Multiple vulnerabilities have been discovered in Cisco ASA and PIX devices running version 7.x and 8.x software. Cisco has released free software updates to address the vulnerabilities. Installation of updates will require after hours work and device reboots.

For more information about individual vulnerabilities, refer to the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20080604-asa.shtml

Read More...

On February 12, Microsoft plans to make an updated Internet Explorer 7 installation package available via Windows Server Update Services (WSUS). The installation will be released as an Update Rollup package. Customers that require IE6 and have WSUS configured to auto-approve critical updates will need to disable the auto-approval feature before February 12 to ensure the rollup package is not released to clients.

Once the Update Rollup package for IE7 has synchronized with the WSUS server, the auto-approval feature can be turned back on and installation of the IE7 update can be managed manually. Read More...

In a bulletin released October 22, 2007, Adobe announced a critical vulnerability in its Acrobat and Reader programs. This vulnerability could allow a successful attacker to take control of the affected system. In order for the attacker to compromise the system, they must get you to open a malicious file in Adobe Reader or Acrobat.

This vulnerability affects users running Windows XP or Windows 2003 with Internet Explorer 7 installed. Vista users are not affected. Adobe versions 8.1 and earlier are susceptible to this vulnerability. Adobe categorizes this as a critical issue and recommends that affected users update their product installations.  Read More...

There has been a recent increase in “greeting-card spam” that tries to compromise users by getting them to visit malicious websites. The subject line most often states, “You've received a postcard from a family member!” Within the message body, users are given options on how to retrieve their “postcard”. Links in the message direct users to malicious websites where their browsers may be attacked, or they may be prompted to download and execute malicious software. Attacks are directed at both Microsoft Internet Explorer and Mozilla Firefox browsers.

Users should be very cautious when following links in e-mail messages. Links to foreign domains (e.g. http://someaddress.hk in Hong Kong) or directly to IP addresses (e.g. http://123.123.123.123) should almost always be avoided.

Also, it is important to keep operating systems and software up-to-date with the latest security patches, as well as keep antivirus software virus definitions current. Read More...

As of yesterday (May 28, 2007) it appears more than 1,400 executives (from various companies) had been infected by an e-mail attack that dresses itself up as a complaint filed with the Better Business Bureau.

The phishing attack uses details apparently culled from public sources to tailor the e-mail message with a company's name, the name of a senior executive and the executive's e-mail address in an attempt to convince the person to open a malicious attachment.

As with all such attacks, it is wise to never open unsolicited attachments. Up-to-date antivirus software and Intrusion Detection/Prevention systems also provide layers of protection from such attacks. Read More...

Microsoft has just released a patch to correct a critical vulnerability in Windows systems. The vulnerability applies to current versions of Windows and the update should be applied as soon as possible. Of course, systems not protected by a corporate firewall and/or up-to-date antivirus software are at highest risk. Compromised websites can infect unpatched computers. At least one known worm has been detected which exploits this vulnerability.

This patch can be applied via normal Microsoft update procedures you may already have in place. Read More...

New Daylight Savings Time dates effective for 2007:

• Begin: 2:00 AM, March 11, 2007 (was April 1, 2007)
• End: 2:00 AM, November 4, 2007 (was October 28, 2007)

Given the broad range of technology in use today and the integration of systems between customers, vendors, and partners, IT managers should determine what actions should be taken to mitigate the affects of DST 2007 on their organizations. Read More...

Microsoft plans to deliver their latest version of Internet Explorer (version 7) as a high-priority security update via Automatic Updates (AU) and the Windows Update and Microsoft Update sites. The IE update will be available shortly after its final version release (expected within the next few weeks).

Internet Explorer 7 Release Candidate 1 (RC1) is currently available from Microsoft's website (http://www.microsoft.com/windows/ie/downloads/default.mspx). IT Administrators should begin installing and testing this new version of IE for application compatibility.

Microsoft is providing a Blocker Toolkit for enterprise customers who want to block automatic delivery of IE7. The Blocker Toolkit can be downloaded from Microsoft's Download Center at:
http://go.microsoft.com/fwlink/?linkid=65788

Symantec has recently released information about a critical vulnerability found in their Client Security and AntiVirus Corporate Edition products that may allow local or remote attackers to crash a system or execute arbitrary code.

The following Symantec Client Security products are affected: Read More...

Microsoft has recently released information about a critical vulnerability found in their Exchange Server product. The vulnerability, if exploited, could allow a remote attacker to execute arbitrary code and gain complete control of the Exchange mail server.

The following Microsoft Exchange Server products are affected:

• Microsoft Exchange Server 2000 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004
• Microsoft Exchange Server 2003 Service Pack 1
• Microsoft Exchange Server 2003 Service Pack 2

Security patches to address affected products can be obtained at:
http://www.microsoft.com/technet/security/bulletin/ms06-019.mspx