Network Services

July 1, 2009
Foxit Reader Contains Multiple Vulnerabilities Foxit Reader has released updates for multiple vulnerabilities by convincing a user to open a malicious PDF File, an attacker may be able to execute code or cause a vulnerable PDF viewer to crash. The PDF could be emailed as an attachment or hosted on a website.

What to do: Users are encouraged to review the Foxit Security Bulletin and apply any required updates. The most recent version is 2.0.2009.616. Relevant URLs: ; Adobe Update for Shockwave Player Adobe has released Shockwave Player 11.5.0.600 to address a vulnerability. Exploitation of this vulnerability may allow a remove attacker to take control of an affected system What to do: Users are encouraged to update to Shockwave Player 11.5.0.600 to help mitigate the risks. Relevant URL:

July 15, 2009
Vulnerability in Embedded OpenType Font Engine A Microsoft windows component, the Embedded OpenType (EOT) Font Engine could allow remote execution. An attacker will try to force users to go to their specially crafted website through email or instant messenger with a disguised link. They could then take complete control of an affected system, and could view, change, or delete data. This vulnerability affects the following Operating Systems: Windows 2000, XP, XP Pro, Windows Server 2000, 2003, Vista, and Windows Server 2008.

What to do: Download the appropriate security updates. Security updates are now available from the Microsoft website for this threat. Visit www.updates.microsoft.com

Vulnerability in Microsoft Office Publisher A remote code execution exists in the way that Microsoft Office Publisher opens, imports, and converts files created in versions older than Microsoft Office Publisher 2007. An attacker could exploit the vulnerability b y creating a specially crafted Publisher File that could be included as an email attachment, or hosted on a specially crafted website.

What to do: Users are encouraged to download the appropriate MS Office security updates. Security updates are now available from the Microsoft website for this threat. Visit www.updates.microsoft.com

July 22, 2009
Mozilla Firefox Multiple Vulnerabilities Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks or compromising a user’s system. This threat affects any systems running Mozilla Firefox 3.5
What to do: Users should update to the latest version of Mozilla Firefox 3.5.1
CNN/MSNBC Alert The CNN News Alert Mailings are new lures for an existing virus. The mailings which began in August 2008, typically arrive with the subject line such as “CNN.com Daily Top 10” or “My CNN Alert” or “CNN Alerts: Breaking News, offer what appear to be links to news stories from the CNN website. However, clicking through on the links takes the user not to CNN website. However, clicking through on the links takes the user not to CNN website, but to a site that will initiate the download of a malicious executable onto the user’s PC.

What to do: Do not respond to unsolicited email. Be skeptical of individuals representing themselves as officials soliciting personal information via email. Do not click on links contained within an unsolicited email. Only open attachments from known senders. DO not provide personal information to anyone who solicits information.

Google Chrome JavaScript Memory Corruption The vulnerability is caused due to an error when processing regular expression in JavaScript and can be exploited to corrupt memory and potentially cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.

July 29, 2009
Twitter Hacked, Confidential Files Made Public For the third time this year, the San Francisco-based company was the victim of a security breach stemming from a simple end-run around its defenses. In the latest case, a hacker got the password for an employee’s personal e-mail account – possibly by guessing, or by correctly answering a security question – and worked from there to steal confidential company documents.

What to do: The lesson from Twitter’s latest security troubles in an old one – “USE STRONG PASSWORDS, which include some combination of letters and numbers, and for companies, be careful about how many accounts are linked to the same username and password combination.

Internet Explorer 8 Critical patch available Two separate security bulletins were searched for release today, both updates are designed to resolve a single, overall security problem. The move comes as a necessity to ensure that customers benefit from the broadest protection possible. As far as Internet Explorer is concerned, the patch is rated Critical and will affect IE6, IE7, and IE8 including the releases on top of Windows Vista SP2 and Windows XP SP3. Microsoft made no reference to IE8 on Windows 7, although it is probable for the browser component on the latest iteration of Windows to also be affected.

What to do: Users should expect patches to be made available via Microsoft Update, Windows Update and Windows Server Update Services.

Apr09     Jun09    Jul09    Aug09    Sep09    Oct09    Nov09    Dec09    Jan10