Home PSEPC Daily Brief DOB06-004

Daily Brief

The PSEPC Daily Brief is a compilation of summaries of publicly available and PSEPC information concerning critical infrastructure protection and emergency management.

DOB06-004 - 6 January 2006

News

CCIRC releases Update to Advisory AV05-038: Microsoft Windows WMF Handling (0-day) Vulnerability
On January 6, the Canadian Cyber Incident Response Centre (CCIRC) released Update to Advisory AV05-038 to draw attention to a Microsoft update, which addresses the vulnerability related to Windows Meta File (WMF). Microsoft originally planned to release the update on 10 January 2006 as part of its regular monthly release of security bulletins, once testing for quality and application compatibility was complete. However, testing was completed earlier than anticipated and the update is ready for release. Microsoft customers who are using Windows Server Update Services will receive the update automatically.
(Source: Public Safety and Emergency Preparedness Canada, 6 January 2006)
Source article

CCIRC provides recent alerts and advisories on their website under Recent analytical releases.

CCIRC releases Advisory AV06-001: Denial-of-Service vulnerabilities related to the Research in Motion BlackBerry
On January 5, the Canadian Cyber Incident Response Centre (CCIRC) released Advisory AV06-001 to draw attention to three denial-of-service vulnerabilities related to the Research in Motion (RIM) BlackBerry:

• The RIM BlackBerry Enterprise Server Attachment Service contains a vulnerability in the way the service handles TIFF files
• The RIM BlackBerry Handheld web browser is vulnerable to a denial-of-service via a specially crafted Java Application Description (JAD) file
• The RIM BlackBerry Router contains a vulnerability in the way the router handles Server Routing Protocol (SRP) packets

(Source: Public Safety and Emergency Preparedness Canada, 5 January 2006)
Source article

In brief

Avian Influenza: Update
The Ministry of Health in Turkey has confirmed its first two cases of human infection with avian influenza caused by the H5 virus subtype. Initial information suggests that the victims, who died from the illness, contracted the virus following close contact with chickens. These are the first confirmed cases of human avian influenza infection outside of East Asia.

Since 2003, the World Health Organization has confirmed that a total of 76 people have died due to infection from the H5N1 avian influenza strain.
(Source: World Health Organization , 5 January 2006)
Source article
Source article

Tropical Storm Zeta: Update
As of January 6 at 11:00 AST, the centre of Tropical Storm Zeta was located approximately 1,475 kilometres east-northeast of the northern Leeward Islands, moving toward the west. The storm is expected to continue toward the west or northwest during the next 24 hours.
(Source: National Weather Service , 5 January 2006)
Source article

Cyber risk assessment

Over the course of the past 24 hours, the Canadian Cyber Incident Response Centre (CCIRC) has not detected any significant new threats or vulnerabilities. However, CCIRC released Advisory AV06-001 on 5 January 2006 to bring attention to three denial of service vulnerabilities related to the Research in Motion BlackBerry.

Microsoft has released Security Bulletin MS06-001- Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919). Refer to AV05-038, which was updated on 5 January 2006, for additional information.

No significant incidents with the potential to affect critical infrastructure have been reported. Accordingly, based on the information available to CCIRC, the cyber risk facing Canadian critical infrastructure is assessed as low. Personnel responsible for information, systems and network security should continue to apply appropriate security precautions and monitor their systems.

Recent cyber alerts and advisories issued by CCIRC can be viewed under “Recent analytical releases” at www.psepc.gc.ca/ccirc.

See also...

• The Weather Office
• FAC - Travel Updates

Note to readers

Public Safety and Emergency Preparedness Canada (PSEPC) collects information related to cyber and physical threats to, and incidents involving, Canadian critical infrastructure. This allows us to monitor and analyze threats and to issue alerts, advisories and other information products.

Any suspected criminal activity should be reported to local law enforcement organizations. The Royal Canadian Mounted Police (RCMP) National Operations Centre (NOC) provides a 24/7 service to receive such reports or to redirect callers to local law enforcement organizations. The NOC can be reached at (613) 993-4460. National security concerns should be reported to the Canadian Security Intelligence Service (CSIS) at (613) 993-9620.

Links to sites not under the control of the Government of Canada (GoC) are provided solely for the convenience of users. The GoC is not responsible for the accuracy, currency or the reliability of the content. The GoC does not offer any guarantee in that regard and is not responsible for the information found through these links, nor does it endorse the sites and their content.

Some hyperlinks in the PSEPC Daily Brief direct users to sites of organizations or other entities that are not subject to the Official Languages Act. Users should be aware that these sources are only available in the language in which they are written.