DarkFiber Consulting – IT Managed Services

Sun has released update 17 for Java SE JDK 6 and Java SE JRE 6 to address multiple vulnerabilities. The impacts of these vulnerabilities include arbitrary code execution, privilege escalation, denial of service, and information disclosure.

DarkFiber Consulting encourages users and administrators to review the Java SE 6 Update 17 release notes and apply any necessary updates to help mitigate the risks.

Apple has released Java for Mac OS X 10.6 Update 1 and Java for Mac OS X 10.5 Update 6 to address these vulnerabilities. Mac users are encouraged to review Apple articles HT3969 and HT3970 and apply any necessary updates to help mitigate the risks.

Apple has released Security Update 2008-008 and Mac OS X v10.5.6 to address multiple vulnerabilities in Mac OS X and related products. The impacts of these vulnerabilities include arbitrary code execution, privilege escalation, denial of service, or information disclosure.

DarkFiber Consulting encourages users to review Apple article HT3338 and apply the appropriate updates.

Mozilla has released Firefox 2.0.0.18, Firefox 3.0.4, and SeaMonkey 1.1.13 to address multiple vulnerabilities. The impacts of these vulnerabilities include arbitrary code execution, privilege escalation, security bypass, cross-site scripting, denial of service, and information disclosure. As described in the Mozilla Foundation security advisories, some of these vulnerabilities may also affect Thunderbird.

DarkFiber Consulting encourages users to review the Mozilla Foundation security advisories and apply any necessary updates to help mitigate the risks.

OpenOffice.org has released bulletins to address two vulnerabilities. These bulletins address heap-based buffer overflow vulnerabilities in the processing of WMF and EMF files. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review the following OpenOffice.org security bulletins and apply the resolutions provided by the vendor:

• Manipulated WMF files can lead to heap overflows and arbitrary code execution.
• Manipulated EMF files can lead to heap overflows and arbitrary code execution.

Microsoft has released Security Advisory 958963 to alert users that exploit code is publicly available for the Windows Server Service vulnerability addressed in Microsoft Security Bulletin MS08-067. The advisory states that this exploit code has demonstrated arbitrary code execution on Windows 2000, XP and Server 2003.

DarkFiber Consulting encourages users and administrators to review Microsoft Security Advisory 958963 and apply the update or workarounds listed in Microsoft Security Bulletin MS08-067 to help mitigate the risks.

Additional information regarding the Windows Server Service vulnerability is available in:

• Microsoft Security Bulletin MS08-067
• Vulnerability Note VU#827268
• Current Activity Entry – Microsoft Releases Out-of-Band Security Bulletin MS08-067

Mozilla has released Firefox 3.0.2 to address multiple vulnerabilities. The impacts of these vulnerabilities include arbitrary code execution, enabling cross-site scripting, privilege escalation, information disclosure, and denial of service. As described in the Mozilla Foundation Security Advisories, some of these vulnerabilities may also affect Thunderbird and SeaMonkey.

DarkFiber Consulting encourages users to do the following to help mitigate the risks:

• Review the Mozilla Foundation Security Advisories.
• Update to Firefox 3.0.2.

Apple has released Security Update 2008-006 and Mac OS X v10.5.5 to address multiple vulnerabilities in Mac OS X and related products. The impacts of these vulnerabilities include arbitrary code execution, information disclosure, denial of service, privilege escalation, or DNS cache poisoning.

DarkFiber Consulting encourages users to review Apple article HT3137 and apply the appropriate updates as soon as possible.

DarkFiber Consulting will provide additional details as the they become available.