RSS MAD

Microsoft Releases Advance Notification for January Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that the January release cycle will contain one bulletin, which will have a severity rating of Critical. The notification states that this Critical bulletin is for Microsoft Windows. Release of this bulletin is scheduled for Tuesday, January 13.

US-CERT will provide additional information as it becomes available.

Cisco Releases Security Advisory for Global Site Selector

Cisco has released a Security Advisory to address a vulnerability in the Application Control Engine Global Site Selector (GSS). By sending a specially crafted sequence of DNS requests, a remote attacker may be able to cause a denial-of-service condition.

US-CERT encourages users and administrators to review Cisco Security Advisory cisco-sa-20090107-gss and apply any necessary updates or workarounds to help mitigate the risks.

OpenSSL Releases Security Advisory

The OpenSSL project has released a Security Advisory to address a vulnerability in OpenSSL. This vulnerability results from several incorrect checks of the result of the EVP_VerifyFinal function when performing signature checks on DSA and ECDSA keys used with SSL/TLS. As a result, a malformed signature could be treated as valid. Exploitation of this vulnerability may allow a remote attacker to bypass signature checks and conduct spoofing attacks.

US-CERT encourages users and administrators to review the OpenSSL Security Advisory and apply any vendor released updates for the OpenSSL package or upgrade to the newest version of the software as described in the OpenSSL advisory.

Rogue MD5 SSL Certificate Vulnerability

US-CERT is aware of a public report describing how MD5 collisions can be leveraged to generate rogue SSL CA certificates. A rogue CA certificate could be used by an attacker to generate valid SSL certificates for arbitrary web sites. Using these certificates in DNS redirection attacks, an attacker could spoof an SSL protected web site and obtain sensitive information.

US-CERT encourages users to review VU#836068 in the Vulnerability Notes Database. 

US-CERT will provide additional information as it becomes available.

Worm Exploiting Vulnerability described in MS08-067

US-CERT is aware of a public report of a worm circulating that has the capability of exploiting the patched vulnerability described in Microsoft Security Bulletin MS08-067.

US-CERT encourages users to do the following to help mitigate the risks:

• Review Microsoft Security Bulletin MS08-067 and apply the update or workarounds listed.
• Install antivirus software, and keep the virus signatures up to date.

Malware Spreading via Malicious Ecards

US-CERT is aware of public reports of malware spreading via malicious electronic greeting cards (ecards) related to the Christmas and New Year's holidays. The reports indicate that the malware is spreading via emails containing a link to a malicious ecard. If a user clicks on the link, they will be prompted to download an executable file. If the user accepts the download, malware may be installed onto their system.

US-CERT encourages users and administrators to take the following preventive measures to help mitigate the security risks:

• Install anti-virus software, and keep its virus signature files up-to-date.
• Do not follow unsolicited web links received in email messages.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Mozilla Releases Thunderbird 2.0.0.19

Mozilla has released Thunderbird 2.0.0.19 to address multiple vulnerabilities. The impacts of these vulnerabilities include arbitrary code execution, information disclosure, and denial of service. As described in the Mozilla Foundation Security Advisories, some of these vulnerabilities also affect Firefox but were addressed in the previously released Firefox 3.0.5 update.

US-CERT encourages users to review the relevant Mozilla Foundation Security Advisories and to update to Thunderbird 2.0.0.19.

Trend Micro Releases Updates for HouseCall

Trend Micro has released a patch to address a vulnerability in HouseCall 6.6. This vulnerability may allow an attacker to execute arbitrary code. Visitors to the publicly available HouseCall application may receive an older, vulnerable version of the control.

US-CERT encourages users to review Hot Fix B1285  and apply any necessary updates.
 

Microsoft Releases Security Advisory (961040)

Microsoft has released Security Advisory 961040 to address reports of attacks against a new vulnerability in Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine, Microsoft SQL Server 2000 Desktop Engine, and Windows Internal Database. The vulnerability occurs in the extended stored procedure "sp_replwriteovarbin." Exploitation of this vulnerability may allow an authenticated attacker to execute arbitrary code. Additionally, if a web application is vulnerable to SQL injection, an unauthenticated, remote attacker may be able to execute arbitrary code.

US-CERT encourages users to review the Microsoft Security Advisory 961040 and implement any Suggested Actions to help mitigate the risks.