|
| Tue, 10 Aug 2010 08:00:00 GMT MS10-060 - Critical: Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906) |
| Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in convincing a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing the page, as could be the case in a Web hosting scenario. |
| Tue, 10 Aug 2010 08:00:00 GMT MS10-059 - Important: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799) |
| Bulletin Severity Rating:Important - This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Tracing Feature for Services. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. |
| Tue, 10 Aug 2010 08:00:00 GMT MS10-058 - Important: Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886) |
| Bulletin Severity Rating:Important - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege due to an error in the processing of a specific input buffer. An attacker who is able to log on to the target system could exploit this vulnerability and run arbitrary code with system-level privileges. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
| Tue, 10 Aug 2010 08:00:00 GMT MS10-057 - Important: Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707) |
| Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Tue, 10 Aug 2010 08:00:00 GMT MS10-056 - Critical: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638) |
| Bulletin Severity Rating:Critical - This security update resolves four privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
| Fri, 03 Sep 2010 19:30:12 GMT Facebook Glitch Let Spammer Post to Walls
(PC World)
|
| PC World - A clever spammer found a glitch in Facebook's photo upload system and used it to post thousands of unwanted Wall messages this week. |
| Fri, 03 Sep 2010 17:10:08 GMT Spammers Take Over Apple's New Ping Social Network
(NewsFactor)
|
| NewsFactor - Apple launched iTunes 10 with Ping, a new music-oriented social network, on Wednesday. Within hours, the site fell victim to spammers looking to make a quick buck from Apple's unsuspecting 160 million music lovers exploring the new way to discover what music their friends are listening to. |
| Fri, 03 Sep 2010 15:10:11 GMT Germany to Launch Antibotnet Program for Consumers
(PC World)
|
| PC World - Germany will soon launch a service to help consumers remove malicious software from their computers in an attempt to stem the spread of spam-sending botnets. |
| Fri, 03 Sep 2010 13:47:40 GMT Apple's Ping Inundated with Spam Comments
(PC Magazine)
|
| PC Magazine - Days after its release, Apple's new Ping social network within iTunes is being inundated with spam comments. |
| Fri, 03 Sep 2010 12:57:00 GMT Apple's Ping a Scammer's Haven? Security Experts Say Watch Out
(PC World)
|
| PC World - Apple's music-focused social network, Ping is only a few days old, and already the iTunes-based feature is "drowning in scams and spams," security researchers say. The scams are nothing too advanced at the moment, and there are no reports of clickjacking worms or other forms of aggressive malware, experts say. But if you're looking for links to bogus surveys promising free iPhones, iPads, and other assorted iDevices, then Ping in iTunes 10 is the social network for you. |
|
| Thu, 09 Nov 2006 07:00:00 PST Cisco IPSec VPN Implementation Group Name Enumeration Vulnerability |
This Cisco Security Notice is being released in response to the Cisco VPN Concentrator Group Name Enumeration Vulnerability advisory published on June 20, 2005 by NTA Monitor at http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm. |
| Fri, 21 Apr 2006 13:40:00 PST Crafted DNS Packet Can Cause Denial Of Service |
 |
| Thu, 26 Jan 2006 14:30:00 PST Cisco IPsec VPN Implementation Group Password Usage Vulnerability |
 |
| Mon, 07 Nov 2005 10:00:00 PST Response to BugTraq - Cisco Clean Access Agent (Perfigo) Bypass |
