WatchGuard^® Technologies is proud to be nominated by SC Magazine in four of its Best of 2008 categories in the network security marketplace.

• Best Anti-Malware Solution
• Best Intrusion Detection/Prevention Solution
• Best Endpoint Security Solution
• Best Integrated Security Solution

We would like to take this opportunity to thank our reseller community for your commitment and expertise in providing WatchGuard solutions to the marketplace. As the price-performance leader, WatchGuard’s Firebox^® X family of unified threat management (UTM) solutions is unsurpassed in its strong, reliable, multi-layered security with the best ease of use in its class. Please join us in our quest for better recognition and brand awareness by voting for WatchGuard in all four categories today.Please vote now!

More Vulnerabilities Found; More Platforms Affected

Severity: High

26 October, 2007

Update:

On Monday 22 October, we published an alert about a serious vulnerability that affects RealPlayer 10.5 and RealPlayer 11 beta running on Windows. By enticing one of your users to a malicious Web site, an attacker can exploit this vulnerability to execute code on your user’s computer, with your user’s privileges. In the worst case scenario, the attacker could gain total control of the victim’s PC. RealNetworks released a patch to fix that problem. However, it appears that update marked just the beginning of RealNetwork security holes.

Late yesterday, RealNetwork released the second batch of security updates this week, this time fixing six serious vulnerabilities in their media player product line. Here’s what you need to know about the new flaws.

The new flaws affect many more products than the earlier flaw did, including products that run in OS X and Linux. The affected products now include:

• RealPlayer 8, 10, 10.5, 11 for Windows, Mac, and Linux
• RealOne Player v1 and

Severity: Medium

22 October, 2007

Summary:

Yesterday, Adobe released an update to fix critical security vulnerabilities that affect Adobe Reader 8.1 and Adobe Acrobat 8.1 (and all earlier versions) running on Windows XP. By enticing one of your users into opening a specially crafted PDF file, an attacker can exploit the worst of these flaws to gain control of that user’s system. If you use Adobe Reader or Acrobat in your network, you should download, test, and deploy version 8.1.1 as soon as possible.

Exposure:

In a security bulletin released yesterday, Adobe warned of several critical vulnerabilities in Reader 8.1 and Acrobat 8.1 (and all earlier versions) for Windows XP. While their advisory regularly mentions multiple vulnerabilities, they specifically refer to only one issue, which they describe in little detail. Adobe only says that if an attacker can convince a Windows XP user who also has Internet Explorer (IE) 7 into opening a specially crafted PDF file, the attacker can exploit this unspecified flaw to gain control of that user’s computer. Since you can embed PDF files

Severity: High

22 October, 2007

Summary:

Late Friday, RealNetworks released a patch for a critical vulnerability affecting RealPlayer 10.5 and RealPlayer 11 beta running on Windows. By enticing one of your users to a malicious Web site, an attacker can exploit this vulnerability to execute code on your user’s computer, with your user’s privileges. In the worst case scenario, the attacker could gain total control of the victim’s PC. If you allow the use of RealPlayer in your network, have your users upgrade immediately.

Exposure:

RealPlayer and RealOne Player are widely-used software for Internet media delivery. RealOne Player plays virtually every major Internet media format, including Windows Media, Quicktime, MPEG-4, and even DVDs. If you’ve watched streaming videos on the Internet, or listened to music samples while buying CDs online, you’ve probably encountered RealPlayer.

WatchGuard does not recommend using RealPlayer or RealOne Player, partly because both contain automatic communication features which, by default, let RealNetworks and RealNetwork’s “partners” (such as NASCAR and CNN) install software on your client computers. But in reality, many of your users have probably installed one of these products, with or without your

Severity: Medium

19 October, 2007

Summary:

Late yesterday, the Mozilla Foundation released an update to fix ten security vulnerabilities in Firefox 2.0.0.7, for Windows, Linux, and Macintosh. If one of your Firefox users visits a malicious web page, an attacker could exploit the worst of these vulnerabilities to execute code on your user’s computer, with your user’s privileges, possibly gaining complete control of the computer. If you run Firefox on any platform, you should download and deploy version 2.0.0.8 at your earliest convenience.

Exposure:

Yesterday, the Mozilla Foundation released Firefox 2.0.0.8, fixing ten security vulnerabilities in the popular web browser. We summarize the three most critical vulnerabilities below:

• Two memory corruption vulnerabilities. Firefox suffers from two unspecified crash bugs, which corrupt memory. Mozilla presumes that with enough effort some of these memory corruption flaws could be exploited to run arbitrary code. To exploit these flaws, an attacker would first have to trick one of your users into visiting a specially crafted web page. If your user took the bait, the attacker could execute code on that user’s machine, with that user’s privileges. If your