Blog: IT Security Alerts

From Adobe:

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe states that no update is currently available, but they expect to have an update released by March 11th, 2009. In the mean time, customers are encouraged to keep their virus definitions current and real-time scanning active.

For more information about specific vulnerabilities, please refer to the following websites: [more]
http://www.adobe.com/support/security/advisories/apsa09-01.html
http://www.kb.cert.org/vuls/id/905281


 

On Thursday, October 23 2008, Microsoft released a critical out-of-cycle security update. This update addresses a vulnerability in the Windows server service that could allow remote code execution. Microsoft has rated this vulnerability Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. This vulnerability has been rated Important for all supported editions of Windows Vista and Windows Server 2008.

The update addresses the vulnerability by correcting the way that the Server service handles RPC requests. Additional technical details on the vulnerability and update can be accessed at:
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

As a best practice, RPC functionality should not be exposed directly to the Internet. However as a precaution, CoNetrix recommends applying the update available from Microsoft as soon as possible.

If you have any questions or need assistance with this update, please contact CoNetrix at support@conetrix.com or call (800) 356-6568.


 

Google released a beta version of its new web browser "Chrome" last week. Since its release, several vulnerabilities have been discovered including drive-by software installs and buffer overflows.

Google has released updates to address several current issues, but more vulnerabilities will probably be discovered over the next several weeks and months as the product is refined. [more]

CoNetrix recommends customers avoid installing Chrome, or any other beta application, in production environments due to the potentially high risk of exposure.

For more information about individual issues in Google's Chrome, refer to the following link: http://code.google.com/p/chromium/issues/list


 

Multiple vulnerabilities have been discovered in Cisco ASA and PIX devices running version 7.x and 8.x software. Cisco has released free software updates to address the vulnerabilities. Installation of updates will require after hours work and device reboots.

For more information about individual vulnerabilities, refer to the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20080604-asa.shtml

[more] If you'd like help updating your Cisco ASA and PIX devices, please contact CoNetrix at support@conetrix.com or call (800) 356-6568.


 

On February 12, Microsoft plans to make an updated Internet Explorer 7 installation package available via Windows Server Update Services (WSUS). The installation will be released as an Update Rollup package. Customers that require IE6 and have WSUS configured to auto-approve critical updates will need to disable the auto-approval feature before February 12 to ensure the rollup package is not released to clients.

Once the Update Rollup package for IE7 has synchronized with the WSUS server, the auto-approval feature can be turned back on and installation of the IE7 update can be managed manually. [more]

Please note that if you have previously deployed the Blocker Toolkit to restrict automatic installation if IE7, Microsoft has not yet announced if this will continue to prevent the installation of the new IE7 update.

For more information about the Blocker Toolkit, refer to the following link:
http://go.microsoft.com/fwlink/?linkid=65788

If you need help planning for and testing Internet Explorer 7, please contact us.

For more information regarding automatic delivery of Internet Explorer 7, please visit:
http://technet.microsoft.com/en-us/updatemanagement/bb226738.aspx


 

In a bulletin released October 22, 2007, Adobe announced a critical vulnerability in its Acrobat and Reader programs. This vulnerability could allow a successful attacker to take control of the affected system. In order for the attacker to compromise the system, they must get you to open a malicious file in Adobe Reader or Acrobat.

This vulnerability affects users running Windows XP or Windows 2003 with Internet Explorer 7 installed. Vista users are not affected. Adobe versions 8.1 and earlier are susceptible to this vulnerability. Adobe categorizes this as a critical issue and recommends that affected users update their product installations.  [more]

For Adobe versions 8.1, Adobe strongly recommends that you upgrade to Adobe Reader 8.1.1 or Acrobat 8.1.1. Users can utilize the product’s automatic update feature or manually activate the update by choosing Help > Check for Updates Now from the program's menu. You can also find update files here:
•  Adobe Acrobat: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

•  Adobe Reader: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

For Adobe versions 7.09 or earlier, Adobe will release an update in the near future, so you should continue to check the Adobe support site for available updates.

