Vulnerabilities in Microsoft Active Template Library (ATL)
The Industry Consortium for Advancement of Security on the Internet (ICASI) is releasing this alert to provide guidance on issues that have been raised regarding vulnerabilities in Microsoft’s Active Template Library (ATL). These vulnerabilities could result in information disclosure or remote code execution attacks for controls and components built using vulnerable versions of the ATL.
Updated Conficker Malware Threat
ICASI is releasing this alert to provide guidance on issues that have been raised regarding the behavior of the Conficker malware threat. Historically, once botnets reach a sufficient size, their purposes tend to evolve and change organically to meet the needs of the owners. This trend is likely to also occur with Conficker, and many supporting indications have already been observed.
Conficker Malware Threat
ICASI is releasing this alert to provide clarity and guidance on issues that have been raised regarding the change to Conficker malware. This alert provides a consolidated view and information from ICASI member companies.
The Conficker worm has grown to be a large active botnet. At this time Conficker affects a variety of Windows operating system platforms, including Windows 2000, XP, Vista, and Server 2003. While systems which did not apply the Microsoft update MS08-067 were initially compromised through this vulnerability, the majority of current infections are occurring via open fileshares, weak passwords, shared USB devices, and social engineering efforts that trick users into installing this malicious code.
Wi-Fi Protected Access (WPA) Encryption Vulnerability
ICASI is aware of reports that describe a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks. The documented issue affects encryption solutions that implement WPA-TKIP and allows an attacker to inject network traffic between an access point and a client if multimedia extensions are used. Encryption solutions that implement Advanced Encryption Standard (AES) are not affected by this issue.
ICASI Members Release Domain Name System (DNS) Advisories
ICASI is aware of an industry-wide vulnerability regarding the Domain Name System (DNS). ICASI members have released advisories for their affected products, and ICASI encourages customers to review those advisories and deploy any necessary updates or mitigations in a timely manner. For more information on our members' products, or to report potential security vulnerabilities, please refer to the respective member company URLs in the Contact Us section of this site. This vulnerability was coordinated by the United States Computer Emergency Readiness Team (US-CERT). For additional information, go to www.kb.cert.org/vuls/.
Transport Layer Security (TLS) Man-In-The-Middle (MITM) Vulnerability CVE-2009-3555
ICASI is releasing this alert to provide guidance on a protocol-level design flaw allows for an attacker to perform a man-in-the-middle (MITM) attack on sessions protected by Transport Layer Security (TLS) and Secure Sockets Layer (SSL). This vulnerability could allow an attacker who is able to successfully leverage a MITM attack to prepend data to an SSL/TLS-protected session. It does not allow the attacker to read, decrypt, or alter encrypted traffic between client and server.