If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Office-VISTA firewall-Adobe Flash-other vulnerabilities - US-Cert-combined
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 National Cyber Alert System Cyber Security Alert SA07-191A Microsoft Updates for Multiple Vulnerabilities Original release date: July 12, 2007 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Office Overview Vulnerabilities in Microsoft Windows and Office could allow an attacker to gain control of your computer. Solution Install updates Microsoft has released updates to remedy vulnerabilities in Microsoft Windows and Office. To obtain these updates, visit the Microsoft Update web site. We also recommend enabling Automatic Updates. Description Vulnerabilities in Microsoft Windows and Office may allow an attacker to access your computer, install and run malicious software on your computer, or cause it to crash. More technical information is available in US-CERT Technical Cyber Security Alert TA07-191A. References * US-CERT Technical Cyber Security Alert TA07-191A - http://www.us-cert.gov/cas/techalerts/TA07-191A.html * Vulnerability Notes for Microsoft July 2007 updates - http://www.kb.cert.org/vuls/byid?searchview&query=ms07-Jul * Microsoft security updates for July 2007 - http://www.microsoft.com/protect/computer/updates/bulletins/200707.mspx * Microsoft Security at Home - http://www.microsoft.com/protect/ * Microsoft Update - https://update.microsoft.com/microsoftupdate/ * Microsoft Automatic Updates - http://www.microsoft.com/athome/secu..._current.mspx# EZB * Microsoft Security at Home - http://www.microsoft.com/protect/ * Microsoft Update - https://update.microsoft.com/microsoftupdate/ * Microsoft Automatic Updates - http://www.microsoft.com/athome/secu..._current.mspx# EZB __________________________________________________ _______________ The most recent version of this document can be found at: http://www.us-cert.gov/cas/alerts/SA07-191A.html __________________________________________________ _______________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "SA07-191A Feedback VU#487905" in the subject. __________________________________________________ ______________ For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html. __________________________________________________ ______________ Produced 2007 by US-CERT, a government organization. Terms of use Terms of use: http://www.us-cert.gov/legal.html __________________________________________________ _______________ Revision History July 10, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRpPqPvRFkHkM87XOAQIR7Qf/dB6eCYQn5pxrAHCEXP5edkpi3ZZiqdC0 omCvDyVgmDVfrs/ZE1yk0qLgQxR8TU9J4hnBdbIRNhsP+cRmr//fj8qvvU4IlI/X S/tY/o0pP8GEsJrFfpcSXuh0TMme4Vyw+V6mOwBzHiHS1LEmclQ954d grmbsJEER 35rtshZCSlKj98X0QXUT5Ev31F9ELcn1qcg5rv8a3tfefzzF5i Rshmhd8d06W2GL c7okyBZapeOYhjlaGjkVlex8kF75e+F3CcLplj551awCwRM0Wj iHWKIuePcYEES1 BIpAaVmsVWEdvvq7ybBq2MMXDFNxNPKSaMrQcVjCqQ1zCR3lmk XMcw== =Fg+7 -----END PGP SIGNATURE----- ******* -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-191A Microsoft Updates for Multiple Vulnerabilities Original release date: July 10, 2007 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Excel * Microsoft Publisher * Microsoft .NET Framework * Microsoft Internet Information Services (IIS) * Microsoft Windows Vista Firewall Overview Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Excel, Publisher, .NET Framework, Internet Information Services, and Windows Vista Firewall. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. I. Description Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Excel, Publisher, .NET Framework, Internet Information Services, and Windows Vista Firewall as part of the Microsoft Security Bulletin Summary for July 2007. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Further information about the vulnerabilities addressed by these updates is available in the Vulnerability Notes Database II. Impact A remote, unauthenticated attacker could execute arbitrary code on a vulnerable system. An attacker may also be able to cause a denial of service. