-
TA12-129A: Microsoft Updates for Multiple Vulnerabilities
Original release date: May 08, 2012 | Last revised: --
Systems Affected
- Microsoft Windows
- Microsoft .NET Framework
- Microsoft Office
- Microsoft Silverlight
Overview
Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.
Description
The Microsoft Security Bulletin Summary for May 2012 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities.
Impact
A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
Solution
Apply updates
Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for May 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.
References
Revision History
- May 08, 2012: Initial release
-
TA12-101B: Adobe Reader and Acrobat Security Updates and Architectural Improvements
Original release date: April 10, 2012 | Last revised: --
Systems Affected
- Adobe Reader X (10.1.2) and earlier 10.x versions for Windows and Macintosh
- Adobe Reader 9.5 and earlier 9.x versions for Windows, Macintosh, and UNIX
- Adobe Acrobat X (10.1.2) and earlier 10.x versions for Windows and Macintosh
- Adobe Acrobat 9.5 and earlier 9.x versions for Windows and Macintosh
Overview
Adobe has released Security Bulletin APSB12-08, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat. As part of this update, Adobe Reader and Acrobat 9.x will use the system-wide Flash Player browser plug-in instead of the Authplay component. In addition, Reader and Acrobat now disable the rendering of 3D content by default.
Description
Adobe Security Bulletin APSB12-08 describes a number of vulnerabilities affecting Adobe Reader and Acrobat. These vulnerabilities affect Adobe Reader and Acrobat versions 9.x through 9.5, and Reader X and Acrobat X versions prior to 10.1.3.
The Adobe ASSET blog provides additional details on new security architecture changes to Adobe Reader and Acrobat. Adobe Reader and Acrobat 9.5.1 will use the Adobe Flash Player plug-in version installed on the user’s system rather than the Authplay component that ships with Adobe Reader and Acrobat. This change helps limit the number of out-of-date, vulnerable Flash runtimes available to an attacker. Adobe Reader and Acrobat 9.5.1 also now disable rendering of 3D content by default because the 3D rendering components have a history of vulnerabilities.
US-CERT recommends that Flash users upgrade to the latest version of Adobe Flash Player and turn on automatic updates.
An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. This can happen automatically as the result of viewing a webpage.
Impact
These vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF file.
Solution
Update Reader
Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB12-08 and update vulnerable versions of Adobe Reader and Acrobat.
In addition to updating, please consider the following mitigations.
Disable JavaScript in Adobe Reader and Acrobat
Disabling JavaScript may prevent some exploits from resulting in code execution. You can disable Acrobat JavaScript using the Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable Acrobat JavaScript).
Adobe provides a framework to blacklist specific JavaScipt APIs. If JavaScript must be enabled, this framework may be useful when specific APIs are known to be vulnerable or used in attacks.
Prevent Internet Explorer from automatically opening PDF files
The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to a safer option that prompts the user by importing the following as a .REG file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\AcroExch.Document.7]
"EditFlags"=hex:00,00,00,00
Disable the display of PDF files in the web browser
Preventing PDF files from opening inside a web browser will partially mitigate this vulnerability. Applying this workaround may also mitigate future vulnerabilities.
To prevent PDF files from automatically being opened in a web browser, do the following:
1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the Preferences option.
4. Choose the Internet section.
5. Uncheck the "Display PDF in browser" checkbox.
Do not access PDF files from untrusted sources
Do not open unfamiliar or unexpected PDF files, particularly those hosted on websites or delivered as email attachments. Please see Cyber Security Tip ST04-010.
References
Revision History
- April 10, 2012: Initial release
-
TA12-101A: Microsoft Updates for Multiple Vulnerabilities
Original release date: April 10, 2012 | Last revised: --
Systems Affected
- Microsoft Windows
- Microsoft Internet Explorer
- Microsoft .NET Framework
- Microsoft Office
- Microsoft Server Software
- Microsoft SQL Server
- Microsoft Developer Tools
- Microsoft Forefront United Access Gateway
Overview
There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft Server Software, Microsoft SQL Server, Microsoft Developer Tools, and Microsoft Forefront United Access Gateway. Microsoft has released updates to address these vulnerabilities.
