DarkFiber Consulting – IT Managed Services

Microsoft Releases Security Advisory 979352

January 27th, 2010 . by DarkFiber Consulting

Microsoft has released Security Advisory 979352 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to execute arbitrary code. Microsoft also indicates that it is aware of public, active exploitation of this vulnerability.

DarkFiber Consulting encourages users and administrators to review Microsoft Security Advisory 979352 and apply the suggested workaround of setting the Internet zone security setting to High to help mitigate the risks.

Additional information about this vulnerability can be found in Vulnerability Note VU#492515.

Mozilla Firefox 3.5 Vulnerability

July 30th, 2009 . by DarkFiber Consulting

The Mozilla Foundation has released Firefox 3.5.1 to address a vulnerability. This vulnerability is due to an error in the way the Just-in-Time (JIT) compiler returns from native functions. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review Mozilla Foundation Security Advisory 2009-41 and upgrade to Firefox 3.5.1 or apply the suggested workaround provided in the advisory. Additional information can also be found in the Vulnerability Notes Database.

PHP 5.2.8 Released

December 9th, 2008 . by DarkFiber Consulting

The PHP Group has released PHP version 5.2.8 to address a vulnerability in the magic_quotes functionality. This vulnerability was introduced in PHP version 5.2.7. In addition to correcting this regression, PHP version 5.2.8 addresses a number of vulnerabilities that were originally addressed by version 5.2.7.

DarkFiber Consulting encourages users to upgrade to PHP 5.2.8 or implement the workaround as described in the PHP 5.2.8 Release Announcement.

Cisco Releases Advisory for Cisco Unity

October 8th, 2008 . by DarkFiber Consulting

Cisco Security Advisory cisco-sa-20081008-unity was released to address a vulnerability in Cisco Unity, a voice and unified messaging platform. This vulnerability may allow an attacker to view and alter configuration parameters of the Cisco Unity server.

DarkFiber Consulting encourages users to do the following:

TWiki Releases Security Alert

September 12th, 2008 . by DarkFiber Consulting

TWiki has released a Security Alert to address a vulnerability. This vulnerability is due to the way TWiki processes the “image” variable in URLs. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review the TWiki Security Alert and apply the workaround listed in the Countermeasures section of the document or upgrade to version 4.2.3 to help mitigate the risks.

Additional information regarding this vulnerability can be found in the Vulnerability Notes Database.