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the July 2007 Security Bulletins. The Security Bulletins describe any known issues related to the updates. Administrators are encouraged to note any known issues that are described in the Bulletins and test for any potentially adverse effects. System administrators may wish to consider using an automated patch distribution system such as Windows Server Update Services (WSUS). IV. References * US-CERT Vulnerability Notes for Microsoft July 2007 updates - http://www.kb.cert.org/vuls/byid?searchview&query=ms07-jul * Securing Your Web Browser - http://www.us-cert.gov/reading_room/securing_browser/ * Microsoft Security Bulletin Summary for July 2007 - http://www.microsoft.com/technet/security/bulletin/ms07-jul.mspx * Microsoft Update - https://update.microsoft.com/microsoftupdate/ * Microsoft Office Update - http://officeupdate.microsoft.com/ * Windows Server Update Services - http://www.microsoft.com/windowsserversystem/updateservices/default.mspx __________________________________________________ __________________ The most recent version of this document can be found at: http://www.us-cert.gov/cas/techalerts/TA07-191A.html __________________________________________________ __________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA07-191A Feedback VU#487905" in the subject. __________________________________________________ __________________ For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html. __________________________________________________ __________________ Produced 2007 by US-CERT, a government organization. Terms of use: http://www.us-cert.gov/legal.html __________________________________________________ __________________ Revision History July 10, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRpPwhvRFkHkM87XOAQKWiQf/XFpYurcCFZ1qG700NatqdY7wL6pO4qbv hGzdzUJH+aRN7b6XaEE/ZLprWnyj2H8HbH+HAHOuKDOxBI7N6PQ4WPaeZ14tDsNP pNFg81LjE5Hlj6h5N2p8XML3t/4X7a7wk5YB7nhiBdisxAJ7iNjQ1BawjTlA9/kl dTaIRW2njHpupGLWuin60U/di12jI3JirgJHfiRK6Ruiqnv56rM7LS9IOT1HV5RR 0otIr1Dttdnmgveb0YOiz7A36nwMiCEUzcUu2rKzARpZ4gMBIr SbfkAJpyUE0w3K WMh1tgEt3fooTgvBUhpDjfxbMNka85wGbpizcsKnw6VVzIQAlr 0y3Q== =FRhW -----END PGP SIGNATURE----- ***** -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-192A Adobe Flash Player Updates for Multiple Vulnerabilities Original release date: July 11, 2007 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows, Apple Mac OS X, Linux, Solaris, or other operating systems with any of the following Adobe products installed: * Flash Player 9.0.45.0 * Flash Player 9.0.45.0 and earlier network distribution * Flash Basic * Flash CS3 Professional * Flash Professional 8, Flash Basic * Flex 2.0 * Flash Player 7.070.0 for Linux or Solaris For more complete information, refer to Adobe Security Bulletin APSB07-12. Overview There are critical vulnerabilities in Adobe Flash player and related software. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. I. Description Adobe Security Bulletin APSB07-12 addresses vulnerabilities in Adobe Flash Player and related software. Further information is available in the US-CERT Vulnerability Notes database. Several operating systems, including Microsoft Windows and Apple OS X, have vulnerable versions of Flash installed by default. Systems with Flash-enabled web browsers are vulnerable. To exploit these vulnerabilities, an attacker could host a specially crafted Flash file on a web site and convince a user to visit the site. II. Impact A remote, unauthenticated attacker could execute arbitrary code with the privileges of the user, steal credentials, or create a denial-of-service condition. If the user is logged on with administrative privileges, the attacker could take complete control of an affected system. III. Solution Apply Updates Check with your vendor for patches or updates. For information about a specific vendor, please see the Systems Affected section in the vulnerability notes or contact your vendor directly. If you get the flash player from Adobe, see the Adobe Get Flash page for information about updates. Disable Flash Users who are unable to apply the patch should disable Flash. Contact your vendor or see the US-CERT Vulnerability Notes VU#110297, VU#730785, or VU#138457 for more details. Appendix A. References * Adobe - APSB07-12: Flash Player update available to address security vulnerabilities - http://www.adobe.com/support/security/bulletins/apsb07-12.html * US-CERT Vulnerability Notes Database - http://www.kb.cert.org/vuls/byid?sea...,VU%2323110297 ,VU%23730785 __________________________________________________ _______________ The most recent version of this document can be found at: http://www.us-cert.gov/cas/techalerts/TA07-192A.html __________________________________________________ _______________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA07-192A Feedback VU#730785" in the subject. __________________________________________________ _______________ For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html. __________________________________________________ _______________ Produced 2007 by US-CERT, a government organization. Terms of use Terms of use: http://www.us-cert.gov/legal.html __________________________________________________ _______________ Revision History July 11, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRpU9ffRFkHkM87XOAQKltggAm5ZRfQ8tfM+0WGcNtM PCxjHyWfX3VNNt 8Q6rkAkft8LcP0ek7dRs4kxfvEz4RHWmT+6J/tUeG/X8DoBZKcjbe/c/Vh0gLQYN xKlAUXGjThWuTeoUmKwZkDQTdlwR1Y3E/LpjUKxoErANuLsgsHQkyvM8lDw+qBY6 TzynZFOSR0ZNjS7IpP945dkaFEbxY5gYGYi19/0FbgRMfcMLEkSmOrWIc5n58U1U IOQ/1gtZIWsNBR50Xrjs6avfSHNR7kTYXSMoSupZkuBGoapwwmYp/cVh1KPYJRjt jc0IaQbcGA80o22TJ1yyYroF8x5oUVpzLqJBcZSJLHWUMSXxB4 Bv3g== =yQt6 -----END PGP SIGNATURE----- |
