DarkFiber Consulting – IT Managed Services

DarkFiber Consulting is aware of reports of publicly available exploit code for a vulnerability within the SSL and TLS protocols. Reports indicate that exploitation of this vulnerability may allow an attacker to conduct a man-in-the-middle attack, allowing an attacker to inject plaintext into the beginning of the application protocol stream.

DarkFiber Consulting encourages OpenSSL users and administrators to review the OpenSSL 0.9.8l release and apply any updates.

DarkFiber Consulting has not received any reports of active exploitation and will continue to provide additional information as it becomes available.

Microsoft has released Microsoft Knowledge Base Article 975497 to address a previously reported vulnerability in Microsoft Sever Message Block (SMB). This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Microsoft Knowledge Base Article 975497 and Microsoft Security Advisory 975497 and apply the Fix it tool or workarounds. Microsoft Knowledge Base Article 975497 addresses the vulnerability that was previously reported in the “Microsoft Releases Security Advisory 975497” Current Activity entry.

DarkFiber Consulting is aware that exploit code for this vulnerability has been made publicly available as part of the Metasploit Framework. Users and system administrators are strongly encouraged to apply the Microsoft Fix it solution or other workarounds until a patch is released.

DarkFiber Consulting is aware of public reports of a fraudulent email scam circulating via messages that falsely appear to be from the U.S. Federal Reserve. These email messages contain information about a phishing scam and links for users to follow to obtain additional information about the scam. If a user follows the links, they will be redirected to a malicious website where a PDF exploit is used to install malicious code on the affected system.

DarkFiber Consulting encourages users to do the following to help mitigate the risks:

• Do not follow unsolicited links.
• Use caution when visiting untrusted websites.
• Install antivirus software and keep the virus signatures up to date.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

In April 2008, Microsoft released Security Advisory 951306 to alert users of a vulnerability in Microsoft Windows. This vulnerability may allow local users, or users who can legitimately run code in the context of IIS or SQL Server, to operate with elevated privileges. Recently, Microsoft Security Response Center (MSRC) posted several blog entries indicating that the Security Advisory was updated to reflect the availability of public exploit code. A patch or update is not available to correct this issue.

DarkFiber Consulting encourages users and administrators to do the following to help mitigate the risks:

• Review the updated Security Advisory 951306 and apply the suggested workarounds.
• Review the MSRC blog entries from October 9, 2008 and October 13, 2008.

Oracle has released a Security Advisory to address a vulnerability in the WebLogic plug-in for Apache. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to compromise the confidentiality or integrity of WebLogic Server applications or cause a denial-of-service condition. The advisory indicates that exploit code for this vulnerability is publicly available.

DarkFiber Consulting encourages users to review the Oracle Security Advisory and implement the workarounds listed in the document to help mitigate the risks. At this time, a patch or update is not available.

DarkFiber Consulting will provide additional information as it becomes available.