Security Hero Rotating Header Image

May, 2007:

Update for Windows Installer (MSI) – 5/24/2007

Microsoft Security Advisory (927891): Update for Windows Installer (MSI) – 5/24/2007

Revision Note: Advisory updated to change title from “Fix for Windows Installer (MSI)” to “Update for Windows Installer (MSI),” make minor edits, and remove unnecessary FAQ. Advisory Summary:Today we are announcing the availability of an update that does not address a security vulnerability, but is a high priority for customers in keeping their systems updated.

URL: http://www.microsoft.com/technet/security/advisory/927891.mspx

Cisco CallManager Input Validation Vulnerability

Cisco CallManager Input Validation Vulnerability

This is Cisco PSIRT’s response to the statements made by Marc Ruef and Stefan Friedi from scip AG in their message “Cisco CallManager 4.1 Input Validation Vulnerability,” posted on 2007 May 23 at 1600 UTC (GMT).

URL: http://www.cisco.com/en/US/products/products_security_response09186a0080849272.html

Cygate To Distribute Infoblox Core Network Services Appliance Solutions

Cygate To Distribute Infoblox Core Network Services Appliance Solutions

Cygate today announced it has signed an agreement with Infoblox to distribute its appliance solutions that deliver core network services, such as domain name resolution (DNS), IP Address assignment (DHCP) and authentication (RADIUS), among others.

URL: http://feedproxy.google.com/~r/InfobloxNewsFeed/~3/dxlhEupOBYQ/release.cfm

Release of Microsoft Office Isolated Conversion Environment (MOICE) and File Block Functionality for Microsoft Office – 5/21/2007

Microsoft Security Advisory (937696): Release of Microsoft Office Isolated Conversion Environment (MOICE) and File Block Functionality for Microsoft Office – 5/21/2007

Revision Note: Advisory Published: May 21, 2007 Advisory Summary:Security Advisory

URL: http://www.microsoft.com/technet/security/advisory/937696.mspx

Width Unicode Encoding Evasion

HTTP Full-Width and Half-Width Unicode Encoding Evasion

The U.S. Computer Emergency Response Team (US-CERT) has reported a network evasion technique using full-width and half-width unicode characters that affects several Cisco products. The US-CERT advisory is available at the following link: http://www.kb.cert.org/vuls/id/739224

URL: http://www.cisco.com/en/US/products/products_security_response09186a008083f82e.html

OpenSEA Alliance Formed by Leading Vendors to Develop and Distribute Open Source 802.1X Supplicant

OpenSEA Alliance Formed by Leading Vendors to Develop and Distribute Open Source 802.1X Supplicant

Six leading networking and security technology companies, including Infoblox, today announced the formation of the OpenSEA Alliance, a newly formed group dedicated to the development, promotion, and distribution of an open source 802.1X supplicant.

URL: http://feedproxy.google.com/~r/InfobloxNewsFeed/~3/7wf_8gMH5lU/release.cfm

Vulnerability in Microsoft Word Could Allow Remote Code Execution – 5/9/2007

Microsoft Security Advisory (933052): Vulnerability in Microsoft Word Could Allow Remote Code Execution – 5/9/2007

Revision Note: Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS07-024 to address this issue. For more information about this issue, including download links for an available security update, please review MS07-024.

URL: http://www.microsoft.com/technet/security/advisory/933052.mspx

Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution – 5/8/2007

Microsoft Security Advisory (935964): Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution – 5/8/2007

Revision Note: Advisory updated. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS07-029 to address this issue. For more information about this issue, including download links for an available security update, please review MS07-029. The vulnerability addressed is the DNS RPC Management Vulnerability – CVE-2007-1748.

URL: http://www.microsoft.com/technet/security/advisory/935964.mspx

Infoblox Breaks the “White Box Barrier” with New DNS/DHCP Appliance for Branch Office

Infoblox Breaks the White Box Barrier with New DNS/DHCP Appliance for Branch Office

Infoblox Inc. today announced availability of a new appliance, the Infoblox-250, ideally suited for branch/remote office sites – extending the company’s family of “right-sized” appliances for distributed enterprises.

URL: http://feedproxy.google.com/~r/InfobloxNewsFeed/~3/Mo0OidUCTfY/release.cfm

DHCP Relay Agent Vulnerability in Cisco PIX and ASA Appliances

DHCP Relay Agent Vulnerability in Cisco PIX and ASA Appliances

This is a Cisco response to a CERT/CC advisory posted on May 2, 2007, entitled “Cisco ASA fails to properly process DHCP relay packets”.

URL: http://www.cisco.com/en/US/products/products_security_response09186a0080833172.html