DP's Security Bits

Cisco has released a security advisory to address multiple vulnerabilities in IOS Software. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition when handling specific Border Gateway Protocol (BGP) updates. The advisory indicates that these vulnerabilities affect only Cisco IOS Software with support for four-octet AS number space and BGP routing configured.

US-CERT encourages users and administrators to review Cisco Security Advisory cisco-sa-20090729-bgp and apply any necessary updates to help mitigate the risks.

Source: US-CERT

Adobe has released Shockware Player 11.5.1.601 because previous versions used a vulnerable version of the Microsoft Active Template Library (ATL). Additionally, Adobe has released a security advisory to address the same issue in Flash Player. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

The security advisory for Flash Player indicates that Adobe will be releasing fixes for this issue on July 30, 2009. In the interim, the advisory suggests that users consider installing the Cumulative Security Update for Internet Explorer as defined in Microsoft Security Bulletin MS09-034 to help mitigate some of the risks until fixes are available.

US-CERT encourages users and administrators to review Adobe documents APSB09-11 and APSA09-04 and apply any necessary updates to help mitigate the risks. Additional information can be found in the Adobe PSIRT blog.

Source: US-CERT

The Internet Systems Consortium (ISC) has released BIND versions 9.4.3-P3, 9.5.1-P3, and 9.6.1-P1 to address a vulnerability. By sending a specially crafted dynamic update packet to an affected BIND 9 server, a remote, unauthenticated attacker may be able to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Internet Systems Consortium advisory and apply any necessary updates to help mitigate the risks. Additional information can be found in the Vulnerability Notes Database.

Source: US-CERT

Issued: July 28, 2009

Security Advisories Updated or Released Today

* Microsoft Security Advisory (973882)
- Title: Vulnerabilities in Microsoft Active Template
Library (ATL) Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/973882.mspx
- Revision Note: V1.0 (July 28, 2009): Advisory published.

Published: July 28, 2009

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Today Microsoft released the following Security Bulletin(s).

Critical (1)

Microsoft Security Bulletin MS09-034 - Critical
Cumulative Security Update for Internet Explorer (972260)
»www.microsoft.com/technet/securi···034.mspx

Moderate (1)

Microsoft Security Bulletin MS09-035 - Moderate
Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
»www.microsoft.com/technet/securi···035.mspx

See Bulletin Summary for previous July 14 bulletins:

»www.microsoft.com/technet/securi···jul.mspx

Critical (3)
Microsoft Security Bulletin MS09-032 - Critical
Cumulative Security Update of ActiveX Kill Bits (973346)
Published: July 14, 2009
»www.microsoft.com/technet/securi···032.mspx

Microsoft Security Bulletin MS09-029 - Critical
Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
Published: July 14, 2009
»www.microsoft.com/technet/securi···029.mspx

Microsoft Security Bulletin MS09-028 - Critical
Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)
Published: July 14, 2009
»www.microsoft.com/technet/securi···028.mspx

Important (3)

Microsoft Security Bulletin MS09-033 - Important
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)
Published: July 14, 2009
»www.microsoft.com/technet/securi···033.mspx

Microsoft Security Bulletin MS09-031 - Important
Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
Published: July 14, 2009
»www.microsoft.com/technet/securi···031.mspx

Microsoft Security Bulletin MS09-030 - Important
Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)
Published: July 14, 2009
»www.microsoft.com/technet/securi···030.mspx
Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

.

Websense Security Labs™ ThreatSeeker™ Network has discovered that a rumor claiming that the actress Emma Watson, made famous by the Harry Potter series of movies, died on the scene of a fatal car collision is spreading rogue AV sites on the Internet. The rumor itself is spreading rapidly through social networks such as Twitter.

The attackers have targeted the Google search engine via the Search Engine Optimization (SEO) poisoning technique: when a user searches for terms related to Emma Watson's death, the fake AV sites are returned as high as the fifth result on Google.

Alert Details

Issued: July 24, 2009

This is an advance notification of out-of-band security bulletins
that Microsoft is intending to release on July 28, 2009.

The full version of the Microsoft Security Bulletin Advance
Notification for the July 2009 out-of-band release can be found at
http://www.microsoft.com/technet/security/bulletin/ms09-jul-ans.mspx

This bulletin advance notification will be replaced with the
revised July bulletin summary on July 28, 2009. The revised
bulletin summary will include the out-of-band security bulletins, as
well as the security bulletins already released on July 14, 2008.

For more information about the bulletin advance notification service
see http://www.microsoft.com/technet/security/Bulletin/advance.mspx.

To receive automatic notifications whenever Microsoft Security
Bulletins are issued, subscribe to Microsoft Technical Security
Notifications on
http://www.microsoft.com/technet/security/bulletin/notify.mspx.

Microsoft will host two webcasts to address customer questions on
these out-of-band bulletins on Tuesday, July 28, 2009, at 1:00 PM
Pacific Time (US & Canada) and at 4:00 PM Pacific Time (US &
Canada). Register for these out-of-band Security Bulletin Webcasts
at http://www.microsoft.com/technet/security/bulletin/summary.mspx.

