 
|
|
 |
|
 |
| Home » Publications » AusCERT Web Log » The end of February, and still more unpatched vulner...
|
| |
 |
 |
 |
|
|
|
|
Date: 26 February 2009
Click here for printable version
Greetings,
It's been a busy week leading up to the end of February with a number of nasty vulnerabilities announced but currently still unpatched. A vulnerability has been announced in Adobe Reader and Acrobat which could potentially allow the execution of arbitrary code, but at present no updates have been released by Adobe. Adobe has however provided a workaround, requiring users to disable Javascript from within Adobe Reader and Acrobat. For more details, please check out our bulletin.
Microsoft have also released an advisory regarding a serious vulnerability in Excel, which is also yet to be patched. Microsoft have provided some strategies to mitigate the vulnerability, such as monitoring emails for Excel attachments, or alerting staff to not open files from untrusted sources. Hopefully a patch will be released to correct this vulnerability in the near future!
Microsoft have also released an update for Windows Autorun, specifically to allow Autorun to be properly disabled. Disabling of Autorun is necessary to prevent the spread of certain malware/trojans which utilise Autorun for removable devices to allow the execution of arbitrary code.
Additionally, Adobe have released an update for Flash, to correct a vulnerability which could allow the execution of arbitrary code when viewing specially crafted Shockwave Flash files. Unfortunately it seems that Flash is not correctly auto-updating to the latest version, so it is currently necessary to do a manual update.
Have a good weekend,
Jonathan.
|
|
|
|
 |
|
 |
|
|
|
|
|