#2
|
|||
|
|||
Office-VISTA firewall-Adobe Flash-other vulnerabilities - US-Cert-combined
Another cut and paste poster, Why you not say something original in
your own words troll? |
#3
|
|||
|
|||
Office-VISTA firewall-Adobe Flash-other vulnerabilities -US-Cert-combined
Michael Yardley wrote:
Another cut and paste poster, Why you not say something original in your own words troll? LOL (I could say more, but I won't...) |
#4
|
|||
|
|||
Office-VISTA firewall-Adobe Flash-other vulnerabilities - US-Cert-combined
Well, apparently some new blood roles through... From 98 Guy? Well we expect some really stupid stuff from him, you on the other hand, Mike, apparently don't realize what that was put here for... do try to take your blinders off and keep up.... This related, in part, to Flash 9 and 10... and VISTA for the dual booters, and several other aspects... which include 9X, do try to keep up... Now do you have anything relevant to post in here? "98 Guy" wrote in message ... | Michael Yardley wrote: | | Another cut and paste poster, Why you not say something original | in your own words troll? | | LOL | | (I could say more, but I won't...) -- MEB http://peoplescounsel.orgfree.com ________ |
#5
|
|||
|
|||
Office-VISTA firewall-Adobe Flash-other vulnerabilities - US-Cert-combined
Oh and for those who can't figure this one out, it deals with Quicktime,
and I-Tunes.... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-193A Apple Releases Security Updates for QuickTime Original release date: July 12, 2007 Last revised: -- Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows Overview Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. I. Description Apple QuickTime 7.2 resolves multiple vulnerabilities in the way Java applets and various types of media files are handled. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted Java applet or media file with a vulnerable version of QuickTime. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page. Note that QuickTime ships with Apple iTunes. For more information, please refer to the Vulnerability Notes Database. II. Impact These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or commands and cause a denial-of-service condition. For further information, please see the Vulnerability Notes Database. III. Solution Upgrade QuickTime Upgrade to QuickTime 7.2. This and other updates for Mac OS X are available via Apple Update. On Microsoft Windows, QuickTime users can install the update by using the built-in auto-update mechanism, Apple Software Update, or by installing the update manually. Disable QuickTime in your web browser An attacker may be able to exploit some of these vulnerabilities by persuading a user to access a specially crafted media file with a web browser. Disabling QuickTime in your web browser may defend against this attack vector. For more information, refer to the Securing Your Web Browser document. Disable Java in your web browser An attacker may be able to exploit some of these vulnerabilities by persuading a user to access a specially crafted Java applet with a web browser. Disabling Java in your web browser may defend against this attack vector. Instructions for disabling Java can be found in the Securing Your Web Browser document. References * Vulnerability Notes for QuickTime 7.2 - http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_72 * About the security content of the QuickTime 7.2 Update - http://docs.info.apple.com/article.html?artnum=305947 * How to tell if Software Update for Windows is working correctly when no updates are available - http://docs.info.apple.com/article.html?artnum=304263 * Apple QuickTime 7.2 for Windows - http://www.apple.com/support/downloads/quicktime72forwindows.html * Apple QuickTime 7.2 for Mac - http://www.apple.com/support/downloads/quicktime72formac.html * Standalone Apple QuickTime Player - http://www.apple.com/quicktime/download/standalone.html * Mac OS X: Updating your software - http://docs.info.apple.com/article.html?artnum=106704 * Securing Your Web Browser - http://www.us-cert.gov/reading_room/securing_browser/ __________________________________________________ __________________ The most recent version of this document can be found at: http://www.us-cert.gov/cas/techalerts/TA07-193A.html __________________________________________________ __________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA07-193A Feedback VU#582681" in the subject. __________________________________________________ __________________ For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html. __________________________________________________ __________________ Produced 2007 by US-CERT, a government organization. Terms of use: http://www.us-cert.gov/legal.html __________________________________________________ __________________ Revision History Thursday July 12, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRpZsJ/RFkHkM87XOAQKLMgf9GpK/pbKTrSe0yKCRMt8Z4lMKl8VE+Rqr 4i8GfVXYUcBKbTlA8TTyf5ucbmCVAnjGJIq0W6X5gLBeA0QxCZ 6qto/iPqviuvoV 8tu92/DuerYOkZMvJcn4RjAlMhM9CWCqJh1QG6R2Csn8AyeKEOFDiKYq oDzT+LoQ zojxmlNJIbUvIIGv8Z12Xkr1LLDmD4rs1nfDEBZm7yLTWRItmX pvSidftdUGETDZ +ok1SIhkZEbPNT7gAox9RZaKyIRHV7V4wZwqDd3weo6T7UPlhs gRqe88h1R5Yfq8 a7ePH0WSbTCqdGmuoM+nir4iDldoxB8OpbMUQH1nmWcDmc9xv+ +MHQ== =EV1X -----END PGP SIGNATURE----- Oh and for those who can't figure this one out, it deals with Quicktime, and I-Tunes.... |
#6
|
|||
|
|||
Office-VISTA firewall-Adobe Flash-other vulnerabilities - US-Cert-combined
On Jul 12, 4:34 pm, Michael Yardley wrote:
Another cut and paste poster, Why you not say something original in your own words troll? You are the troll and a very stupid one. No wonder your neighbours want you evicted. Yardley is a drunken welfare prostitute. |
#7
|
|||
|
|||
Office-VISTA firewall-Adobe Flash-other vulnerabilities - US-Cert-combined
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Cyber Security Tip ST04-015 Understanding Denial-of-Service Attacks You may have heard of denial-of-service attacks launched against web sites, but you can also be a victim of these attacks. Denial-of-service attacks can be difficult to distinguish from common network activity, but there are some indications that an attack is in progress. What is a denial-of-service (DoS) attack? In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, web sites, online accounts (banking, etc.), or other services that rely on the affected computer. The most common and obvious type of DoS attack occurs when an attacker "floods" a network with information. When you type a URL for a particular web site into your browser, you are sending a request to that site's computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can't process your request. This is a "denial of service" because you can't access that site. An attacker can use spam email messages to launch a similar attack on your email account. Whether you have an email account supplied by your employer or one available through a free service such as Yahoo! or Hotmail, you are assigned a specific quota, which limits the amount of data you can have in your account at any given time. By sending many, or large, email messages to the account, an attacker can consume your quota, preventing you from receiving legitimate messages. What is a distributed denial-of-service (DDoS) attack? In a distributed denial-of-service (DDoS) attack, an attacker may use your computer to attack another computer. By taking advantage of security vulnerabilities or weaknesses, an attacker could take control of your computer. He or she could then force your computer to send huge amounts of data to a web site or send spam to particular email addresses. The attack is "distributed" because the attacker is using multiple computers, including yours, to launch the denial-of-service attack. How do you avoid being part of the problem? Unfortunately, there are no effective ways to prevent being the victim of a DoS or DDoS attack, but there are steps you can take to reduce the likelihood that an attacker will use your computer to attack other computers: * Install and maintain anti-virus software (see Understanding Anti-Virus Software for more information). * Install a firewall, and configure it to restrict traffic coming into and leaving your computer (see Understanding Firewalls for more information). * Follow good security practices for distributing your email address (see Reducing Spam for more information). Applying email filters may help you manage unwanted traffic. How do you know if an attack is happening? Not all disruptions to service are the result of a denial-of-service attack. There may be technical problems with a particular network, or system administrators