[2285] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, June 14, 2010
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Jun 14 12:21:08 2010
From: Monique Yeaton <myeaton@mit.edu>
Date: Mon, 14 Jun 2010 12:20:16 -0400
Message-Id: <B211C1C7-6598-46CB-A89D-AD8922B0737A@mit.edu>
To: ist-security-fyi@mit.edu
Mime-Version: 1.0 (Apple Message framework v1078)
Cc: itss@mit.edu
Content-Type: multipart/mixed; boundary="===============0983079859=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============0983079859==
Content-Type: multipart/alternative; boundary=Apple-Mail-67--275010165
--Apple-Mail-67--275010165
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
In this issue:
1. Adobe Vulnerabilities and Updates
2. Vulnerability in Windows Help
3. Apple Releases Updated Safari
4. Tip of the Week: Avoid Fake AntiVirus and AntiSpyware
-----------------------------------------------
1. Adobe Vulnerabilities and Updates
-----------------------------------------------
In addition to the vulnerabilities found in Adobe Flash, Adobe Reader =
and Acrobat (see last week's article), another vulnerability was found, =
this time in Adobe AIR 1.5.3.9130 and earlier, and has since been =
patched.=20
Adobe recommends users to update to these unaffected versions:
Adobe Flash Player 10.1.53.64 <http://get.adobe.com/flashplayer/>
Adobe AIR 2.0.2.12610 <http://get.adobe.com/air/>
An update for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and =
Unix is expected to be available by June 29, 2010.
Read the Adobe Security Bulletin on Flash and AIR:=20
<http://www.adobe.com/support/security/bulletins/apsb10-14.html>
Last week's Security FYI article:=20
=
<http://securityfyi.wordpress.com/2010/06/07/security-advisory-from-adobe/=
>
The updated Security Advisory for Player, Reader and Acrobat: =
<http://www.adobe.com/support/security/advisories/apsa10-01.html>
-----------------------------------------
2. Vulnerability in Windows Help
-----------------------------------------
Microsoft is investigating a new report of a possible vulnerability in =
the Windows Help and Support Center function that is delivered with =
supported editions of Windows XP (SP 2 and 3) and Windows Server 2003 =
(SP 2).=20
The vulnerability could allow remote code execution if a user views a =
specially crafted web page using a web browser or clicks a specially =
crafted link in an email message.
Customers who believe they are affected can contact Microsoft Customer =
Service and Support at no charge using the PC Safety line (866) =
PCSAFETY.
Read the Security Advisory: =
<http://www.microsoft.com/technet/security/advisory/2219475.mspx>
-------------------------------------------
3. Apple Releases Updated Safari
-------------------------------------------
Apple has issued an updated version of its Safari web browser that fixes =
at least 48 security flaws. Safari 5 is available for Windows and Mac. =
Apple also issued Safari 4.1 to address the same set of vulnerabilities =
in Mac OS X 10.4, which does not support Safari 5.
The updated version of Safari can be downloaded from the Apple website:
<http://support.apple.com/downloads/>
Read the full bulletin: <http://support.apple.com/kb/HT4196>
=
-------------------------------------------------------------------------
4. Tip of the Week: Avoid Fake AntiVirus and AntiSpyware
=
-------------------------------------------------------------------------
If you Google terms like "virus protection" or "antispyware," the links =
that appear in the search results could be links to hijacked sites or =
fake antivirus and antispyware programs that will infect your computer =
if you click on them.=20
To avoid getting an infection from one of these links, your best bet is =
to type the domain of the software company straight into the URL field. =
Also, avoid "free" software if possible. They can often contain =
dangerous software when you download them to your PC.
Some of the top well-known companies that offer legitimate antivirus and =
antispyware programs are McAfee, Symantec, Kaspersky and TrendMicro. Do =
some research before you download one of these programs so that you get =
the one that best works with your system.