This document is provided to simplify access to Cisco responses to possible product security vulnerability issues posted in public forums for Cisco customers. This does not imply that Cisco perceives each of these issues as an actual product security vulnerability. This notice is provided on an "as is" basis and does not imply any kind of guarantee or warranty. Your use of the information on the page or materials linked from this page are at your own risk. Cisco reserves the right to change or update this page without notice at any time.+Bypass) |
| Thu, 08 Sep 2005 07:00:00 PST CSS SSL Authentication Bypass |
The Cisco CSS 11500 Series Content Services Switches (CSS) running Secure Socket Layer (SSL) has a vulnerability that may allow a user to bypass SSL authentication and access protected content. Cisco has made free software available to address this vulnerability. |
| Wed, 24 Aug 2005 09:00:00 PST ZOTOB and WORM_RBOT.CBQ Mitigation Recommendations |
Cisco customers are currently experiencing attacks due to new worms and bots that are active on the Internet. The signature of these worms and bots appears as TCP traffic to port 445 as well as traffic to several secondary TCP ports depending on the variant of the worm. Affected customers have been experiencing high volumes of traffic from both internal and external systems. Symptoms on Cisco devices include, but are not limited to, high CPU and traffic drops on the input interfaces. This document focuses on both mitigation techniques and affected Cisco products that need software supplied by Cisco to patch properly. |
| Mon, 25 Jul 2005 14:50:00 PST Response to Full-Disclosure - Potential Denial of Service Bug in Cisco Pix Firewall IOS 6.2.2 and 6.3.(3.102) |
) |
| Wed, 08 Jun 2005 15:00:00 PST Cisco 802.1x Voice-Enabled Interfaces Allow Anonymous Voice VLAN Access |
This Cisco Security Notice is being released in response to the Cisco 802.1x Voice-Enabled Interfaces Allow Anonymous Voice VLAN Access advisory published on June 8, 2005 by FishNet Security at http://www.fishnetsecurity.com/csirt/disclosure/cisco/.  |
| Mon, 23 May 2005 07:30:00 PST Vulnerability in a Variant of the TCP Timestamps Option |
 |
| Sun, 18 Jul 2004 23:00:00 PST W32.BLASTER Worm Mitigation Recommendations |
 |
| Sun, 18 Jul 2004 23:00:00 PST Cisco Internet Key Exchange Issue *Updated on 19-Jul-2004 |
 |
| Sun, 18 Jul 2004 15:00:00 PST Dictionary Attack on Cisco LEAP Vulnerability |
 |
| Wed, 26 May 2004 23:00:00 PST Alleged Bypassing Access Control List in Cisco IOS |
 |
| Fri, 07 May 2004 08:30:00 PST Exploit for Multiple Cisco Vulnerabilities *Updated on 07-May-2004 0930 PDT |
 |
| Mon, 13 Oct 2003 23:00:00 PST Cisco Nachi Worm Mitigation Recommendations *Updated on 14-Oct-2003 |
 |
| Fri, 03 Oct 2003 23:00:00 PST Response to BugTraq - Cisco 6509 Switch Telnet Vulnerability |
 |
| Fri, 03 Oct 2003 07:00:00 PST Response to BugTraq - PIX Denial of Service |
 |
| Sat, 06 Sep 2003 23:00:00 PST Response to BugTraq - Cisco CSS11000 Series DoS |
 |
| Wed, 30 Jul 2003 23:00:00 PST Data Leak in UDP Echo Service |
 |
| Tue, 29 Jul 2003 23:00:00 PST Sending 2GB Data in GET Request Causes Buffer Overflow in Cisco IOS Software |
 |
| Wed, 23 Jul 2003 23:00:00 PST Enumerating Locally Defined Users in Cisco IOS |
 |
| Wed, 21 May 2003 23:00:00 PST Response to BugTraq - Cisco VPN Client can be used to Gain Local Administrator Rights (All Versions, Patched or Otherwise) |
) |
| Wed, 14 May 2003 23:00:00 PST Response to BugTraq - Cisco ACL Bug when using VPN Crypto Engine Accelerator, PPPoE Dialer or IP Route-Cache |
 |
| Tue, 13 May 2003 23:00:00 PST Response to BugTraq - Cisco Systems VPN Client Allows Local Login with Elevated Privileges |
 |
| Wed, 18 Dec 2002 23:00:00 PST Cisco EIGRP Issue |
