DP's Security Bits

Cisco has released a Security Advisory to address multiple vulnerabilities in Cisco Unified Communication Manager. These vulnerabilities may allow a remote attacker to cause a denial-of-service condition.

US-CERT encourages users and administrators to review Cisco Security Advisory cisco-sa-20090826-cucm and apply any necessary updates

Source: US-CERT

Issued: August 25, 2009

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-044 - Critical
* MS09-029 - Critical

Bulletin Information:

* MS09-044 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-044.mspx
- Reason for Revision: V2.0 (August 25, 2009): Corrected the
download link for RDP Version 5.2 for Windows XP Service Pack
2 (KB958469). Also corrected the footnote that prescribed an
erroneous install sequence for KB958471 and KB958470.
Customers who have successfully installed these updates do
not need to reinstall.
- Originally posted: August 11, 2009
- Updated: August 25, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS09-029 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-029.mspx
- Reason for Revision: V3.0 (August 25, 2009): Added an entry to
the section, Frequently Asked Questions (FAQ) Related to This
Security Update to communicate the rerelease of the
Japanese-language update for Windows XP Service Pack 2,
Windows XP Service Pack 3, and Windows XP Professional x64
Edition Service Pack 2. Customers who require the
Japanese-language update need to install the rereleased
update. No other updates or locales are affected by this rerelease.
- Originally posted: July 14, 2009
- Updated: August 25, 2009
- Bulletin Severity Rating: Critical
- Version: 3.0

Issued: August 25, 2009

Security Advisories Updated or Released Today

* Microsoft Security Advisory (973882)
- Title: Vulnerabilities in Microsoft Active Template
Library (ATL) Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/973882.mspx
- Revision Note: V3.0 (August 25, 2009): Advisory revised to
provide details about the Windows Live Messenger 14.0.8089
release and to communicate the removal of the Windows Live
Hotmail "Attach Photo" feature.

* Microsoft Security Advisory (967940)
- Title: Update for Windows Autorun
- http://www.microsoft.com/technet/security/advisory/967940.mspx
- Revision Note: V1.1 (August 25, 2009): Summary revised to
notify users of an update to Autorun that restricts AutoPlay
functionality to CD-ROM and DVD-ROM media, available for
Windows XP, Windows Server 2003, Windows Vista, and Windows
Server 2008 from Microsoft Knowledge Base Article 971029.

Issued: August 25, 2009

Summary

The following bulletin has undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-014 - Critical

Bulletin Information:

* MS09-014 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-014.mspx
- Reason for Revision: V1.3 (August 25, 2009): Corrected the
SearchPath feature control key specified in the entry about
CVE-2008-2540 in the section, Frequently Asked Questions
(FAQ) Related to This Security Update.
- Originally posted: April 14, 2009
- Updated: August 25, 2009
- Bulletin Severity Rating: Critical
- Version: 1.3

Websense® Security Labs™ ThreatSeeker™ Network has discovered that some well-known cell phone forums at IT168 in China have been injected with malicious JavaScript. The infected forum sites - including forums for Nokia, Motorola, and Sony Ericsson - are serving some exploits that target a number of vulnerabilities in the wild.

IT168.com is one of the largest mainstream IT information platforms in China, providing IT product price and market orientation information. It has a high Alexa rank of 170. The forums on the site, especially the cell phone bulletin boards, are very popular, and unsuspecting visitors to these sites can easily get infected.