may be performing maintenance. However, the following symptoms could indicate a DoS or DDoS attack: * unusually slow network performance (opening files or accessing web sites) * unavailability of a particular web site * inability to access any web site * dramatic increase in the amount of spam you receive in your account What do you do if you think you are experiencing an attack? Even if you do correctly identify a DoS or DDoS attack, it is unlikely that you will be able to determine the actual target or source of the attack. Contact the appropriate technical professionals for assistance. * If you notice that you cannot access your own files or reach any external web sites from your work computer, contact your network administrators. This may indicate that your computer or your organization's network is being attacked. * If you are having a similar experience on your home computer, consider contacting your Internet service provider (ISP). If there is a problem, the ISP might be able to advise you of an appropriate course of action. __________________________________________________ _______________ Author: Mindi McDowell __________________________________________________ _______________ Produced 2004 by US-CERT, a government organization. Note: This tip was previously published and is being re-distributed to increase awareness. Terms of use http://www.us-cert.gov/legal.html This document can also be found at http://www.us-cert.gov/cas/tips/ST04-015.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRrC42/RFkHkM87XOAQJZWgf7B4MC3vd7pH1M7tKyhaqduKuVk4lshrXg E1hbBWfbjF3NXdSZea76ioNXkgaxLiaBxEOKswypmElspqmxOe nVxp1gStfUubaj QnIhhRE7VxnJBULdl6Ja6kZRpaDSAYplDJkkrLTPIfJ5QQbaSn aZEGqieKm6zj2B EOnJNGjMJI1z4nK0CUPiImZBBqsZwQY5uIEsX9mnMrQZPGmptc Zgxa41ggbsZDvS C5VI9Q22cmIG9dc+Q0fNVoCD0pLiOfaG90QVmdwY0eCaTrHKLX W/oYyXNa4g6IQ8 oHpPniPLrf5/Go0Z+m129fpK4Dbr1vSLkOV7EJ5hrXnGR6bAtWRl1w== =PXKO -----END PGP SIGNATURE----- |
#8
|
|||
|
|||
Office-VISTA firewall-Adobe Flash-other vulnerabilities - US-Cert-combined
This Cyber alert is more for dual booters and VPC users, though Office 2000 also has vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-226A Microsoft Updates for Multiple Vulnerabilities Original release date: August 14, 2007 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Internet Explorer * Microsoft Windows Media Player * Microsoft Office * Microsoft Office for Mac * Microsoft XML Core Services * Microsoft Visual Basic * Microsoft Virtual PC * Microsoft Virtual Server Overview Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Windows Media Player, Office, Office for Mac, XML Core Services, Visual Basic, Virtual PC, and Virtual Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. I. Description Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, Windows Media Player, Office, Office for Mac, XML Core Services, Visual Basic,Virtual PC, and Virtual Server as part of the Microsoft Security Bulletin Summary for August 2007. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Further information about the vulnerabilities addressed by these updates is available in the Vulnerability Notes Database II. Impact A remote, unauthenticated attacker could execute arbitrary code on a vulnerable system. An attacker may also be able to cause a denial of service. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the August 2007 Security Bulletins. The Security Bulletins describe any known issues related to the updates. Administrators are encouraged to note any known issues that are described in the Bulletins and test for any potentially adverse effects. Updates for Microsoft Windows and Microsoft Office XP and later are available on the Microsoft Update site. Microsoft Office 2000 updates are available on the Microsoft Office Update site. Apple Mac OS X users should obtain updates from the Mactopia web site. System administrators may wish to consider using an automated patch distribution system such as Windows Server Update Services (WSUS). IV. References * US-CERT Vulnerability Notes for Microsoft August 2007 updates - http://www.kb.cert.org/vuls/byid?searchview&query=ms07-aug * Securing Your Web Browser - http://www.us-cert.gov/reading_room/securing_browser/ * Microsoft Security Bulletin Summary for August 2007 - http://www.microsoft.com/technet/security/bulletin/ms07-aug.mspx * Microsoft Update - https://update.microsoft.com/microsoftupdate/ * Microsoft Office Update - http://officeupdate.microsoft.com/ * Windows Server Update Services - http://www.microsoft.com/windowsserversystem/updateservices/default.mspx * Mactopia - http://www.microsoft.com/mac/ __________________________________________________ __________________ The most recent version of this document can be found at: http://www.us-cert.gov/cas/alerts/TA07-226A.html __________________________________________________ __________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA07-226A Feedback VU#361968" in the subject. __________________________________________________ __________________ For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html. __________________________________________________ __________________ Produced 2007 by US-CERT, a government organization. Terms of use: http://www.us-cert.gov/legal.html __________________________________________________ __________________ Revision History August 14, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRsIPdvRFkHkM87XOAQI0pAgAqwe7XJni4X4VcqfNQI ZU1XiXDE04/3W+ Tl4jOtH9nxmwmQtUSMrTjrmtxB97DbA9sd6F5kYwwHB3MnPEY4 lVe/zifmjQRH1o lvMYH/Zd6KnGU3FFX/w4gZ1x1A/QTpIvXLXTKdFd/vyQxTHqEvZxttpH7BHpt92O MQem58NVIKLxpZ2a1KAh2kdkDRT8sP8vO8G6gKyY1PVHwHSJJW 9JKeVzxzGV9kuL +wCZOGGcq6DWxUt71XDK8MEvVoMpwwwxIHazG33a2ybepC3Bg4 heILEj6urUaF2N wlkFIzGGfzwVTzDi88VP9ZXHcffJfMOLUA5jeh84rAElYciQIy sGvg== =glfP -----END PGP SIGNATURE----- -- MEB http://peoplescounsel.orgfree.com ________ |
#9
|
|||
|
|||
Office-VISTA firewall-Adobe Flash-other vulnerabilities - US-Cert-combined
Please note the potential issues as described within. Take due notice of
the linked materials. Relates to IE (5 & 6), OE (5 & 6), Word (2000, 2002), and Office, which may be used by readers/9X users of this group. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-282A Microsoft Updates for Multiple Vulnerabilities Original release date: October 9, 2007 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Internet Explorer * Microsoft Outlook Express and Windows Mail * Microsoft Office * Microsoft Office for Mac * Microsoft SharePoint Overview Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Outlook Express and Windows Mail, Microsoft Office, Microsoft Office for Mac, and Microsoft SharePoint. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. I. Description Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Microsoft Internet Explorer, Microsoft Outlook Express and Windows Mail, Microsoft Office, Microsoft Office for Mac, and Microsoft SharePoint as part of the Microsoft Security Bulletin Summary for October 2007. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Further information about the vulnerabilities addressed by these updates is available in the Vulnerability Notes Database. II. Impact A remote, unauthenticated attacker could execute arbitrary code on a vulnerable system. An attacker may also be able to cause a denial of service. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the October 2007 security bulletins. The security bulletins describe any known issues related to the updates. Administrators are encouraged to note any known issues that are described in the bulletins and test for any potentially adverse effects. System administrators should consider using an automated patch distribution system such as Windows Server Update Services (WSUS). IV. References * US-CERT Vulnerability Notes for Microsoft October 2007 updates - http://www.kb.cert.org/vuls/byid?searchview&query=ms07-oct * Microsoft Security Bulletin Summary for October 2007 - http://www.microsoft.com/technet/security/bulletin/ms07-oct.mspx * Microsoft Update - https://update.microsoft.com/microsoftupdate/ * Windows Server Update Services - http://www.microsoft.com/windowsserversystem/updateservices/default.mspx * Securing Your Web Browser - http://www.cert.org/tech_tips/securing_browser/ * Mactopia - http://www.microsoft.com/mac/ __________________________________________________ __________________ The most recent version of this document can be found at: http://www.us-cert.gov/cas/techalerts/TA07-282A.html __________________________________________________ __________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA07-282A Feedback VU#569041" in the subject. __________________________________________________ __________________ For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html. __________________________________________________ __________________ Produced 2007 by US-CERT, a government organization. Terms of use: http://www.us-cert.gov/legal.html __________________________________________________ __________________ Revision History October 9, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRwvTGvRFkHkM87XOAQL0ZQgAhIOH3izST8xU1Xm3NQ 65FRJumacpXdOl OtDoysTaQBZcQN+4OikFztqNZuJHVUVRLvRZKO6k6cOfYq8oaa DDzlGiJP3yfl/u byveiGWdgCnr1RlQdM/GG7Wz2JGK/4WsXc1K1dvHclswyFSC9/sYV7Gmj/aPo6aW T7fJBlQFE+ffy3/6sQ8fhtXP2dwJgQ2uT+UyaFvZiG65efH+qOXXmSBy2CkyV2zJ rdTSUqhp5nVUChwl/jYjywUVAUUqEM69P0E4t5VtOdhNYIz5fZH4uuJ4M+HM451Z T9kGF4wi94QM9xPZzcb0+mthBXa/zzQNT5mV5GcorKTzJpSIGmCZUQ== =Xij6 -----END PGP SIGNATURE----- |
