DarkFiber Consulting – IT Managed Services

Internet Systems Consortium BIND 9 Vulnerability

July 30th, 2009 . by DarkFiber Consulting

The Internet Systems Consortium (ISC) has released BIND versions 9.4.3-P3, 9.5.1-P3, and 9.6.1-P1 to address a vulnerability. By sending a specially crafted dynamic update packet to an affected BIND 9 server, a remote, unauthenticated attacker may be able to cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review the Internet Systems Consortium advisory and apply any necessary updates to help mitigate the risks. Additional information can be found in the Vulnerability Notes Database.

Mozilla Firefox 3.5 Vulnerability

July 30th, 2009 . by DarkFiber Consulting

The Mozilla Foundation has released Firefox 3.5.1 to address a vulnerability. This vulnerability is due to an error in the way the Just-in-Time (JIT) compiler returns from native functions. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review Mozilla Foundation Security Advisory 2009-41 and upgrade to Firefox 3.5.1 or apply the suggested workaround provided in the advisory. Additional information can also be found in the Vulnerability Notes Database.

Adobe Reader and Acrobat JavaScript Vulnerabilities

May 9th, 2009 . by DarkFiber Consulting

DarkFiber Consulting is aware of public reports of two vulnerabilities affecting Adobe Reader and Acrobat. The JavaScript methods customDictionaryOpen() and getAnnots() do not safely handle specially crafted arguments and can be manipulated to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to disable JavaScript in Adobe Reader to help mitigate the risk:

  1. Open the General Preferences dialog box
  2. From the Edit menu, select Preferences and then choose JavaScript
  3. Un-check Enable Acrobat JavaScript

Additional information regarding these vulnerabilities can be found in the Adobe PSIRT blog entry and in the Vulnerability Notes Database. DarkFiber Consulting will provide additional information as it becomes available.

Research In Motion Releases Advisory for BlackBerry PDF Distiller Vulnerabilities

May 9th, 2009 . by DarkFiber Consulting

Research In Motion has released a security advisory to address multiple vulnerabilities in the PDF distiller of some released versions of the BlackBerry Attachment Service. The advisory lists the affected versions as BlackBerry Enterprise Server 4.1.3 through 4.1.6 and BlackBerry Professional Software 4.1.4.  By convincing a user to view a specially crafted PDF file, an attacker may be able to execute arbitrary code on the system that hosts the Blackberry Attachment Service.

DarkFiber Consulting encourages users to review BlackBerry security advisory KB17953 and apply any necessary updates.

Additional information is available in the Vulnerability Notes Database.

Microsoft Releases Security Bulletin MS08-078

December 17th, 2008 . by DarkFiber Consulting

Microsoft has released Security Bulletin MS08-078 to address a vulnerability in Internet Explorer. This vulnerability is due to an invalid pointer reference in the data binding function. By convincing a user to view a specially crafted document that performs data binding (e.g., a web page, email message, or attachment), a remote, unauthenticated attacker may be able to execute arbitrary code.

DarkFiber Consulting encourages users to review Microsoft Security Bulletin MS08-078 and apply the update or workarounds listed in the bulletin to help mitigate the risks. Users may also want to consider implementing the best security practices listed in the Securing Your Web Browser document to strengthen their web browsers against future vulnerabilities.

Additional information regarding this vulnerability can be found in the Vulnerability Notes Database.

Microsoft Releases Advance Notification

December 16th, 2008 . by DarkFiber Consulting

Microsoft has released a Security Bulletin Advance Notification indicating that an out-of-band Security Bulletin will be released. This bulletin will address a remote code execution vulnerability in Microsoft Internet Explorer. Release of this Bulletin is scheduled for Wednesday, December 17.

DarkFiber Consulting encourages users to review the Security Bulletin Advance Notification and apply any necessary updates when they become available. Additional information about this vulnerability can be found in the Vulnerability Notes Database.

DarkFiber Consulting will provide additional information as it becomes available.

Microsoft Releases Security Advisory (961051)

December 11th, 2008 . by DarkFiber Consulting

Microsoft has released Security Advisory 961051 to address reports of attacks against a new vulnerability in Internet Explorer 7. By convincing a user to view a specially crafted XML document, an attacker may be able to execute arbitrary code with the privileges of the user. Additionally, Microsoft indicates that it is aware of limited and targeted attacks using this vulnerability.

DarkFiber Consulting encourages users to review the Microsoft Security Advisory 961051 and implement any Suggested Actions to help mitigate the risks.

Additional information is available in the Vulnerability Notes database. DarkFiber Consulting will provide further details as they become available.

Adobe Releases Security Bulletin

November 4th, 2008 . by DarkFiber Consulting

Adobe has released a Security Bulletin to address multiple vulnerabilities in Adobe Reader 8 and Acrobat 8. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Adobe Security Bulletin APSB08-19 and apply the solution provided in that document to help mitigate the risks.

Additional information and workarounds regarding these vulnerabilities can be found in the Vulnerability Notes Database.

TWiki Releases Security Alert

September 12th, 2008 . by DarkFiber Consulting

TWiki has released a Security Alert to address a vulnerability. This vulnerability is due to the way TWiki processes the “image” variable in URLs. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review the TWiki Security Alert and apply the workaround listed in the Countermeasures section of the document or upgrade to version 4.2.3 to help mitigate the risks.

Additional information regarding this vulnerability can be found in the Vulnerability Notes Database.

Microsoft Releases Security Advisory For Snapshot Viewer ActiveX Control

July 14th, 2008 . by DarkFiber Consulting

Microsoft has released a Security Advisory to address a vulnerability in a Microsoft Access ActiveX control. By convincing a user to visit a specially crafted web page, a remote, unauthenticated attacker may be able to execute arbitrary code. The Advisory also indicates that the vulnerability is being used in active, targeted attacks.

DarkFiber Consulting encourages users to review Microsoft Security Advisory 955179 and apply the workarounds to help mitigate the risks. Additional information regarding this issue can be found in the Vulnerability Notes Database.