Alert Details

Issued: August 19, 2009

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-044 - Critical
* MS09-037 - Critical
* MS09-035 - Moderate

Bulletin Information:

* MS09-044 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-044.mspx
- Reason for Revision: V1.2 (August 19, 2009): Corrected the
registry key verification entry for RDP Version 5.1 on
Windows XP Service Pack 2 (KB958470).
- Originally posted: August 11, 2009
- Updated: August 19, 2009
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS09-037 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-037.mspx
- Reason for Revision: V1.2 (August 19, 2009): Revised the Affected
Software table to clarify that the DHTML Editing Component
ActiveX Control (KB973869) update replaces MS05-013 for
Windows XP Service Pack 2, but not for Windows XP Service
Pack 3; and that the Windows Media Player 11 (KB973540)
update replaces MS07-047 for Windows Vista x64 Edition, but
not for Windows Vista x64 Edition Service Pack 1 or Windows
Vista x64 Edition Service Pack 2.
- Originally posted: August 11, 2009
- Updated: August 19, 2009
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS09-035 - Moderate

- http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx
- Reason for Revision: V2.2 (August 19, 2009): Added a link to
Microsoft Knowledge Base Article 974653 to provide
instructions for using product codes to verify the
installation of the updates for Microsoft Visual Studio 2005
Service Pack 1 and Microsoft Visual Studio 2008 and Microsoft
Visual Studio 2008 Service Pack 1.
- Originally posted: July 28, 2009
- Updated: August 19, 2009
- Bulletin Severity Rating: Moderate
- Version: 2.2

Issued: August 19, 2009

Summary

The following bulletin has undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-028 - Critical

Bulletin Information:

* MS09-028 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-028.mspx
- Reason for Revision: V2.0 (August 19, 2009): Bulletin updated to
reflect that the update for DirectX 8.1 also applies to
DirectX 8.1b.
- Originally posted: July 14, 2009
- Updated: August 19, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

Issued: August 12, 2009

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-043 - Critical
* MS09-042 - Important
* MS09-039 - Critical
* MS09-037 - Critical
* MS09-035 - Moderate

Bulletin Information:

* MS09-043 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-043.mspx
- Reason for Revision: V1.1 (August 12, 2009): Corrected the
restart requirement for Visual Studio .NET 2003; updated the
tables in the Detection and Deployment Tools and Guidance
section; updated the impact description of the workaround,
"Prevent Office Web Components Library from running in
Internet Explorer;" corrected the update installation
switches for Internet Security and Acceleration Server 2004
and Internet Security and Acceleration Server 2006; and
performed miscellaneous edits.
- Originally posted: August 11, 2009
- Updated: August 12, 2009
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS09-042 - Important

- http://www.microsoft.com/technet/security/bulletin/ms09-042.mspx
- Reason for Revision: Bulletin published.
- Originally posted: August 11, 2009
- Updated: August 12, 2009
- Bulletin Severity Rating: Important
- Version: 1.1

* MS09-039 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-039.mspx
- Reason for Revision: V1.1 (August 12, 2009): Updated the Affected
Software table to list KB961064 as the only KB replaced by
this update in Microsoft Security Bulletin MS09-008
- Originally posted: August 11, 2009
- Updated: August 12, 2009
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS09-037 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-037.mspx
- Reason for Revision: V1.1 (August 12, 2009): Removed erroneous
reference to known issues from the Frequently Asked Questions
(FAQ) Related to This Security Update section; added new
entries to the section, FAQ for Microsoft Video ActiveX
Control Vulnerability - CVE-2008-0015, describing the
relationship between this bulletin and Microsoft Security
Bulletin MS09-032; corrected restart requirements throughout
the bulletin; and performed miscellaneous edits.
- Originally posted: August 11, 2009
- Updated: August 12, 2009
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS09-035 - Moderate

- http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx
- Reason for Revision: V2.1 (August 12, 2009): Updated the Affected
Software table to list MS07-012 as replaced by the update for
Microsoft Visual Studio .NET 2003 Service Pack 1; added a new
entry to the section, Frequently Asked Questions (FAQ)
Related to This Security Update, to clarify why Microsoft
Download Center update KB numbers for Visual C++
Redistributable packages differ from SMS, SCCM, WSUS and MU
update KB numbers; corrected restart requirements throughout
the bulletin; added Product Code Verification entries to the
update deployment reference tables for Microsoft Visual
Studio 2005 Service Pack 1, and Microsoft Visual Studio 2008
and Microsoft Visual Studio 2008 Service Pack 1; and
performed miscellaneous edits.
- Originally posted: July 28, 2009
- Updated: August 12, 2009
- Bulletin Severity Rating: Moderate
- Version: 2.1

A month after it last patched Safari, Apple today plugged six security holes, four of them critical, in its Mac and Windows Web browser.

