[IS&T Security-FYI] SFYI Newsletter, September 28, 2009

Monique Yeaton myeaton at MIT.EDU
Mon Sep 28 13:39:54 EDT 2009 

In this issue:

1. Latest Security Updates
2. Firefox Warns About Flash
3. Event: NERCOMP - Desktop Security


----------------------------------
1. Latest Security Updates
----------------------------------

In the past two weeks the following security updates have been released:

  ---- Microsoft ----

  * Fix for SMB Vulnerability
Microsoft has released Microsoft Knowledge Base Article 975497 to  
address a previously reported vulnerability in Microsoft Server  
Message Block (SMB). This vulnerability may allow an attacker to  
execute arbitrary code or cause a denial-of-service condition.

Details: <http://support.microsoft.com/kb/975497>

  ---- Apple ----

* iTunes 9.0.1
Apple has released iTunes 9.0.1 two weeks after iTunes 9.0 was  
released to address a vulnerability that may allow an attacker to  
execute arbitrary code or cause a denial-of-service condition. The  
flaw can be exploited on Mac OS X or Windows systems. The update also  
addresses other vulnerabilities and issues that can cause iTunes to  
quit unexpectedly or become unresponsive.

Details: <http://support.apple.com/kb/HT3884>

  ---- Cisco ----

  * IOS router operating system
  * Unified Communications Manager
Cisco has released eleven security advisories to address  
vulnerabilities in IOS Software and Unified Communications Manager.  
These vulnerabilities may allow an attacker to cause a denial-of- 
service condition, buffer overflow, or access control list bypass.  
Cisco has provided updates for all the vulnerabilities.

Details: <http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml 
 >

  ---- Adobe ----

  * RoboHelp Server 8
Adobe has released security bulletin APSB09-14 to address a  
vulnerability in RoboHelp Server 8. This vulnerability may allow a  
remote attacker to execute arbitrary code.

Details: <http://www.adobe.com/support/security/bulletins/ 
apsb09-14.html>


-------------------------------------
2. Firefox Warns About Flash
-------------------------------------

Mozilla has begun advising users to update Adobe Flash's software  
following a Firefox security update. Mozilla seems to be providing a  
genuine service to the community by helping to close a major vector  
for malware infection and helping fix vulnerabilities in third-party  
software.

The results are already in: in one week in September the update  
notification page, that displayed after upgrades to Firefox 3.5.3 and  
3.0.14, prompted 10 million users to click the Flash update link and  
install the most recent version of Flash. Assuming most users  
installed the Flash update, that's a substantial reduction of the  
risk. According to Adobe, 99% of desktop Internet users have Flash  
installed and according to Mozilla's Internet traffic statistics, at  
least 75% of Flash users aren't using the more current version.

Flash has four of the top 30 vulnerabilities from the first half of  
2009, according to a recent Top Cyber Security Risk Report. Flash does  
not have an automatic update mechanism and users of Internet Explorer  
must patch their browser separately from other browsers for Flash  
vulnerabilities, something that easily can be overlooked.

Full story:
<http://www.informationweek.com/news/internet/browsers/showArticle.jhtml?articleID=220000904 
 >

Top Cyber Security Risk Report:
<http://www.sans.org/top-cyber-security-risks/>


--------------------------------------------------
3. Event: NERCOMP - Desktop Security
--------------------------------------------------

What: NERCOMP Workshop: "Desktop Security and Management Tools"
When: October 22, 2009, 8:00 am - 3:00 pm
Where: Four Points Sheraton Hotel and Conference Center, Norwood MA
How much: $124 for members fee (MIT is a member of NERCOMP)

This workshop will have presentations and discussions of toolsets  
different schools are using to manage desktop environments as well as  
how they are addressing desktop security issues. Schools will present  
how they are using their management tools; how far they go at  
controlling the desktop environment; and how they are managing  
software distribution, updates and inventory.

Full details:
<http://www.nercomp.org/events/event_single.aspx?id=5854>


= 
= 
= 
========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB 
 >



Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you  
for your password.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090928/12c66cf9/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090928/12c66cf9/attachment.bin

More information about the ist-security-fyi mailing list