http://www.stanford.edu/group/security/securecomputing/ Latest security alerts from the Stanford Information Security Office en Copyright 2008 Wed, 20 Feb 2008 11:29:44 -0800 http://www.sixapart.com/movabletype/?v=3.34 http://blogs.law.harvard.edu/tech/rss Summary Stanford users are being subjected to an ongoing "phishing" attack through email messages that ask users to reply with their SUNet account credentials and other personal information. What To Do Do not reply to any message that asks for... Stanford Information Security Office http://www.stanford.edu/group/security/securecomputing/2008/02/phishing_feb08.html http://www.stanford.edu/group/security/securecomputing/2008/02/phishing_feb08.html Email Wed, 20 Feb 2008 11:29:44 -0800 Summary On January 8, 2008 Microsoft released their monthly security bulletin with the latest security updates for workstations and servers. The Microsoft bulletin lists two (2) security vulnerabilities, one critical and one important. The critical patch addresses the vulnerability in... Stanford Information Security Office http://www.stanford.edu/group/security/securecomputing/2008/01/ms08-jan.html http://www.stanford.edu/group/security/securecomputing/2008/01/ms08-jan.html Windows Wed, 23 Jan 2008 18:41:57 -0800 A zero-day vulnerability was disclosed within a 3rd party driver that is shipped with all versions of Windows XP and Windows 2003. This driver, secdrv.sys, was developed by Macrovision as part of SafeDisc. The vulnerability allows a local non-privileged user... Stanford Information Security Office http://www.stanford.edu/group/security/securecomputing/2007/11/iso_notice_zeroday_10_2007.html http://www.stanford.edu/group/security/securecomputing/2007/11/iso_notice_zeroday_10_2007.html Windows Tue, 13 Nov 2007 16:42:17 -0800 Summary On August 14, 2007 Microsoft released their monthly security bulletin with the latest security updates for workstations and servers. The Microsoft bulletin lists nine (9) security vulnerabilities, with six (6) listed as critical and three (3) listed as important.... Stanford Information Security Office http://www.stanford.edu/group/security/securecomputing/2007/08/ms07-aug.html http://www.stanford.edu/group/security/securecomputing/2007/08/ms07-aug.html Windows Wed, 15 Aug 2007 18:08:02 -0800 Summary On April 19, 2007, Apple released Security Update APPLE-SA-2007-06-22 to correct two security vulnerabilities. The patches are for: Webcore, where visiting a malicious website may allow cross-site requests. WebKit, where visiting a maliciously crafted website may lead to an... Stanford Information Security Office http://www.stanford.edu/group/security/securecomputing/2007/06/apple07-june22.html http://www.stanford.edu/group/security/securecomputing/2007/06/apple07-june22.html Macintosh Fri, 22 Jun 2007 17:18:06 -0800 Summary On April 19, 2007, Apple released Security Update APPLE-SA-2007-04-19 to correct twenty five (25) security vulnerabilities. Of particular importance are patches for: Kerberos, where an uninitialized function pointer vulnerability exists in the MIT Kerberos administration daemon (kadmind), which may... Stanford Information Security Office http://www.stanford.edu/group/security/securecomputing/2007/04/apple07-april19.html http://www.stanford.edu/group/security/securecomputing/2007/04/apple07-april19.html Macintosh Wed, 25 Apr 2007 14:58:59 -0800 Summary On April 10, 2007 Microsoft released their monthly security bulletin (revision 2) with the latest security updates for workstations and servers. The Microsoft bulletin lists six (6) security vulnerabilities, with five (5) listed as critical and one (1) listed... Stanford Information Security Office http://www.stanford.edu/group/security/securecomputing/2007/04/ms07-april.html http://www.stanford.edu/group/security/securecomputing/2007/04/ms07-april.html Windows Tue, 10 Apr 2007 18:13:21 -0800 This is an update to a previous posting. As expected Microsoft released the patch for the ".ani" animated cursor file vulnerability (MS