 |
| Mon, 28 Oct 2002 23:00:00 PST Response to BugTraq - Cisco as5350 Crashes with nmap Connect Scan |
 |
| Thu, 03 Oct 2002 23:00:00 PST Response to BugTraq - Cisco SCA 11000 Series Secure Content Accelerator OpenSSL Issue |
 |
| Wed, 18 Sep 2002 23:00:00 PST The Trivial Cisco IP Phones Compromise |
 |
| Sun, 14 Jul 2002 23:00:00 PST Response to BugTraq - VPN 3000 Gateway MTU Overflow |
 |
| Thu, 20 Jun 2002 23:00:00 PST Response to BugTraq - Weak Cisco PIX Enable Password Encryption Algorithm |
 |
| Thu, 20 Jun 2002 23:00:00 PST Response to BugTraq - Cisco Secure ACS Cross Site Scripting Issue |
 |
| Wed, 05 Jun 2002 23:00:00 PST Response to BugTraq - Cisco IOS Software - Three Possible DoS Attacks |
 |
| Mon, 20 May 2002 23:00:00 PST Response to BugTraq - Cisco IOS Software and ICMP Redirect Issue |
 |
| Mon, 08 Oct 2001 23:00:00 PST CDP Issue |
 |
| Tue, 15 May 2001 23:00:00 PST Response to BugTraq - HSRP Issues |
 |
| Wed, 11 Apr 2001 23:00:00 PST Response to BugTraq - NTP Issue |
 |
| Wed, 14 Mar 2001 23:00:00 PST Response to BugTraq - PIX Security Notes |
 |
| Sun, 12 Nov 2000 23:00:00 PST Response to BugTraq - Catalyst 3500 Issue |
 |
| Mon, 29 May 2000 23:00:00 PST Response to BugTraq - TACACS Vulnerability |
 |
| Mon, 08 May 2000 23:00:00 PST Response to BugTraq - show Command Vulnerability |
 |
|
| Thu, 02 Sep 2010 06:30:00 PST Cisco IOS XR Software Border Gateway Protocol Vulnerability |
Cisco IOS XR Software contains a vulnerability in the Border Gateway Protocol (BGP) feature. The vulnerability manifests itself when a BGP peer announces a prefix with a specific, valid but unrecognized transitive attribute. On receipt of this prefix, the Cisco IOS XR device will corrupt the attribute before sending it to the neighboring devices. Neighboring devices that receive this corrupted update may reset the BGP peering session. |
| Wed, 25 Aug 2010 07:40:00 PST Cisco Unified Communications Manager Denial of Service Vulnerabilities |
Cisco Unified Communications Manager contains two denial of service (DoS) vulnerabilities that affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities could cause an interruption of voice services.  |
| Wed, 25 Aug 2010 07:30:00 PST Cisco Unified Presence Denial of Service Vulnerabilities |
Cisco Unified Presence contains two denial of service (DoS) vulnerabilities that affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities could cause an interruption of presence services.  |
| Thu, 12 Aug 2010 13:30:00 PST Cisco IOS Software TCP Denial of Service Vulnerability |
Cisco IOS Software Release, 15.1(2)T is affected by a denial of service (DoS) vulnerability during the TCP establishment phase. The vulnerability could cause embryonic TCP connections to remain in a SYNRCVD or SYNSENT state. Enough embryonic TCP connections in these states could consume system resources and prevent an affected device from accepting or initiating new TCP connections, including any TCP-based remote management access to the device. |
| Wed, 11 Aug 2010 08:00:00 PST Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine |
The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine contain the following DoS vulnerabilities: Real-Time Streaming Protocol (RTSP) inspection DoS vulnerability HTTP, RTSP, and Session Initiation Protocol (SIP) inspection DoS vulnerability Secure Socket Layer (SSL) DoS vulnerability SIP inspection DoS vulnerability  |
![[logo]](http://www.microsoft.com/library/toolbar/3.0/images/banners/TechNetB_masthead_ltr.gif "Microsoft Security Bulletins")
![[logo]](http://www.securityfocus.com/rss/SFLogo_v1.gif "SecurityFocus")
![[logo]](http://l.yimg.com/a/i/us/nws/th/main_142c.gif "Yahoo! News")
![[logo]](http://newsroom.cisco.com/images/mobile_newsAtCisco.png "News@Cisco")
