[2282] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, June 7, 2010
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Jun 7 11:02:02 2010
From: Monique Yeaton <myeaton@mit.edu>
Date: Mon, 7 Jun 2010 11:01:09 -0400
Message-Id: <1564C55A-D4B9-4367-A185-5A5106197824@mit.edu>
To: ist-security-fyi@mit.edu
Mime-Version: 1.0 (Apple Message framework v1078)
Cc: itss@mit.edu
Content-Type: multipart/mixed; boundary="===============0597968694=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============0597968694==
Content-Type: multipart/alternative; boundary=Apple-Mail-55--884557397
--Apple-Mail-55--884557397
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
In this issue:
1. Security Advisory from Adobe
2. Microsoft Security Updates
3. Five Ways to Keep Online Criminals at Bay
----------------------------------------
1. Security Advisory from Adobe
----------------------------------------
A critical vulnerability (zero-day exploit) exists in Adobe Flash Player =
and the authplay.dll component that ships with Adobe Reader and Acrobat =
9.x.=20
Systems affected:
Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x =
versions for Windows, Macintosh, Linux and Solaris
Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, =
Macintosh and UNIX
This vulnerability (CVE-2010-1297) could cause a crash and potentially =
allow an attacker to take control of the affected system. There are =
reports that this vulnerability is being actively exploited in the wild =
against both Adobe Flash Player, and Adobe Reader and Acrobat. Adobe =
will update this advisory once a schedule has been determined for =
releasing a fix.
The Flash Player 10.1 Release Candidate available at =
<http://labs.adobe.com/downloads/flashplayer10.html> does not appear to =
be vulnerable. Adobe Reader and Acrobat 8.x are confirmed not =
vulnerable.
Read the full advisory:=20
<http://www.adobe.com/support/security/advisories/apsa10-01.html>
-------------------------------------
2. Microsoft Security Updates
-------------------------------------
On Tuesday, June 8, Microsoft is planning to release 10 new security =
bulletins, three of which are critical.
Systems affected:
Windows 2000, XP, Vista and 7
Windows Server 2003, 2008 and 2008 R2
Internet Explorer 6, 7 and 8
Microsoft Office for Windows 2003 SP3, XP SP3 and 2007
Microsoft Office for Mac 2004 and 2008
Read the full bulletin:
<http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx>
----------------------------------------------------------
3. Five Ways to Keep Online Criminals at Bay
----------------------------------------------------------
The New York Times published an article a few weeks ago to review what =
are considered to be the top 5 things people should do to stay safe on =
the Internet.=20
Protect the Browser: download updates as they become available and/or =
use a more obscure browser like Chrome from Google.
Get Adobe Updates: no matter what browser you're using, sites running on =
Flash can be vulnerable to exploits. Read the Security Advisory from =
Adobe above and download the latest player (10.1) from the Adobe =
website.
Beware Malicious Ads: advertisements can contain malicious software =
(malware). Blocking pop-ups or killing ads with a plug-in (such as =
Adblock for Firefox) can protect you.
Poisoned Search Results: placing malicious sites at the top of a search =
result is another way criminals snag the unwary. Some browsers and other =
software tools can help warn you about potentially dangerous links.
Antisocial Media: criminals use popular sites like Facebook and Twitter =
to induce people to visit their malicious sites. Beware the "friend" who =
you are not sure about.