Description
The Microsoft Security Bulletin Summary for April 2012 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities.
Impact
A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
Solution
Apply updates
Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for April 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.
References
Revision History
- April 10, 2012: Initial release
-
TA12-073A: Microsoft Updates for Multiple Vulnerabilities
Original release date: March 13, 2012
Last revised: --
Source: US-CERT
Systems Affected
- Microsoft Windows
- Microsoft Visual Studio
- Microsoft
Expression Design
Overview
There are multiple vulnerabilities in Microsoft Windows, Microsoft Visual
Studio, and Microsoft Expression Design. Microsoft has released updates to
address these vulnerabilities.
I. Description
The Microsoft
Security Bulletin Summary for March 2012 describes multiple vulnerabilities
in Microsoft Windows, Microsoft Visual Studio, and Microsoft Expression Design.
Microsoft has released updates to address the vulnerabilities.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code, cause a
denial of service, or gain unauthorized access to your files or system.
III. Solution
Apply updates
Microsoft has provided updates for
these vulnerabilities in the Microsoft
Security Bulletin Summary for March 2012, which describes any known issues
related to the updates. Administrators are encouraged to note these issues and
test for any potentially adverse effects. In addition, administrators should
consider using an automated update distribution system such as Windows Server
Update Services (WSUS). Home users are encouraged to enable automatic
updates.
IV. References
Feedback can be directed to US-CERT.
Produced 2012 by US-CERT, a government organization. Terms of use
Revision History
March 13, 2012: Initial release
-
TA12-045A: Microsoft Updates for Multiple Vulnerabilities
Original release date: February 14, 2012
Last revised: --
Source: US-CERT
Systems Affected
- Microsoft Windows
- Microsoft Internet Explorer
- Microsoft
.NET Framework
- Microsoft Silverlight
- Microsoft
Office
- Microsoft Server Software
Overview
There are multiple vulnerabilities in Microsoft Windows, Internet Explorer,
Microsoft .NET Framework, Silverlight, Office, and Microsoft Server Software.
Microsoft has released updates to address these vulnerabilities.
I. Description
The Microsoft
Security Bulletin Summary for February 2012 describes multiple
vulnerabilities in Microsoft Windows. Microsoft has released updates to address
the vulnerabilities.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code, cause a
denial of service, or gain unauthorized access to your files or system.
III. Solution
Apply updates
Microsoft has provided updates for
these vulnerabilities in the Microsoft
Security Bulletin Summary for February 2012, which describes any known
issues related to the updates. Administrators are encouraged to note these
issues and test for any potentially adverse effects. In addition, administrators
should consider using an automated update distribution system such as Windows Server
Update Services (WSUS). Home users are encouraged to enable automatic
updates.
IV. References
Feedback can be directed to US-CERT.
Produced 2012 by US-CERT, a government organization. Terms of use
Revision History
February 14, 2012: Initial release
-
TA12-024A: "Anonymous" DDoS Activity
Original release date: January 24, 2012
Last revised: --
Source: US-CERT
Overview
US-CERT has received information from multiple sources about coordinated
distributed denial-of-service (DDoS) attacks with targets that included
U.S. government agency and entertainment industry websites. The loosely
affiliated collective "Anonymous" allegedly promoted the attacks in
response to the shutdown of the file hosting site MegaUpload and in protest of
proposed U.S. legislation concerning online trafficking in rightsed
intellectual property and counterfeit goods (Stop Online Piracy Act, or SOPA,
and Preventing Real Online Threats to Economic Creativity and Theft of
Intellectual Property Act, or PIPA).
I. Description
US-CERT has evidence of two types of DDoS attacks: One using HTTP GET
requests and another using a simple UDP flood.
The Low Orbit Ion Cannon
(LOIC) is a denial-of-service attack tool associated with previous Anonymous
activity. US-CERT has reviewed at least two implementations of LOIC. One variant
is written in JavaScript and is designed to be used from a web browser. An
attacker can access this variant of LOIC on a website and select targets,
specify an optional message, throttle attack traffic, and monitor attack
progress. A binary variant of LOIC includes the ability to join a botnet to
allow nodes to be controlled via IRC or RSS command channels (the
"HiveMind" feature).