For more information about this vulnerability, please refer to the following article on Adobe's website:
http://www.adobe.com/support/security/bulletins/apsb07-18.html

For help applying this critical security update to your Adobe applications, please contact us.


 

There has been a recent increase in “greeting-card spam” that tries to compromise users by getting them to visit malicious websites. The subject line most often states, “You've received a postcard from a family member!” Within the message body, users are given options on how to retrieve their “postcard”. Links in the message direct users to malicious websites where their browsers may be attacked, or they may be prompted to download and execute malicious software. Attacks are directed at both Microsoft Internet Explorer and Mozilla Firefox browsers.

Users should be very cautious when following links in e-mail messages. Links to foreign domains (e.g. http://someaddress.hk in Hong Kong) or directly to IP addresses (e.g. http://123.123.123.123) should almost always be avoided.

Also, it is important to keep operating systems and software up-to-date with the latest security patches, as well as keep antivirus software virus definitions current. [more]

For more information about this attack, please refer to the following article:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9025898

For information and guidance on protecting your organization from these types of attacks, please contact contact us.


 

As of yesterday (May 28, 2007) it appears more than 1,400 executives (from various companies) had been infected by an e-mail attack that dresses itself up as a complaint filed with the Better Business Bureau.

The phishing attack uses details apparently culled from public sources to tailor the e-mail message with a company's name, the name of a senior executive and the executive's e-mail address in an attempt to convince the person to open a malicious attachment.

As with all such attacks, it is wise to never open unsolicited attachments. Up-to-date antivirus software and Intrusion Detection/Prevention systems also provide layers of protection from such attacks. [more]

For more information about this attack, please refer to the following article:
http://www.securityfocus.com/brief/511

For help protecting your business against these types of attacks, please contact us.


 

Microsoft has just released a patch to correct a critical vulnerability in Windows systems. The vulnerability applies to current versions of Windows and the update should be applied as soon as possible. Of course, systems not protected by a corporate firewall and/or up-to-date antivirus software are at highest risk. Compromised websites can infect unpatched computers. At least one known worm has been detected which exploits this vulnerability.

This patch can be applied via normal Microsoft update procedures you may already have in place. [more]

For manual application or more information, please visit:
http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx

This is one more example of why it is important to apply all critical updates to systems on a timely basis.

For help applying this critical security update to your Microsoft Windows based systems, please contact us.


 

New Daylight Savings Time dates effective for 2007:

  • Begin: 2:00 AM, March 11, 2007 (was April 1, 2007)
  • End: 2:00 AM, November 4, 2007 (was October 28, 2007)

Given the broad range of technology in use today and the integration of systems between customers, vendors, and partners, IT managers should determine what actions should be taken to mitigate the affects of DST 2007 on their organizations. [more] 

Microsoft is providing updates for supported systems and applications. If these updates are not applied:
  • Outlook calendar entries will be off for 1 hour for a 3 week period at the beginning of DST, and for one week at the end of DST.
  • Any process that relies on a calendar/time entry, i.e. backup jobs, will run one hour earlier than intended.
The following Microsoft products have an update available for Daylight Savings Time:
  • Windows XP SP2
  • Windows Server 2003
  • Windows Server 2003 SP1
  • Exchange Server 2003 SP1
  • Exchange Server 2003 SP2
  • Office Outlook 2007/2003/XP/2000

The following products are not supported, but can be updated manually:

  • Windows XP SP1
  • Windows 2000
  • Windows 95/98
  • Windows NT4

Please take the following steps to determine if your systems or applications are supported for the Microsoft updates:

  1. Determine the Operating System version and Service Pack level for all servers and client computers.
  2. Determine version and Service Pack level for Microsoft Outlook. Outlook is usually installed as a part of Microsoft Office.

For more detailed information, go to:
http://support.microsoft.com/gp/dst_topissues#a2

Once the updates are applied, please check Outlook calendar entries to be sure they are scheduled for the correct time. Microsoft has suggested that you enter the time in the subject of the appointment or meeting request so that none of the attendees are confused.