Read the full article with tips:
=
<http://www.nytimes.com/2010/05/20/technology/personaltech/20basics.html>
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
Find current and older issues of Security FYI Newsletter: =
<http://kb.mit.edu/confluence/x/ehBB>
--Apple-Mail-55--884557397
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">In this issue:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">1. Security Advisory from =
Adobe</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">2. Microsoft Security Updates</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">3. =
Five Ways to Keep Online Criminals at Bay</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">----------------------------------------</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">1. Security Advisory from =
Adobe</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">----------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">A critical vulnerability (zero-day =
exploit) exists in Adobe Flash Player and the authplay.dll component =
that ships with Adobe Reader and Acrobat 9.x. </div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Systems affected:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Adobe =
Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions =
for Windows, Macintosh, Linux and Solaris</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Adobe =
Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh =
and UNIX</li>
</ul><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">This vulnerability (CVE-2010-1297) =
could cause a crash and potentially allow an attacker to take control of =
the affected system. There are reports that this vulnerability is being =
actively exploited in the wild against both Adobe Flash Player, and =
Adobe Reader and Acrobat. Adobe will update this advisory once a =
schedule has been determined for releasing a fix.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">The Flash Player 10.1 Release =
Candidate available at <<a =
href=3D"http://labs.adobe.com/technologies/flashplayer10"><span =
style=3D"text-decoration: underline ; color: =
#173aee">http://labs.adobe.com/downloads/flashplayer10.html</span></a>>=
does not appear to be vulnerable. Adobe Reader and Acrobat 8.x are =
confirmed not vulnerable.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Read =
the full advisory: </div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; color: rgb(19, 79, 174); "><span =
style=3D"color: #000000"><</span><span style=3D"text-decoration: =
underline"><a =
href=3D"http://www.adobe.com/support/security/advisories/apsa10-01.html">h=
ttp://www.adobe.com/support/security/advisories/apsa10-01.html</a></span><=
span style=3D"color: #000000">></span></div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">-------------------------------------</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">2. Microsoft Security =
Updates</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">-------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">On Tuesday, June 8, Microsoft is =
planning to release 10 new security bulletins, three of which are =
critical.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Systems affected:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">Windows 2000, XP, Vista and 7</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">Windows Server 2003, 2008 and 2008 R2</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">Internet Explorer 6, 7 and 8</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">Microsoft Office for Windows 2003 SP3, XP SP3 and 2007</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Arial">Microsoft Office for Mac 2004 and 2008</li>
</ul><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Read the full bulletin:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; "><<a =
href=3D"http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx">=
http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx</a>></=
div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">----------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">3. =
Five Ways to Keep Online Criminals at Bay</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">----------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">The New York Times published an =
article a few weeks ago to review what are considered to be the top 5 =
things people should do to stay safe on the Internet. </div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; "><ol class=3D"MailOutline"><li><b>Protect the =
Browser</b>: download updates as they become available and/or use a more =
obscure browser like Chrome from Google.</li><li><b>Get Adobe =
Updates</b>: no matter what browser you're using, sites running on Flash =
can be vulnerable to exploits. Read the Security Advisory from Adobe =
above and download the latest player (10.1) from the Adobe =
website.</li><li><b>Beware Malicious Ads</b>: advertisements can contain =
malicious software (malware). Blocking pop-ups or killing ads with a =
plug-in (such as Adblock for Firefox) can protect =
you.</li><li><b>Poisoned Search Results</b>: placing malicious sites at =
the top of a search result is another way criminals snag the unwary. =
Some browsers and other software tools can help warn you about =
potentially dangerous links.</li><li><b>Antisocial Media</b>: criminals =
use popular sites like Facebook and Twitter to induce people to visit =
their malicious sites. Beware the "friend" who you are not sure =
about.</li></ol></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Read the full article with =
tips:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; "><<a =
href=3D"http://www.nytimes.com/2010/05/20/technology/personaltech/20basics=
.html">http://www.nytimes.com/2010/05/20/technology/personaltech/20basics.=
html</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Find current and older issues =
of Security FYI Newsletter: <<a =
href=3D"http://kb.mit.edu/confluence/x/ehBB"><span =
style=3D"text-decoration: underline ; color: =
#2f69b5">http://kb.mit.edu/confluence/x/ehBB</span></a>></div><div><fon=
t class=3D"Apple-style-span" face=3D"Arial" size=3D"4"><span =
class=3D"Apple-style-span" style=3D"font-size: =
14px;"><br></span></font></div></body></html>=
--Apple-Mail-55--884557397--
--===============0597968694==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0597968694==--