Safari 4.0.3 fixes six flaws in the Windows XP and Vista edition, but only four in the Mac OS X edition. Three of the half-dozen bugs were in WebKit, the open-source browser engine that powers Safari, as well as Google's Chrome.

Four of the vulnerabilities patched today were described by Apple as possibly allowing "arbitrary code execution," company-speak for a critical bug that, if exploited, could let hackers dump malicious software on the machine or hijack it for their own use.

Story at computerworld.com

Published: August 11 2009

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:

»www.microsoft.com/technet/securi···aug.mspx

Critical (5)

Microsoft Security Bulletin MS09-043 - Critical
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)
Published: August 11, 2009
»www.microsoft.com/technet/securi···043.mspx

Microsoft Security Bulletin MS09-044 - Critical
Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)
Published: August 11, 2009
»www.microsoft.com/technet/securi···044.mspx

Microsoft Security Bulletin MS09-039 - Critical
Vulnerabilities in WINS Could Allow Remote Code Execution (969883)
Published: August 11, 2009
»www.microsoft.com/technet/securi···039.mspx

Microsoft Security Bulletin MS09-038 - Critical
Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)
Published: August 11, 2009
»www.microsoft.com/technet/securi···038.mspx

Microsoft Security Bulletin MS09-037 - Critical
Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)
Published: August 11, 2009
»www.microsoft.com/technet/securi···037.mspx

Important (4 )

Microsoft Security Bulletin MS09-041 - Important
Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)
Published: August 11, 2009
»www.microsoft.com/technet/securi···041.mspx

Microsoft Security Bulletin MS09-040 - Important
Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)
Published: August 11, 2009
»www.microsoft.com/technet/securi···040.mspx

Microsoft Security Bulletin MS09-036 - Important
Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)
Published: August 11, 2009
»www.microsoft.com/technet/securi···036.mspx

Microsoft Security Bulletin MS09-042 - Important
Vulnerability in Telnet Could Allow Remote Code Execution (960859)
Published: August 11, 2009
»www.microsoft.com/technet/securi···042.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

.

Apple has released Mac OS X v10.5.8 and Security Update 2009-003 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, bypass security mechanisms, operate with escalated privileges, or obtain sensitive information.

US-CERT encourages users and administrators to review Apple article HT3757 and apply any necessary updates to help mitigate the risks. Additional information can be found in US-CERT Technical Cyber Security Alert TA09-218A.

Source: US-CERT

Users looking to update their Twitter feeds or Facebook pages were likely disappointed Thursday morning, as a denial-of-service attack made both services hard to reach.

Around 9 a.m. Eastern Time, the number of responses from micro-blogging service Twitter fell precipitously, reaching a bandwidth of 60 Mbps by 10:40 a.m. ET, according to Arbor Networks, a networking services firm. Twitter had reached nearly 200 Mbps prior to the drop.

The service continued to be impacted Thursday afternoon, reaching a peak of 150 Mbps, about half of its normal peak for that time of day, according to Arbor.

"As we recover, users will experience some longer load times and slowness," Twitter stated on its status blog. "This includes timeouts to API clients. We’re working to get back to 100% as quickly as we can."

Users also complained of issues accessing Facebook. The service confirmed midday on Thursday that, it too, had suffered a denial-of-service attack.

"You may have had trouble accessing Facebook earlier today because of network issues related to an apparent distributed denial-of-service attack," the social network stated on its own Facebook page. "We have restored full access for most people. We’ll keep monitoring the situation to make sure you have the reliable experience you expect from us."

