Archive for November, 2009
Vulnerabilities in Firefox by version
Monday, November 23rd, 2009http://www.mozilla.org/security/known-vulnerabilities/firefox30.html Security Advisories for Firefox 3.0 http://www.mozilla.org/security/known-vulnerabilities/firefox35.html Security Advisories for Firefox 3.5
Vulnerability being exploited in Internet Explorer 6 and 7
Monday, November 23rd, 2009Update – according to the Microsoft Security Response Center ( http://blogs.technet.com/msrc/archive/2009/11/23/microsoft-security-advisory-977981-released.aspx ), IE 7 in Vista Runs CAN run in protected mode and that reduces the risk by requiring a user to authorize a change that would otherwise be made to system files. MULTI-STATE INFORMATION SHARING AND ANLAYSIS CENTER CYBER SECURITY ADVISORY MS-ISAC ADVISORY …
Zero Day vulnerability for Windows 7 – block ports 139 – 445
Monday, November 16th, 2009Ports 139 and 445 are blocked at the University Firewall for all systems http://www.computerworld.com/s/article/9140858/Microsoft_confirms_first_Windows_7_zero_day_bug Microsoft confirms first Windows 7 zero-day bug Urges users to block ports until a patch is ready, but workaround cripples browsers
Summary of the Microsoft patches for November – six patches for 15vulnerabilities
Tuesday, November 10th, 2009http://blogs.technet.com/msrc/archive/2009/11/10/november-2009-security-bulletin-release.aspx November 2009 Security Bulletin Release Summary of Microsoft’s Security Bulletin Release for November 2009 Today, we released six security bulletins addressing a total of 15 vulnerabilities. Four affect Windows and Windows Server and two affect Microsoft Office products (Excel and Word).
Vulnerability in TLS – SSL
Monday, November 9th, 2009DIR just sent this e-mail. They don’t have any ways to address the vulnerability yet. As anything new is made available I will add to this topic Current Recommendations Apply the appropriate vendor patches to vulnerable systems as soon as it becomes available after appropriate testing. Remind users not to visit un-trusted websites or follow …
Patch that Java and Shockwave (flash) player
Wednesday, November 4th, 2009Vulnerabilities have been identified with both Java and Flash (AKA shockwave player). Please patch these as soon as possible. JDK and JRE 6 Update 17: http://java.sun.com/javase/downloads/index.jsp Update to version 11.5.2.602: http://get.adobe.com/shockwave/
USB sticks used to expose/steal sensitive data
Monday, November 2nd, 2009From http://2mw.mcafee.com/2minutebroadcast.asp USB Sticks Used to Expose, Steal Sensitive Data Researchers at MWR InfoSecurity report that USB sticks have been found to contain a serious security flaw that could be exploited to computers around the world. The British firm says that the flaw could allow the creation of USB sticks that “interrogate a computer and …
Free Cyber Security Training provided by DIR and DHS
Monday, November 2nd, 2009As National Cyber Security Awareness Month comes to a close, I wouldlike to thank everyone who took the time to view one of the nationalcyber webcasts, participated in a cyber security training event, orsimply supported this national campaign through other means. The themeof this years campaign was Cyber Security is Everyone’s Responsibility.Let’s put forth the …
