DarkFiber Consulting – IT Managed Services

Microsoft Releases Out-of-Band Security Bulletin to Address Shortcut Vulnerability

August 6th, 2010 . by DarkFiber Consulting

Microsoft has released security bulletin MS10-046 to address a critical vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for shortcut files. By convincing a user to display a specially crafted shortcut file, a remote attacker may be able to execute arbitrary code.

DarkFiber Consulting strongly encourages users and administrators to review Microsoft security bulletin MS10-046 and apply any necessary updates to mitigate the risks.

Additional information regarding this vulnerability can be found in the following:

Microsoft Releases Security Advisory 958963

October 27th, 2008 . by DarkFiber Consulting

Microsoft has released Security Advisory 958963 to alert users that exploit code is publicly available for the Windows Server Service vulnerability addressed in Microsoft Security Bulletin MS08-067. The advisory states that this exploit code has demonstrated arbitrary code execution on Windows 2000, XP and Server 2003.

DarkFiber Consulting encourages users and administrators to review Microsoft Security Advisory 958963 and apply the update or workarounds listed in Microsoft Security Bulletin MS08-067 to help mitigate the risks.

Additional information regarding the Windows Server Service vulnerability is available in:

DNS Cache Poisoning Public Exploit Code Available

July 25th, 2008 . by DarkFiber Consulting

DarkFiber Consulting is aware of publicly available exploit code for a cache poisoning vulnerability in common DNS implementations. Exploitation of this vulnerability may allow an attacker to cause a nameserver’s clients to contact the incorrect, and possibly malicious hosts for particular services. As a result, web traffic, email and other important network data could be redirected to systems under the attacker’s control.

DarkFiber Consulting strongly urges administrators to patch affected systems immediately. Please review the following DarkFiber Consulting documents for further details:

DarkFiber Consulting will provide additional information as it becomes available.

Mozilla Releases Firefox 3.0.1

July 18th, 2008 . by DarkFiber Consulting

Mozilla has released Firefox 3.0.1 to address three vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. One of these vulnerabilities may also affect Thunderbird and SeaMonkey. Two of these vulnerabilities were previously fixed in Firefox 2.0.0.16 as well; please see the DarkFiber Consulting Current Activity entry Mozilla Releases Firefox 2.0.0.16 for additional information.

DarkFiber Consulting encourages users to review the following Mozilla Foundation Security Advisories and upgrade to Firefox 3.0.1 or implement the workarounds provided in the documents to help mitigate the risks:

  • MFSA 2008-34 : Remote code execution by overflowing CSS reference counter
  • MFSA 2008-35 : Command-line URLs launch multiple tabs when Firefox not running
  • MFSA 2008-36 : Crash with malformed GIF file on Mac OS X