The following is a sample of LOIC traffic
recorded in a web server log:
"GET
/?id=1327014400570&msg=We%20Are%20Legion! HTTP/1.1" 200 99406
"hxxp://pastehtml.com/view/blafp1ly1.html" "Mozilla/5.0 (Windows
NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
The
following sites have been identified in HTTP referrer headers of suspected LOIC
traffic. This list may not be complete. Please do not visit any of the links as
they may still host functioning LOIC or other malicious code.
"hxxp://3g.bamatea.com/loic.html"
"hxxp://anonymouse.org/cgi-bin/anon-www.cgi/"
"hxxp://chatimpacto.org/Loic/"
"hxxp://cybercrime.hostzi.com/Ym90bmV0/loic/"
"hxxp://event.seeho.co.kr/loic.html"
"hxxp://pastehtml.com/view/bl3weewxq.html"
"hxxp://pastehtml.com/view/bl7qhhp5c.html"
"hxxp://pastehtml.com/view/blafp1ly1.html"
"hxxp://pastehtml.com/view/blakyjwbi.html"
"hxxp://pastehtml.com/view/blal5t64j.html"
"hxxp://pastehtml.com/view/blaoyp0qs.html"
"hxxp://www.lcnongjipeijian.com/loic.html"
"hxxp://www.rotterproxy.info/browse.php/704521df/ccc21Oi8/vY3liZXJ/jcmltZS5/ob3N0emk/uY29tL1l/tOTBibVY/wL2xvaWM/v/b5/fnorefer"
"hxxp://www.tandycollection.co.kr/loic.html"
"hxxp://www.zgon.cn/loic.html"
"hxxp://zgon.cn/loic.html"
"hxxp://www.turbytoy.com.ar/admin/archivos/hive.html"
The
following are the A records for the referrer sites as of January, 20,
2012:
3g[.]bamatea[.]com
A 218[.]5[.]113[.]218
cybercrime[.]hostzi[.]com
A 31[.]170[.]161[.]36
event[.]seeho[.]co[.]kr
A 210[.]207[.]87[.]195
chatimpacto[.]org
A 66[.]96[.]160[.]151
anonymouse[.]org
A 193[.]200[.]150[.]125
pastehtml[.]com
A 88[.]90[.]29[.]58
lcnongjipeijian[.]com
A 49[.]247[.]252[.]105
www[.]rotterproxy[.]info
A 208[.]94[.]245[.]131
www[.]tandycollection[.]co[.]kr A
121[.]254[.]168[.]87
www[.]zgon[.]cn
A 59[.]54[.]54[.]204
www[.]turbytoy[.]com[.]ar
A 190[.]228[.]29[.]84
The HTTP requests
contained an "id" value based on UNIX time and user-defined
"msg" value, for example:
GET
/?id=1327014189930&msg=%C2%A1%C2%A1NO%20NOS%20GUSTA%20LA%20
Other
"msg" examples:
msg=%C2%A1%C2%A1NO%20NOS%20GUSTA%20LA%20
msg=:)
msg=:D
msg=Somos%20Legion!!!
msg=Somos%20legi%C3%B3n!
msg=Stop%20S.O.P.A%20:)%20%E2%99%AB%E2%99%AB HTTP/1.1" 200 99406
"http://pastehtml.com/view/bl7qhhp5c.html"
msg=We%20Are%20Legion!
msg=gh
msg=open%20megaupload
msg=que%20sepan%20los%20nacidos%20y%20los%20que%20van%20a%20nacer%20que%20nacimos%20para%20vencer%20y%20no%20para%20ser%20vencidos
msg=stop%20SOPA!!
msg=We%20are%20Anonymous.%20We%20are%20Legion.%20We%20do%20not%20forgive.%20We%20do%20not%20forget.%20Expect%20us!
The
"msg" field can be arbitrarily set by the attacker.
