2 min read

Exploit Code Surfaces For Microsoft Works Vulnerability

Security officials also warn about potential software flaws in applications from Adobe, Cisco, Mozilla's Firefox, and some IP phones.
With both Microsoft and Apple releasing security updates this week, you might be tempted to feel more secure in your computing. Try to resist the temptation.

On Friday, US-CERT warned of the existence of publicly available exploit code for the MS08-011 vulnerability that affects Microsoft Works. Microsoft offered a patch for this hole on Tuesday -- "Black Tuesday," as SANS Internet Storm Center researcher Swa Frantzen calls it; hopefully you've installed the patch already.

On Thursday, US-CERT warned of a buffer overflow vulnerability affecting Linux kernels 2.6.17 to An upgrade to Linux kernel version is recommended. The same day, Adobe released Flash Media Server 2.0.5 to address several vulnerabilities.

Cisco on Wednesday issued a security advisory for its Cisco Unified IP Phone models that describes multiple vulnerabilities.

The SANS Internet Storm Center warns: "If you cannot immediately update your IP phones (please, do it ASAP!), disable the unused affected services on all your phones (what practically means disabling almost all ways of remotely managing the device: HTTP, SSH, Telnet...) or/and filter remote access to them using ACLs." Doing a duck-and-cover dive under the desk is optional.

Cisco said there are workarounds for some of the problems and the company has issued some software fixes.

A week after Mozilla issued the Firefox security update, a message sent to the Full Disclosure security mailing lists claims there's a new IFRAME buffer overflow vulnerability in Firefox.

Finally, if you haven't applied the Adobe Reader to 8.1.2 update issued last week, now's the time. Trend Micro reports that the hole has been actively exploited for several weeks.