Destroy PC Viruses

Home

Microsoft Releases Security Advisory to Address VBScript Vulnerability

Thursday, 11 March 2010 17:05 |

Microsoft has released a security advisory to address a vulnerability in VBScript. The advisory indicates that this vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. By convincing a user to view a specially crafted HTML document (web page, HTML email, or email attachment) with Internet Explorer and to press the F1 key, an attacker could run arbitrary code with the privileges of the user running the application.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

Review Microsoft Security Advisory 981169.
Review the Microsoft Security Research & Defense blog entry regarding this issue.
Review US-CERT Vulnerability Note VU#612021.
Refrain from pressing the F1 key when prompted by a website.
Restrict access to the Windows Help System.

US-CERT will provide additional information as it becomes available.

Microsoft Re-Releases Security Bulletin MS10-015

Thursday, 11 March 2010 17:05 |

Microsoft has re-released the security update described in Microsoft Security Bulletin MS10-015. This release contains an updated installation package that does not allow the security update to be installed on computers infected with malicious code. Microsoft has also released a Fix-It Tool to determine if systems are compatible with the update.

US-CERT encourages users and administrators to review Microsoft Knowledge Base Article 977165, Microsoft Knowledge Base Article 980966, and the MSRC Blog Post. Users who have already successfully installed the update for MS10-015 do not need to take any action.

Microsoft Releases Advance Notification for March Security Bulletin

Thursday, 11 March 2010 17:05 |

Microsoft has issued a Security Bulletin Advance Notification, indicating that its March release cycle will contain two bulletins. These bulletins will have a severity rating of Important and will be for Microsoft Windows and Microsoft Office. Release of these bulletins is scheduled for Tuesday, March 9, 2010.

US-CERT will provide additional information as it becomes available.

U.S. Census Bureau 2010 Census Campaign Warning

Thursday, 11 March 2010 17:05 |

US-CERT asks users to be vigilant during the U.S. Census Bureau's 2010 Census campaign and to watch for potential census scams.

According to the U.S. Census 2010 website, they began delivery of the printed census forms to every resident in the United States on March 1, 2010. The only way to complete the census is by filling in the form using pen and ink; in some instances, census takers will be visiting households to complete the form face-to-face. It is important to understand that the U.S. Census Bureau will not, under any circumstances, be providing an online option to complete the 2010 census form.

US-CERT encourages all residents in the United States to take the following measures to protect themselves:

Review available information about the 2010 U.S. Census on the website.
Familiarize yourself with what information the U.S. Census Bureau is collecting on the census form.
Do not follow unsolicited web links of attachments in email messages.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Cisco Releases Multiple Security Advisories

Thursday, 11 March 2010 17:05 |

Cisco has released three security advisories to address vulnerabilities.

Security advisory cisco-sa-20100303-cucm, addresses multiple vulnerabilities in the Cisco Unified Communications Manager which affect the Session Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP), and the Computer Telephony Integration (CTI) Manager services. Successful exploitation of these vulnerabilities could result in a denial-of-service condition and an interruption of voice services.

Security advisory cisco-sa-20100303-dmm, addresses multiple vulnerabilities in the Cicso Digital Media Manager (DMM). Successful exploitation of these vulnerabilities could allow for information disclosure, unauthorized settings or system configuration changes, and disclosure of default credentials. There are no workarounds for mitigation, and US-CERT will alert users and administrators as updates are made available.

Security advisory cisco-sa-20100303-dmp , addresses a vulnerability that exists in the Cisco Digital Media Player. Successful exploitation of this vulnerability may allow and attacker to inject video or data content into a remote display.

US-CERT encourages users and administrators to review security advisory cisco-sa-20100303-cucm and cisco-sa-20100303-dmp and apply any necessary updates or workarounds to mitigate the risks.

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 28