Major Vulnerabilities, patches and a Storm of Love

Date: 17 January 2008 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=8666 AusCERT Week in Review 18 January 2008 Greetings, Another week of serious vulnerabilities and serious patches. We started off with yet another Quicktime remote code execution vulnerability, followed by equally serious vulnerabilities in SAP MaxDB and yaSSL. Oracle released their critical patches for January which addressed 26 vulnerabilities across their product range, and Adobe released their January Bulletins. Two more noteworthy vulnerabilities that were brought to light this week are the Microsoft Excel vulnerability and that of the UPnP vulnerability, both of which are currently being exploited in the wild. Please make sure you are aware of these issues and take precautions to protect against them. It also seems we didn't have to wait until Easter to see a new Storm variation. Being a male I overlooked Valentines Day which is coming up soon, or so my girlfriend tells me. Emails expressing words of love and devotion have been flooding in this week in an attempt to convince the sentimental to visit different URL's and become infected. Be sure to keep your virus definition files up to date and as always have a safe and enjoyable weekend. Regards, Paul