Forbidden Web

Dec 20, 2010 Microsoft Releases Blog Entry Regarding Recent Outlook 2007 Update
The Microsoft Outlook product team has posted a blog entry to inform users of several issues related to the Outlook 2007 update (KB2412171) that was released on December 14. The product team has identified these issues as:
  • Outlook fails to connect if Secure Password Authentication (SPA) is configured for an account and the mail server does not support SPA.
  • Noticeable performance issues when switching between folders if a Microsoft Exchange Server account is not configured in Outlook.
  • AutoArchive cannot be configured for IMAP, POP3, or Outlook Live Connector accounts if there is no Exchange Server account configured in the same Outlook provide.
The blog entry indicates that this update has been removed from Microsoft Update. Users who have previously applied the update and are experiencing any of the listed issues are encouraged to uninstall the December 2010 update as described in the blog entry.

US-CERT will provide additional information as it becomes available.
Dec 15, 2010 RIM Releases Security Advisory for BlackBerry Enterprise Server
RIM has released a security advisory to address a vulnerability in the PDF distiller of the BlackBerry attachment service for the BlackBerry Enterprise Server. The vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review BlackBerry security advisory KB24761 and apply any necessary updates to help mitigate the risks.
Dec 14, 2010 Microsoft Releases December Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SharePoint, and Exchange as part of the Microsoft Security Bulletin Summary for December 2010. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.
Dec 14, 2010 Google Releases Chrome 8.0.552.224
Google has released Chrome 8.0.552.224 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.
Dec 13, 2010 RealNetworks Releases Security Update for RealPlayer
RealNetworks, Inc. has released an update for RealPlayer to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the RealNetworks notice released on December 10, 2010 and apply any necessary updates to help mitigate the risks.
Dec 10, 2010 Mozilla Releases Firefox 3.6.13
The Mozilla Foundation has released Firefox 3.6.13 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, spoof the location bar, or operate with elevated privileges. The Mozilla foundation has also released Firefox 3.5.16 to address these same vulnerabilities. Some of these vulnerabilities also affect Thunderbird and SeaMonkey and are addressed in Thunderbird 3.1.7 and 3.0.11 and SeaMonkey 2.0.11.

US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories released on December 9, 2010 and apply any necessary updates to help mitigate the risks.
Dec 09, 2010 Microsoft Releases Advance Notification for December Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its December release will contain 17 bulletins. Two of these bulletins will have a severity rating of critical and will be for Microsoft Windows and Internet Explorer. Fourteen of the bulletins will have a severity rating of important and will be for Microsoft Windows, Office, and SharePoint. The remaining bulletin will have a severity rating of moderate and will be for Microsoft Exchange. Release of these bulletins is scheduled for Tuesday, December 14, 2010.

US-CERT will provide additional information as it becomes available.
Dec 09, 2010 WordPress Releases Version 3.0.3
WordPress has released WordPress 3.0.3 to address a vulnerability. Execution of this vulnerability may allow an attacker to operate with elevated privileges.

US-CERT encourages users and administrators to review the WordPress Codex document for version 3.0.3 and apply any necessary updates to help mitigate the risks.
Dec 08, 2010 Apple Releases QuickTime 7.6.9
Apple has released QuickTime 7.6.9 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

US-CERT encourages users and administrators to review Apple article HT4447 and upgrade to Quicktime 7.6.9 to help mitigate the risks.
Dec 03, 2010 VMware Releases Security Advisory VMSA-2010-0018
VMware has released security advisory VMSA-2010-0018 to address multiple vulnerabilities affecting VMware Workstation, Player, Fusion, ESXi, and ESX. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.

US-CERT encourages users and administrators to review VMware security advisory VMSA-2010-0018 and apply any necessary updates to help mitigate the risks.