[IS&T Security-FYI] SFYI Newsletter, June 7, 2010

Mon Jun 7 11:01:09 EDT 2010

In this issue:

1. Security Advisory from Adobe
2. Microsoft Security Updates
3. Five Ways to Keep Online Criminals at Bay

----------------------------------------
1. Security Advisory from Adobe
----------------------------------------

A critical vulnerability (zero-day exploit) exists in Adobe Flash Player and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x. 

Systems affected:

Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris
Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX

This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. Adobe will update this advisory once a schedule has been determined for releasing a fix.

The Flash Player 10.1 Release Candidate available at <http://labs.adobe.com/downloads/flashplayer10.html> does not appear to be vulnerable. Adobe Reader and Acrobat 8.x are confirmed not vulnerable.

Read the full advisory: 
<http://www.adobe.com/support/security/advisories/apsa10-01.html>

-------------------------------------
2. Microsoft Security Updates
-------------------------------------

On Tuesday, June 8, Microsoft is planning to release 10 new security bulletins, three of which are critical.

Systems affected:

Windows 2000, XP, Vista and 7
Windows Server 2003, 2008 and 2008 R2
Internet Explorer 6, 7 and 8
Microsoft Office for Windows 2003 SP3, XP SP3 and 2007
Microsoft Office for Mac 2004 and 2008

Read the full bulletin:
<http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx>

----------------------------------------------------------
3. Five Ways to Keep Online Criminals at Bay
----------------------------------------------------------

The New York Times published an article a few weeks ago to review what are considered to be the top 5 things people should do to stay safe on the Internet. 

Protect the Browser: download updates as they become available and/or use a more obscure browser like Chrome from Google.
Get Adobe Updates: no matter what browser you're using, sites running on Flash can be vulnerable to exploits. Read the Security Advisory from Adobe above and download the latest player (10.1) from the Adobe website.
Beware Malicious Ads: advertisements can contain malicious software (malware). Blocking pop-ups or killing ads with a plug-in (such as Adblock for Firefox) can protect you.
Poisoned Search Results: placing malicious sites at the top of a search result is another way criminals snag the unwary. Some browsers and other software tools can help warn you about potentially dangerous links.
Antisocial Media: criminals use popular sites like Facebook and Twitter to induce people to visit their malicious sites. Beware the "friend" who you are not sure about.

Read the full article with tips:
<http://www.nytimes.com/2010/05/20/technology/personaltech/20basics.html>

===========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100607/580d9683/attachment.htm