Security Advisory 935423) this Tuesday April 3, 2007, one week ahead of their normal schedule. BigFix will push... Stanford Information Security Office http://www.stanford.edu/group/security/securecomputing/2007/04/ms07-april-ani-cursor-vul.html http://www.stanford.edu/group/security/securecomputing/2007/04/ms07-april-ani-cursor-vul.html Windows Wed, 04 Apr 2007 11:13:13 -0800 Microsoft plans to release an earlier than expected patch for the ".ani" animated cursor file vulnerability (MS Security Advisory 935423) this Tuesday April 3, 2007, one week ahead of their normal patch Tuesday schedule. The vulnerability is in how Windows... Stanford Information Security Office http://www.stanford.edu/group/security/securecomputing/2007/04/ms07-april3-ani-zero-day.html http://www.stanford.edu/group/security/securecomputing/2007/04/ms07-april3-ani-zero-day.html Windows Mon, 02 Apr 2007 11:46:03 -0800 Summary On March 13, 2007, Apple released Security Update APPLE-SA-2007-03-13 and MAC OS X v10.4.9, either which can be used to correct thirty (30) security vulnerabilities. Of particular importance are patches for vulnerabilities in: Servermgrd, which may allow remote attackers... Stanford Information Security Office http://www.stanford.edu/group/security/securecomputing/2007/03/apple07-march13.html http://www.stanford.edu/group/security/securecomputing/2007/03/apple07-march13.html Macintosh Tue, 13 Mar 2007 19:43:30 -0800 Summary On March 3, 2007, Apple released Security Update APPLE-SA-2007-03-05 to correct multiple vulnerabilities for QuickTime under Macintosh OS X v10.3.9 and later, and Windows Vista/XP/2000. This latest update, solely for QuickTime, adds functionality and fixes eight (8) QuickTime security... Stanford Information Security Office http://www.stanford.edu/group/security/securecomputing/2007/03/apple07-march.html http://www.stanford.edu/group/security/securecomputing/2007/03/apple07-march.html Macintosh and Windows Mon, 05 Mar 2007 19:41:55 -0800 Summary On February 15, 2007, Apple released Security Update 2007-002 to correct multiple vulnerabilities for the Macintosh OS and corresponding component/applications. This combined security update is designed to fix four (4) security vulnerabilities in Finder, ichat, and UserNotification. Unless noted,... Stanford Information Security Office http://www.stanford.edu/group/security/securecomputing/2007/02/apple07-002.html http://www.stanford.edu/group/security/securecomputing/2007/02/apple07-002.html Macintosh Wed, 21 Feb 2007 14:42:35 -0800 Summary On February 12, 2007 Microsoft released their monthly security bulletin with the latest security updates for workstations and servers. The Microsoft bulletin lists twelve (12) security vulnerabilities, with six (6) listed as critical and six(6) listed as important. All... Stanford Information Security Office http://www.stanford.edu/group/security/securecomputing/2007/02/ms07-feb.html http://www.stanford.edu/group/security/securecomputing/2007/02/ms07-feb.html Windows Wed, 21 Feb 2007 13:55:36 -0800 Summary A vulnerability in the Sun Solaris version 10 or 11 telnet daemon (in.telnetd) could allow a remote attacker to log on to the system with elevated privileges. The telnet daemon does not properly sanitize the USER Environment variable before... Stanford Information Security Office http://www.stanford.edu/group/security/securecomputing/2007/02/unix07-jan12.html http://www.stanford.edu/group/security/securecomputing/2007/02/unix07-jan12.html UNIX Mon, 12 Feb 2007 15:04:59 -0800 Summary On January 9, 2007 Microsoft released their monthly security bulletin with the latest security updates for workstations and servers. The Microsoft bulletin lists four (4) security vulnerabilities, with three (3) listed as critical and one (1) listed as important.... Stanford Information Security Office http://www.stanford.edu/group/security/securecomputing/2007/01/ms07-jan.html http://www.stanford.edu/group/security/securecomputing/2007/01/ms07-jan.html Windows Wed, 17 Jan 2007 18:11:47 -0800