As of
January 20, 20012, US-CERT has observed another attack that consists of UDP
packets on ports 25 and 80. The packets contained a message followed by variable
amounts of padding, for example:
66:6c:6f:6f:64:00:00:00:00:00:00:00:00:00 |
flood.........
Target selection, timing, and other attack activity
is often coordinated through social media sites or online forums.
US-CERT
is continuing research efforts and will provide additional data as it becomes
available.
III. Solution
There are a number of mitigation strategies available for dealing with DDoS
attacks, depending on the type of attack as well as the target network
infrastructure. In general, the best practice defense for mitigating DDoS
attacks involves advanced preparation.
- Develop a checklist or
Standard Operating Procedure (SOP) to follow in the event of a DDoS attack. One
critical point in a checklist or SOP is to have contact information for your ISP
and hosting providers. Identify who should be contacted during a DDoS, what
processes should be followed, what information is needed, and what actions will
be taken during the attack with each entity.
- The ISP or hosting provider
may provide DDoS mitigation services. Ensure your staff is aware of the
provisions of your service level agreement (SLA).
- Maintain contact
information for firewall teams, IDS teams, network teams and ensure that it is
current and readily available.
- Identify critical services that must be
maintained during an attack as well as their priority. Services should be
prioritized beforehand to identify what resources can be turned off or blocked
as needed to limit the effects of the attack. Also, ensure that critical systems
have sufficient capacity to withstand a DDoS attack.
- Have current
network diagrams, IT infrastructure details, and asset inventories. This will
assist in determining actions and priorities as the attack
progresses.
- Understand your current environment and have a baseline of
daily network traffic volume, type, and performance. This will allow staff to
better identify the type of attack, the point of attack, and the attack vector
used. Also, identify any existing bottlenecks and remediation actions if
required.
- Harden the configuration settings of your network, operating
systems, and applications by disabling services and applications not required
for a system to perform its intended function.
- Implement a bogon block list at the
network boundary.
- Employ service screening on edge routers wherever
possible in order to decrease the load on stateful security devices such as
firewalls.
- Separate or compartmentalize critical
services:
- Separate public and private services
- Separate intranet,
extranet, and internet services
- Create single purpose servers for each
service such as HTTP, FTP, and DNS
- Review the US-CERT Cyber
Security Tip Understanding
Denial-of-Service Attacks.
IV. References
Feedback can be directed to US-CERT.
Produced 2012 by US-CERT, a government organization. Terms of use
Revision History
January 24, 2012: Initial release
-
TA12-010A: Microsoft Updates for Multiple Vulnerabilities
Original release date: January 10, 2012
Last revised: --
Source: US-CERT
Systems Affected
- Microsoft Windows
- Microsoft Developer Tools and
Software
Overview
There are multiple vulnerabilities in Microsoft Windows and Microsoft
Developer Tools and Software. Microsoft has released updates to address these
vulnerabilities.
I. Description
The Microsoft
Security Bulletin Summary for January 2012 describes multiple
vulnerabilities in Microsoft Windows. Microsoft has released updates to address
the vulnerabilities.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code, cause a
denial of service, or gain unauthorized access to your files or system.
III. Solution
Apply updates
Microsoft has provided updates for
these vulnerabilities in the Microsoft
Security Bulletin Summary for January 2012. That bulletin describes any
known issues related to the updates. Administrators are encouraged to note these
issues and test for any potentially adverse effects. In addition, administrators
should consider using an automated update distribution system such as Windows Server
Update Services (WSUS).
IV. References
Feedback can be directed to US-CERT.
Produced 2012 by US-CERT, a government organization. Terms of use
Revision History
January 10, 2012: Initial release
-
TA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
Original release date: January 06, 2012
Last revised: --
Source: US-CERT
Systems Affected
Most Wi-Fi access points that support Wi-Fi Protected Setup (WPS) are
affected.
Overview
Wi-Fi Protected Setup (WPS) provides simplified mechanisms to configure
secure wireless networks. The external registrar PIN exchange mechanism is
susceptible to brute force attacks that could allow an attacker to gain access
to an encrypted Wi-Fi network.
I. Description
WPS uses a PIN as a shared secret to authenticate an access point and a
client and provide connection information such as WEP and WPA passwords and
keys. In the external registrar exchange method, a client needs to provide the
correct PIN to the access point.