#10
|
|||
|
|||
Office-VISTA firewall-Adobe Flash-other vulnerabilities - US-Cert-combined
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 National Cyber Alert System Cyber Security Alert SA07-303A Federal Trade Commission Reports Spoofed Email Original release date: October 30, 2007 Last revised: -- Source: US-CERT Systems Affected * Any computer system can be affected when a person is a victim of social engineering, such as what can occur when malicious code is inadvertently downloaded from an attachment in a spoofed email. Overview The Federal Trade Commission (FTC) is reporting that spoofed email messages that appear to come from the FTC contain malicious attachments. If you open one of these attachments you may infect your computer with a keystroke logger or other malicious code. Solution Be suspicious Exercise caution when opening email messages and attachments. In this case, the FTC describes the spoofed email as follows: The spoof email includes a phony sender's address, making it appear the email is from " and also spoofs the return-path and reply-to fields to hide the email's true origin. While the email includes the FTC seal, it has grammatical errors, misspellings, and incorrect syntax. Attackers often construct email messages and web sites to imitate legitimate organizations in order to more effectively convince you to open and execute malicious attachments or click on malicious links. See the Avoiding Social Engineering and Phishing Cyber Security Tip in the references section for more information. Install and update anti-virus software Updated anti-virus software can protect you from malicious code. For more information, please see Cyber Security Tip ST04-005 and ST05-006. Description This spoofed email activity relies on social engineering techniques to convince you to open and run a malicious attachment. There is no software vulnerability involved and there is no software update to protect against this type of activity. For more information please see the FTC report. References * Cyber Security Tip ST04-014 - Avoiding Social Engineering and Phishing Attacks http://www.us-cert.gov/cas/tips/ST04-014.html * Cyber Security Tip ST04-010 - Using Caution with Email Attachments http://www.us-cert.gov/cas/tips/ST04-010.html * Cyber Security Tip ST04-005 - Understanding Anti-Virus Software http://www.us-cert.gov/cas/tips/ST04-005.html * Cyber Security Tip ST05-006 - Recovering from Viruses, Worms, and Trojan Horses http://www.us-cert.gov/cas/tips/ST04-006.html * Trends in Badware 2007 http://www.stopbadware.org/home/consumerreport * Don't Open Bogus Email that Comes from the FTC http://www.ftc.gov/opa/2007/10/bogus.shtm __________________________________________________ _______________ The most recent version of this document can be found at: http://www.us-cert.gov/cas/alerts/SA07-303A.html __________________________________________________ _______________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "SA07-303A Feedback INFO#23" in the subject. __________________________________________________ _______________ For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html. __________________________________________________ _______________ Produced 2007 by US-CERT, a government organization. Terms of use: http://www.us-cert.gov/legal.html __________________________________________________ _______________ Revision History October 30, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRye7OfRFkHkM87XOAQIJ/wf/adM6xCzd0GBmHl0xCAUss2TbnEUX80dF EwWhybpzNvqZNScriRaVRg7nAOzhNKIDWaURhwE0cbEO3FVBCR IYeEcOpzRq0B1h vNxQQp5zxZzEBtkatNkpdnErVA7gP2vwszcBlGYoQIaOguOQ7K CcApXENF0Xbj7u l6N0cjgCHpewRfFTXeWktbKBmEL39928lz7qDe5LW2oYLBAW6e nvxmqzMQRgZFvm EarsjHot5fVMvgTW0PKDW5isMzS1hFxo9Y7iBbUzYHOwyEXmf2 wAl+alsPy+eqAv IGIaK4fZ1GWNkgIzY6r8bNwxnTepn7yk/381aKuSX2Q0XUBgintmoQ== =nSFE -----END PGP SIGNATURE----- |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
us.cert.gov bulletin - Vulnerability Summary for the Week of May 14, 2007 | MEB | General | 0 | May 22nd 07 01:32 AM |
How to get rid of Adobe Flash Player 9 security warnings? | mistral | General | 8 | September 12th 06 10:16 AM |
New IE vulnerabilities | Dan | General | 7 | May 3rd 06 06:17 PM |
unpatched Critical vulnerabilities in Win 98 98SE? | Dan | General | 0 | February 13th 05 04:02 PM |
cert. of authenticity for windows xp | sue | General | 1 | May 20th 04 09:11 PM |