Microsoft also provides information to help customers prioritize
monthly security updates with any non-security, high-priority
updates that are being released on the same day as the monthly
security updates. Please see the section, Other Information.

This advance notification provides the software subject as the
bulletin identifier, because the official Microsoft Security
Bulletin numbers are not issued until release. The bulletin summary
that replaces this advance notification will have the proper
Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the
bulletin identifier. The security bulletins for this month are as
follows, in order of severity:


Critical Security Bulletins

IE Bulletin

- Affected Software:
- Internet Explorer 5.01 Service Pack 4 when installed on
Microsoft Windows 2000 Service Pack 4
- Internet Explorer 6 Service Pack 1 when installed on
Microsoft Windows 2000 Service Pack 4
- Internet Explorer 6 for
Windows XP Service Pack 2 and
Windows XP Service Pack 3
- Internet Explorer 6 for
Windows XP Professional x64 Edition Service Pack 2
- Internet Explorer 6 for
Windows Server 2003 Service Pack 2
- Internet Explorer 6 for
Windows Server 2003 x64 Edition Service Pack 2
- Internet Explorer 6 for
Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7 for
Windows XP Service Pack 2 and
Windows XP Service Pack 3
- Internet Explorer 7 for
Windows XP Professional x64 Edition Service Pack 2
- Internet Explorer 7 for
Windows Server 2003 Service Pack 2
- Internet Explorer 7 for
Windows Server 2003 x64 Edition Service Pack 2
- Internet Explorer 7 for
Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7 in
Windows Vista,
Windows Vista Service Pack 1, and
Windows Vista Service Pack 2
- Internet Explorer 7 in
Windows Vista x64 Edition,
Windows Vista x64 Edition Service Pack 1, and
Windows Vista x64 Edition Service Pack 2
- Internet Explorer 7 in
Windows Server 2008 for 32-bit Systems and
Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation not affected)
- Internet Explorer 7 in
Windows Server 2008 for x64-based Systems and
Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation not affected)
- Internet Explorer 7 in
Windows Server 2008 for Itanium-based Systems and
Windows Server 2008 for Itanium-based Systems Service Pack 2
- Internet Explorer 8 for
Windows XP Service Pack 2 and
Windows XP Service Pack 3
- Internet Explorer 8 for
Windows XP Professional x64 Edition Service Pack 2
- Internet Explorer 8 for
Windows Server 2003 Service Pack 2
- Internet Explorer 8 for
Windows Server 2003 x64 Edition Service Pack 2
- Internet Explorer 8 in
Windows Vista,
Windows Vista Service Pack 1, and
Windows Vista Service Pack 2
- Internet Explorer 8 in
Windows Vista x64 Edition,
Windows Vista x64 Edition Service Pack 1, and
Windows Vista x64 Edition Service Pack 2
- Internet Explorer 8 in
Windows Server 2008 for 32-bit Systems and
Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation not affected)
- Internet Explorer 8 in
Windows Server 2008 for x64-based Systems and
Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation not affected)
- Internet Explorer 8 in
Windows Server 2008 for Itanium-based Systems and
Windows Server 2008 for Itanium-based Systems Service Pack 2

- Impact: Remote Code Execution
- Version Number: 1.0


Moderate Security Bulletins

VS Bulletin

- Affected Software:
- Microsoft Visual Studio .NET 2003 Service Pack 1
- Microsoft Visual Studio 2005 Service Pack 1
- Microsoft Visual Studio 2005 Service Pack 1
64-bit Hosted Visual C++ Tools
- Microsoft Visual Studio 2008
- Microsoft Visual Studio 2008 Service Pack 1
- Microsoft Visual C++ 2005 Service Pack 1
Redistributable Package
- Microsoft Visual C++ 2008 Redistributable Package
- Microsoft Visual C++ 2008 Service Pack 1
Redistributable Package

- Impact: Remote Code Execution
- Version Number: 1.0

Issued: July 23, 2009

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-032 - Critical
* MS09-016 - Important

Bulletin Information:

* MS09-032 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-032.mspx
- Reason for Revision: V1.2 (July 23, 2009): Clarified the FAQ
about Microsoft-specific kill bits contained in this update.
- Originally posted: July 14, 2009
- Updated: July 23, 2009
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS09-016 - Important

- http://www.microsoft.com/technet/security/bulletin/ms09-016.mspx
- Reason for Revision: V1.2 (July 23, 2009): Added a link to
Microsoft Knowledge Base Article 961759 under Known Issues in
the Executive Summary.
- Originally posted: April 14, 2009
- Updated: July 23, 2009
- Bulletin Severity Rating: Important
- Version: 1.2

Issued: July 23, 2009

Security Advisories Updated or Released Today

* Microsoft Security Advisory (973472)
- Title: Vulnerability in Microsoft Office Web
Components Control Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/973472.mspx
- Revision Note: V1.2 (July 23, 2009): Added additional workarounds.