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
Find current and older issues of Security FYI Newsletter: =
<http://kb.mit.edu/confluence/x/ehBB>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--Apple-Mail-67--275010165
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">In this issue:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">1. Adobe Vulnerabilities and =
Updates</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">2. Vulnerability in Windows Help</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">3. =
Apple Releases Updated Safari</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">4. Tip of the Week: Avoid Fake =
AntiVirus and AntiSpyware</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; =
">-----------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">1. =
Adobe Vulnerabilities and Updates</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; =
">-----------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">In addition to the =
vulnerabilities found in Adobe Flash, Adobe Reader and Acrobat (see last =
week's article), another vulnerability was found, this time in Adobe AIR =
1.5.3.9130 and earlier, and has since been patched. </div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Adobe recommends users to update =
to these unaffected versions:</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Helvetica">Adobe Flash Player 10.1.53.64 <<a =
href=3D"http://get.adobe.com/flashplayer/">http://get.adobe.com/flashplaye=
r/</a>></li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Helvetica">Adobe AIR 2.0.2.12610 <<a =
href=3D"http://get.adobe.com/air/">http://get.adobe.com/air/</a>></li>
</ul><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">An update for Adobe Reader and =
Acrobat 9.3.2 for Windows, Macintosh and Unix is expected to be =
available by June 29, 2010.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Read the Adobe Security Bulletin on Flash and =
AIR: </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "><<a =
href=3D"http://www.adobe.com/support/security/bulletins/apsb10-14.html">ht=
tp://www.adobe.com/support/security/bulletins/apsb10-14.html</a>></div>=
<div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Last week's Security FYI =
article: </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "><<a =
href=3D"http://securityfyi.wordpress.com/2010/06/07/security-advisory-from=
-adobe/">http://securityfyi.wordpress.com/2010/06/07/security-advisory-fro=
m-adobe/</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; "><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">The updated Security Advisory for =
Player, Reader and Acrobat: <<a =
href=3D"http://www.adobe.com/support/security/advisories/apsa10-01.html">h=
ttp://www.adobe.com/support/security/advisories/apsa10-01.html</a>></di=
v></div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">-----------------------------------------</div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; ">2. Vulnerability in =
Windows Help</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; =
">-----------------------------------------</div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">Microsoft is investigating a new report of a =
possible vulnerability in the Windows Help and Support Center function =
that is delivered with supported editions of Windows XP (SP 2 and 3) and =
Windows Server 2003 (SP 2). </div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">The vulnerability could allow remote code execution if a user views a =
specially crafted web page using a web browser or clicks a specially =
crafted link in an email message.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Customers who believe they are affected can contact Microsoft Customer =
Service and Support at no charge using the PC Safety line (866) =
PCSAFETY.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Read the Security Advisory: <<a =
href=3D"http://www.microsoft.com/technet/security/advisory/2219475.mspx">h=
ttp://www.microsoft.com/technet/security/advisory/2219475.mspx</a>></di=
v><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">-------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">3. =
Apple Releases Updated Safari</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; =
">-------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Apple has issued an updated =
version of its Safari web browser that fixes at least 48 security flaws. =
Safari 5 is available for Windows and Mac. Apple also issued Safari 4.1 =
to address the same set of vulnerabilities in Mac OS X 10.4, which does =
not support Safari 5.</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">The updated version of Safari can be downloaded from the Apple =
website:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "><<a =
href=3D"http://support.apple.com/downloads/">http://support.apple.com/down=
loads/</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Read the full bulletin: <<a =
href=3D"http://support.apple.com/kb/HT4196">http://support.apple.com/kb/HT=
4196</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; =
">------------------------------------------------------------------------=
-</div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">4. Tip of the Week: Avoid Fake AntiVirus and AntiSpyware</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">------------------------------------------------------------------------=
-</div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">If you Google terms like "virus =
protection" or "antispyware," the links that appear in the search =
results could be links to hijacked sites or fake antivirus and =
antispyware programs that will infect your computer if you click on =
them. </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">To =
avoid getting an infection from one of these links, your best bet is to =
type the domain of the software company straight into the URL field. =
Also, avoid "free" software if possible. They can often contain =
dangerous software when you download them to your PC.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Some of the top well-known =
companies that offer legitimate antivirus and antispyware programs are =
McAfee, Symantec, Kaspersky and TrendMicro. Do some research before you =
download one of these programs so that you get the one that best works =
with your system.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Find current and older issues =
of Security FYI Newsletter: <<a =
href=3D"http://kb.mit.edu/confluence/x/ehBB"><span =
style=3D"text-decoration: underline ; color: =
#2f69b5">http://kb.mit.edu/confluence/x/ehBB</span></a>></div><div><br>=
</div><br><div><span class=3D"Apple-style-span" style=3D"font-family: =
Calibri; font-size: 14px; "><div style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; =
"><div><div><div>Monique Yeaton</div><div>IT Security Awareness =
Consultant</div><div>MIT Information Services & Technology =
(IS&T)</div><div>(617) 253-2715</div><div><a =
href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>=
<div><br></div><br></div></div><br></div></span><br =
class=3D"Apple-interchange-newline"><br =
class=3D"Apple-interchange-newline">
</div>
<br></body></html>=
--Apple-Mail-67--275010165--
--===============0983079859==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0983079859==--