Source: http://www.securityfocus.com/brief/992

Microsoft Security Bulletin Advance Notification issued: August 6, 2009
Microsoft Security Bulletins to be issued: August 11, 2009

This is an advance notification of security bulletins that Microsoft is intending to release on August 11, 2009.

Microsoft intends to release 9 bulletins. 5 rated as Critical for Office, Visual Studio, ISA Server, Biztalk Server and Windows. In addition, there will be 4 bulletins rated as Important for Windows and .NET Framework.

http://www.microsoft.com/technet/security/Bulletin/ms09-aug.mspx

Issued: August 4, 2009

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-034 - Critical

Bulletin Information:

* MS09-034 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-034.mspx
- Reason for Revision: V2.0 (August 4, 2009): Reissued the update
for Microsoft Internet Explorer 6 Service Pack 1 on Microsoft
Windows 2000 Service Pack 4. All customers who have already
installed the original update for Internet Explorer 6 Service
Pack 1 on Microsoft Windows 2000 Service Pack 4 are already
protected. However, customers who have the Korean-language
version of Internet Explorer 6 Service Pack 1 may reinstall the
update for Internet Explorer 6 Service Pack 1 on their Windows
2000 systems in order to have the same protections and also
resolve a printing issue. See the entry in Frequently Asked
Questions (FAQ) Related to This Security Update.
- Originally posted: July 28, 2009
- Updated: August 4, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

Issued: August 4, 2009

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-035 - Moderate
* MS09-029 - Critical

Bulletin Information:

* MS09-035 - Moderate

- http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx
- Reason for Revision: V1.1 (August 4, 2009): Added new entries to
the section, Frequently Asked Questions (FAQ) Related to This
Security Update, to communicate that the Known issues with this
security update section in the associated Microsoft Knowledge
Base Article 969706 has been updated, and that the update
detection logic for KB973923 and KB973924 has been revised to
correct a package re-offering issue; and to clarify the
difference between the Visual C++ Redistributable packages and
the other Visual Studio updates.
- Originally posted: July 28, 2009
- Updated: August 4, 2009
- Bulletin Severity Rating: Moderate
- Version: 1.1

* MS09-029 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-029.mspx
- Reason for Revision: V1.2 (August 4, 2009): Added a link to
Microsoft Knowledge Base Article 961371 under Known Issues in
the Executive Summary, and removed references to the "Fix it"
solution from the workarounds sections for both vulnerabilities.
- Originally posted: July 14, 2009
- Updated: August 4, 2009
- Bulletin Severity Rating: Critical
- Version: 1.2

Firefox 3.5.2 fixes the following issues:

- Several security issues.
- Images with ICC profiles now render properly on all monitors.

Fixed in Firefox 3.5.2:
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
MFSA 2009-38 Data corruption with SOCKS5 reply containing DNS name longer than 15 characters

Get it here

Micro-blogging site Twitter has begun filtering links to known malware sites.

The tactic, noticed by security researchers on Monday but yet to be officially announced by Twitter, is designed to prevent surfers straying onto sites packed with dangerous exploits.

Adoption of the approach follows the increased targeting of Twitter by worms, spam and account hijacking attacks over recent weeks. The widespread use of URL shortening in Twitter messages (which can be no longer than 140 characters) makes it easy to hide the true destination of links

Continues at theregister.co.uk

Mozilla has released Security Advisory 2009-42 and Security Advisory 2009-43 to address multiple vulnerabilities in Firefox. The vulnerability described in Security Advisory 2009-42 may allow an attacker to intercept and modify encrypted communication. The vulnerability described in Security Advisory 2009-43 may allow an attacker to execute arbitrary code by sending a specially crafted certificate to the client.

US-CERT encourages users to review Mozilla Foundation Security Advisories 2009-42 and 2009-43 and apply any necessary updates or workarounds to help mitigate the risks.

US-CERT will provide more information as it becomes available.

Source: US-CERT