Adobe has released a blog post indicating that it is aware of reports of a vulnerability affecting Adobe Reader and Acrobat 9.1.2 and Flash Player 9 and 10.

US-CERT encourages users and administrators to review the blog post and implement the following workarounds until the vendor releases additional information:

• Disable Flash in Adobe Reader 9 on Windows platforms by renaming the following files: "%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll" and "%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll".

• Disable Flash Player or selectively enable Flash content as described in the Securing Your Web Browser Document.

Additional information regarding this vulnerability can be found in the Vulnerability Notes Database.

US-CERT will provide additional information as it becomes available.

http://www.us-cert.gov/current/index.html#adobe_reader_acrobat_and_flash

The Mozilla Foundation has released Firefox 3.0.12 to address multiple vulnerabilities in Firefox 3.0.x. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or launch cross-site-scripting attacks.

US-CERT encourages users and administrators to review Mozilla Foundation Security Advisories released on July 21, 2009 and upgrade to Firefox 3.0.12 to help mitigate the risks.

http://www.us-cert.gov/current/index.html#mozilla_releases_firefox_3_5

WordPress has released version 2.8.2 to address a cross-site-scripting vulnerability.

US-CERT encourages users and administrators to review the WordPress Blog entry on WordPress 2.8.2 and apply the upgrade to help mitigate the risks.

http://www.us-cert.gov/current/index.html#wordpress_releases_version_2_81

Websense Security Labs™ ThreatSeeker™ Network has detected that the the Web site of the National Pharmaceutical Control Bureau of Malaysia has been compromised and injected with malicious code. The Web host has been injected with an iframe that leads to a site laden with exploits.

Details

Bill Pytlovany's extremely popular WinPatrol Application featured as the Download of the Day on Tech TV

http://www.youtube.com/watch?v=TBCX1dGM-no

WinPatrol Site: http://www.winpatrol.com/

Mozilla is denying that a bug that crashes Firefox 3.5 is a security vulnerability, countering earlier reports that the company's latest browser contained a flaw even though it had just been patched.

In a Sunday post to Mozilla's security blog, Mike Shaver, the company's vice president of engineering, said that the bug, which had originally been disclosed on the milw0rm hacker site, is not a vulnerability. "The reports by press and various security agencies have incorrectly indicated that this is an exploitable bug," Shaver said. "Our analysis indicates that it is not, and we have seen no example of exploitability."

Full story at computerworld.com

Published: July 14 2009

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:

»www.microsoft.com/technet/securi···jul.mspx

Critical (3)
Microsoft Security Bulletin MS09-032 - Critical
Cumulative Security Update of ActiveX Kill Bits (973346)
Published: July 14, 2009
»www.microsoft.com/technet/securi···032.mspx

Microsoft Security Bulletin MS09-029 - Critical
Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
Published: July 14, 2009
»www.microsoft.com/technet/securi···029.mspx

Microsoft Security Bulletin MS09-028 - Critical
Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)
Published: July 14, 2009
»www.microsoft.com/technet/securi···028.mspx

Important (3)

Microsoft Security Bulletin MS09-033 - Important
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)
Published: July 14, 2009
»www.microsoft.com/technet/securi···033.mspx

Microsoft Security Bulletin MS09-031 - Important
Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
Published: July 14, 2009
»www.microsoft.com/technet/securi···031.mspx

Microsoft Security Bulletin MS09-030 - Important
Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)
Published: July 14, 2009
»www.microsoft.com/technet/securi···030.mspx
Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

.

Microsoft has issued a Security Bulletin Advance Notification for July for bulletins to be released on Tuesday, July 14.  Microsoft will be releasing a total of 6 security bulletins, 3 rated as Critical and 3 rated as Important.

http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx

Google's announcement Tuesday that it is developing an open-source operating system raised questions among privacy advocates about the amount of personal data Google will be able to collect.

Google already collects private data through products like its search engine and its Gmail e-mail service, as well as its AdSense advertising service. The Chrome operating system, to be rolled out on netbook computers next year, gives the company another avenue to collect and monetize personal information, privacy advocates said Wednesday.

Story continues at computerworld.com

Issued: July 6, 2009

Security Advisories Updated or Released Today

* Microsoft Security Advisory (972890)
- Title: Vulnerability in Microsoft Video ActiveX
Control Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/972890.mspx
- Revision Note: Advisory published.

Websense Security Labs™ ThreatSeeker™ Network has detected yet another new Waledac campaign theme in the wild. The new variant uses an Independence Day theme as a social engineering mechanism. The United States of America celebrates Independence Day on July 4 each year.

The malicious emails that are sent use subjects and content related to Independence Day, Fourth of July and fireworks shows.

The malicious Web sites in the current attack also have a July 4 or fireworks theme within the domain name. ThreatSeeker has been monitoring the registration of these domains. Should the user click on the video, which is designed to appear to be a YouTube video, an .exe is offered. When downloaded the .exe would install the latest Waledac variant onto the user's machine.

Alert Details