security, Arbitrary Files, Asa, Attacker, Cisco, Cisco Catalyst 6500, Cisco Firewall, Cisco Routers, Cisco Security Advisory, Denial Of Service, Firewall Services, Necessary Updates, Security Advisories, Security Agent, Security Appliances, Series Routers, Series Switches, Sql Commands, Systems Administrators, Unauthorized Access

Adobe Releases Security Bulletins for Acrobat, Reader, and Flash Player

DarkFiber Consulting — Mon, 01 Mar 2010 21:14:01 +0000

Adobe has released two security bulletins to address vulnerabilities in Adobe Acrobat, Reader, and Flash Player.

The first bulletin, APSB10-06, is a security update for Adobe Flash Player and Adobe AIR that addresses a critical vulnerability. Exploitation of these vulnerabilities may allow an attacker to make unauthorized cross-domain requests. The bulletin indicates that the update also addresses a potential denial-of-service issue.

The second bulletin, APSB10-07, indicates that security updates are available for Adobe Reader and Acrobat. These updates address two critical vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, make unauthorized cross-domain requests, or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Adobe Bulletins APSB10-06 and APSB10-07 and apply any necessary updates to help mitigate the risks.

Tags: Acrobat Adobe, Address, Addresses, Adobe Acrobat Reader, Adobe Flash Player, Adobe Reader, Adobe Updates, Arbitrary Code, Attacker, Critical Vulnerability, Denial Of Service, Domain Requests, Necessary Updates, Reader Acrobat, Security Bulletins, Security Updates, Vulnerabilities, Vulnerability Exploitation

Google Releases Chrome 4.0.249.89

DarkFiber Consulting — Mon, 01 Mar 2010 21:14:01 +0000

Google has released Chrome 4.0.249.89 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information.

DarkFiber Consulting encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 4.0.249.89 for Windows to help mitigate the risks.

Tags: Arbitrary Code, Attacker, Blog, Google

Cisco Releases Advisory for IronPort Encryption Appliance

DarkFiber Consulting — Mon, 01 Mar 2010 21:14:00 +0000

Cisco has released an advisory to address multiple vulnerabilities in IronPort Encryption Appliance. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or obtain sensitive information.

DarkFiber Consulting encourages users and administrators to review Cisco Security Advisory cisco-sa-20100210-ironport and apply any necessary workarounds to help mitigate the risks. Additional information regarding these vulnerabilities can be found in Cisco Applied Mitigation Bulletin 111668.

Tags: Address, Arbitrary Code, Attacker, Cisco, Cisco Security Advisory, Encryption, Ironport, Mitigation, Vulnerabilities, Workarounds

Microsoft Releases February Security Bulletin

DarkFiber Consulting — Mon, 01 Mar 2010 21:14:00 +0000

Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for February 2010. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.

DarkFiber Consulting encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Tags: Address, Arbitrary Code, Attacker, Bulletins, Denial Of Service, Microsoft, Microsoft Office, Microsoft Security Bulletin, Microsoft Windows, Privileges, Security Policies, Vulnerabilities

Oracle Releases Security Alert for WebLogic Server Vulnerability

DarkFiber Consulting — Mon, 01 Mar 2010 21:13:59 +0000

Oracle has released a security alert to address a vulnerability in Oracle WebLogic Server. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands on an affected system.

DarkFiber Consulting encourages users and administrators to review the Oracle security alert and apply any necessary updates to help mitigate the risks.

Tags: Address, Arbitrary Commands, Attacker, Necessary Updates, Oracle, Oracle Security Alert, Oracle Server, Server Vulnerability, Weblogic Server

Microsoft Releases Advance Notification for February Security Bulletin

DarkFiber Consulting — Mon, 01 Mar 2010 21:13:59 +0000

Microsoft has issued a Security Bulletin Advance Notification, indicating that its February release cycle will contain 13 bulletins. Five of them will have a severity rating of Critical and will be for Microsoft Windows. The remaining eight bulletins have an Important rating and are for Microsoft Windows and Microsoft Office. Release of these bulletins is scheduled for Tuesday, February 9, 2010.

DarkFiber Consulting will provide additional information as it becomes available.

Tags: Advance Notification, Bulletins, Microsoft, Microsoft Office, Microsoft Security, Microsoft Windows, Security Bulletin, Severity Rating, Windows Microsoft

Apple Releases iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod touch

DarkFiber Consulting — Mon, 01 Mar 2010 21:13:58 +0000

Apple has released iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod touch to address vulnerabilities in the CoreAudio, ImageIO, Recovery Mode and WebKit packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

DarkFiber Consulting encourages users and administrators to review Apple article HT4013 and apply any necessary updates to help mitigate the risks.

Tags: Address, Apple 1, Apple Article, Apple Os, Arbitrary Code, Attacker, Denial Of Service, Iphone, Ipod, Necessary Updates, Recovery Mode, Webkit