An attacking client can try to guess the
correct PIN. A design vulnerability reduces the effective PIN space sufficiently
to allow practical brute force attacks. Freely available attack tools can
recover a WPS PIN in 4-10 hours.
For further details, please see
Vulnerability Note VU#723755
and further documentation by Stefan
Viehbock and Tactical
Network Solutions.
II. Impact
An attacker within radio range can brute-force the WPS PIN for a vulnerable
access point. The attacker can then obtain WEP or WPA passwords and likely gain
access to the Wi-Fi network. Once on the network, the attacker can monitor
traffic and mount further attacks.
III. Solution
Update Firmware
Check your access point vendor's
support website for updated firmware that addresses this vulnerability. Further
information may be available in the Vendor Information
section of VU#723755 and in a Google spreadsheet called WPS
Vulnerability Testing.
Disable WPS
Depending on
the access point, it may be possible to disable WPS. Note that some access
points may not actually disable WPS when the web management interface indicates
that WPS is disabled.
IV. References
Feedback can be directed to US-CERT.
Produced 2012 by US-CERT, a government organization. Terms of use
Revision History
January 06, 2012: Initial release
-
TA11-350A: Adobe Updates for Multiple Vulnerabilities
Original release date: December 16, 2011
Last revised: --
Source: US-CERT
Systems Affected
- Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and
Macintosh
- Adobe Reader 9.4.6 and earlier 9.x versions for Windows,
Macintosh, and UNIX
- Adobe Acrobat X (10.1.1) and earlier 10.x versions
for Windows and Macintosh
- Adobe Acrobat 9.4.6 and earlier 9.x versions
for Windows and Macintosh
Overview
Adobe has released Security Bulletin APSB11-30,
which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.
I. Description
Adobe Security Bulletin APSB11-30
and Adobe Security Advisory APSA11-04
describe a number of vulnerabilities affecting Adobe Reader and Acrobat.
These vulnerabilities affect Reader and Acrobat 9.4.6 and earlier 9.x versions.
These vulnerabilities also affect Reader X and Acrobat X 10.1.1 and earlier 10.x
versions.
An attacker could exploit these vulnerabilities by convincing a
user to open a specially crafted PDF file. The Adobe Reader browser plug-in,
which can automatically open PDF documents hosted on a website, is available for
multiple web browsers and operating systems.
Adobe Reader X and Adobe
Acrobat X will be patched in the next quarterly update scheduled for January 10,
2012.
Additional details for the U3D memory corruption vulnerability can
be found in US-CERT
Vulnerability Note VU#759307.
II. Impact
These vulnerabilities could allow a remote attacker to execute arbitrary
code, write arbitrary files or folders to the file system, escalate local
privileges, or cause a denial of service on an affected system as the result of
a user opening a malicious PDF file.
III. Solution
Update Reader
Adobe has released updates to address
this issue. Users are encouraged to read Adobe Security Bulletin APSB11-30
and update vulnerable versions of Adobe Reader and Acrobat.
In
addition to updating, please consider the following
mitigations.
Disable Flash in Adobe Reader and
Acrobat
Disabling Flash in Adobe Reader will mitigate attacks
that rely on Flash content embedded in a PDF file. Disabling 3D & Multimedia
support does not directly address the vulnerability, but it does provide
additional mitigation and results in a more user-friendly error message instead
of a crash. To disable Flash and 3D & Multimedia support in Adobe Reader 9,
delete, rename, or remove access to these files:
Microsoft Windows
"%ProgramFiles%\Adobe\Reader
9.0\Reader\authplay.dll"
"%ProgramFiles%\Adobe\Reader
9.0\Reader\rt3d.dll"
Apple Mac OS
X
"/Applications/Adobe Reader 9/Adobe
Reader.app/Contents/Frameworks/AuthPlayLib.bundle"
"/Applications/Adobe Reader 9/Adobe
Reader.app/Contents/Frameworks/Adobe3D.framework"
GNU/Linux (locations may vary among distributions)
"/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so"
"/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so"
File
locations may be different for Adobe Acrobat or other Adobe products that
include Flash and 3D & Multimedia support. Disabling these plugins will
reduce functionality and will not protect against Flash content that is hosted
on websites. Depending on the update schedule for products other than Flash
Player, consider leaving Flash and 3D & Multimedia support disabled unless
they are absolutely required.
