DarkFiber Consulting – IT Managed Services

Adobe Releases Security Bulletins for Acrobat, Reader, and Flash Player

March 1st, 2010 . by DarkFiber Consulting

Adobe has released two security bulletins to address vulnerabilities in Adobe Acrobat, Reader, and Flash Player.

The first bulletin, APSB10-06, is a security update for Adobe Flash Player and Adobe AIR that addresses a critical vulnerability. Exploitation of these vulnerabilities may allow an attacker to make unauthorized cross-domain requests. The bulletin indicates that the update also addresses a potential denial-of-service issue.

The second bulletin, APSB10-07, indicates that security updates are available for Adobe Reader and Acrobat. These updates address two critical vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, make unauthorized cross-domain requests, or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Adobe Bulletins APSB10-06 and APSB10-07 and apply any necessary updates to help mitigate the risks.

Cisco Releases Security Advisory for Vulnerabilities in Cisco Wireless LAN Controllers

July 30th, 2009 . by DarkFiber Consulting

Cisco has released a security advisory to address multiple vulnerabilities in Wireless LAN Controllers. The advisory addresses the following:

  • Malformed HTTP or HTTPS authentication response denial-of-service vulnerability.
  • SSH connections denial-of-service vulnerability.
  • Crafted HTTP or HTTPS request denial-of-service vulnerability.
  • Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability.

Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition or gain full control over the Wireless LAN Controller.

DarkFiber Consulting encourages users and administrators to review Cisco Security Advisory cisco-sa-20090727-wlc and apply any necessary updates or workarounds to help mitigate the risks.

Adobe Releases Update for Shockwave Player

July 2nd, 2009 . by DarkFiber Consulting

Adobe has released Shockwave Player 11.5.0.600 to address a vulnerability. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

DarkFiber Consulting encourages users and administrators to review Adobe security bulletin APSB09-08 and update to Shockwave Player 11.5.0.600 to help mitigate the risks.

Mozilla Foundation Releases Firefox 3.0.10

May 9th, 2009 . by DarkFiber Consulting

Mozilla Foundation has released Firefox 3.0.10 to address a memory corruption vulnerability. Exploitation of this vulnerability may result in a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Mozilla Foundation Security Advisory MFSA 2009-23 and update to Firefox 3.0.10 to help mitigate the risk.

Microsoft Releases Security Advisory (960906)

December 9th, 2008 . by DarkFiber Consulting

Microsoft has released Security Advisory 960906 to address reports of a vulnerability in the WordPad Text Converter for Word 97 files. The advisory indicates that Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2 are affected by this vulnerability. Exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary code or obtain local user rights. Additionally, Microsoft indicates that they are aware of limited and targeted attacks using this vulnerability.

DarkFiber Consulting encourages users to review Microsoft Security Advisory 960906 and implement any necessary Suggested Actions to help mitigate the risks.

DarkFiber Consulting will provide additional information as it becomes available.