March 1st, 2010 . by DarkFiber Consulting
Adobe has released two security bulletins to address vulnerabilities in Adobe Acrobat, Reader, and Flash Player.
The first bulletin, APSB10-06, is a security update for Adobe Flash Player and Adobe AIR that addresses a critical vulnerability. Exploitation of these vulnerabilities may allow an attacker to make unauthorized cross-domain requests. The bulletin indicates that the update also addresses a potential denial-of-service issue.
The second bulletin, APSB10-07, indicates that security updates are available for Adobe Reader and Acrobat. These updates address two critical vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, make unauthorized cross-domain requests, or cause a denial-of-service condition.
DarkFiber Consulting encourages users and administrators to review Adobe Bulletins APSB10-06 and APSB10-07 and apply any necessary updates to help mitigate the risks.
October 14th, 2009 . by DarkFiber Consulting
Microsoft has released Microsoft Knowledge Base Article 975497 to address a previously reported vulnerability in Microsoft Sever Message Block (SMB). This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
DarkFiber Consulting encourages users and administrators to review Microsoft Knowledge Base Article 975497 and Microsoft Security Advisory 975497 and apply the Fix it tool or workarounds. Microsoft Knowledge Base Article 975497 addresses the vulnerability that was previously reported in the “Microsoft Releases Security Advisory 975497” Current Activity entry.
DarkFiber Consulting is aware that exploit code for this vulnerability has been made publicly available as part of the Metasploit Framework. Users and system administrators are strongly encouraged to apply the Microsoft Fix it solution or other workarounds until a patch is released.
July 30th, 2009 . by DarkFiber Consulting
Cisco has released a security advisory to address multiple vulnerabilities in Wireless LAN Controllers. The advisory addresses the following:
- Malformed HTTP or HTTPS authentication response denial-of-service vulnerability.
- SSH connections denial-of-service vulnerability.
- Crafted HTTP or HTTPS request denial-of-service vulnerability.
- Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability.
Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition or gain full control over the Wireless LAN Controller.
DarkFiber Consulting encourages users and administrators to review Cisco Security Advisory cisco-sa-20090727-wlc and apply any necessary updates or workarounds to help mitigate the risks.
December 9th, 2008 . by DarkFiber Consulting
The PHP Group has released PHP version 5.2.8 to address a vulnerability in the magic_quotes functionality. This vulnerability was introduced in PHP version 5.2.7. In addition to correcting this regression, PHP version 5.2.8 addresses a number of vulnerabilities that were originally addressed by version 5.2.7.
DarkFiber Consulting encourages users to upgrade to PHP 5.2.8 or implement the workaround as described in the PHP 5.2.8 Release Announcement.
September 15th, 2008 . by DarkFiber Consulting
Apple has released an article to address issues with their recent iTunes 8.0 release. The article indicates that Windows Vista users who have installed iTunes 8.0 may be seeing a blue screen error message when connecting an iPhone or iPod to their computer.
DarkFiber Consulting encourages users to review Apple article TS2280 and apply one of the solutions listed in the article to fix the issue.
August 25th, 2008 . by DarkFiber Consulting
Microsoft has revised Security Bulletin MS08-051, which addresses vulnerabilities in Microsoft PowerPoint. This revision describes a rerelease of the standalone update package for Microsoft Office PowerPoint 2003.
According to Microsoft, users who applied the update provided through Microsoft Update or Office Update do not need to take further action. Users who installed the original standalone update should apply the updated package as described in the revised Microsoft Security Bulletin.
DarkFiber Consulting encourages users and administrators to review Microsoft Security Bulletin MS08-051 and apply or reapply any necessary updates.
August 1st, 2008 . by DarkFiber Consulting
Apple has released Security Update 2008-005 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to conduct DNS cache poisoning attacks, execute arbitrary code, cause a denial-of-service condition, or access the affected system with elevated privileges. Please note that this update addresses recent issues with weaknesses in common DNS implementations; see Vulnerability Note VU#800113 for additional information.
DarkFiber Consulting encourages users to review Apple Article HT2647 and apply any necessary updates as soon as possible to help mitigate the risks.