Disable JavaScript in Adobe Reader and
Acrobat
Disabling JavaScript may prevent some exploits from resulting
in code execution. Acrobat JavaScript can be disabled using the Preferences menu
(Edit -> Preferences -> JavaScript; uncheck
Enable Acrobat JavaScript).
Adobe provides a framework to blacklist specific
JavaScipt APIs. If JavaScript must be enabled, this framework may be useful
when specific APIs are known to be vulnerable or used in attacks.
Prevent Internet Explorer from automatically opening PDF files
The installer for Adobe Reader and Acrobat configures Internet Explorer to
automatically open PDF files without any user interaction. This behavior can be
reverted to a safer option that prompts the user by importing the following as a
.REG file:
Windows Registry Editor Version
5.00
[HKEY_CLASSES_ROOT\AcroExch.Document.7]
"EditFlags"=hex:00,00,00,00
Disable the display of PDF
files in the web browser
Preventing PDF files from opening inside
a web browser will partially mitigate this vulnerability. If this workaround is
applied, it may also mitigate future vulnerabilities.
To prevent PDF
files from automatically being opened in a web browser, do the following:
1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the Preferences option.
4. Choose the
Internet section.
5. Uncheck the "Display PDF in
browser" checkbox.
Remove or restrict access to
3difr.x3d
By removing or restricting access to the 3difr.x3d
file, Adobe Reader and Acrobat will fail to render U3D content, which helps to
mitigate this vulnerability. PDF documents that use the PRC format for 3D
content will continue to function on Windows and Linux platforms.
To
disable U3D support in Adobe Reader 9 on Microsoft Windows, delete or rename
this file:
"%ProgramFiles%\Adobe\Reader
9.0\Reader\plug_ins3d\3difr.x3d"
For Apple Mac OS X, delete or
rename this directory:
"/Applications/Adobe
Reader 9/Adobe
Reader.app/Contents/Frameworks/Adobe3D.framework"
For
GNU/Linux, delete or rename this file (locations may vary among
distributions):
"/opt/Adobe/Reader9/Reader/intellinux/plug_ins3d/3difr.x3d"
File
locations may be different for Adobe Acrobat or other Adobe products or
versions.
Do not access PDF files from untrusted sources
Do not open unfamiliar or unexpected PDF files, particularly those hosted on
websites or delivered as email attachments. Please see Cyber Security Tip ST04-010.
IV. References
Feedback can be directed to US-CERT.
Produced 2011 by US-CERT, a government organization. Terms of use
Revision History
December 16, 2011: Initial release
-
TA11-347A: Microsoft Updates for Multiple Vulnerabilities
Original release date: December 13, 2011
Last revised: --
Source: US-CERT
Systems Affected
- Microsoft Windows
- Microsoft Office
- Internet
Explorer
Overview
There are multiple vulnerabilities in Microsoft Windows, Office, and Internet
Explorer. Microsoft has released updates to address these vulnerabilities.
I. Description
The Microsoft
Security Bulletin Summary for December 2011 describes multiple
vulnerabilities in Microsoft Windows. Microsoft has released updates to address
the vulnerabilities. Additional details for MS11-091 can be found in US-CERT vulnerability note
VU#361441.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code, cause a
denial of service, or gain unauthorized access to your files or system.
III. Solution
Apply updates
Microsoft has provided updates for
these vulnerabilities in the Microsoft
Security Bulletin Summary for December 2011. That bulletin describes any
known issues related to the updates. Administrators are encouraged to note these
issues and test for any potentially adverse effects. In addition, administrators
should consider using an automated update distribution system such as Windows Server
Update Services (WSUS).
IV. References
Feedback can be directed to US-CERT.
Produced 2011 by US-CERT, a government organization. Terms of use
Revision History
December 13, 2011: Initial release
