There are multiple vulnerabilities in Microsoft Windows and Microsoft Developer Tools and Software. Microsoft has released updates to address these vulnerabilities.
Install updates
The updates to address these vulnerabilities are available on the Microsoft Update site (requires Internet Explorer). We recommend enabling automatic updates.
The Microsoft Security Bulletin Summary for January 2012 describes multiple vulnerabilities in Microsoft Windows. Microsoft has released updates to address the vulnerabilities.
- Microsoft Security Bulletin Summary for January 2012 - <http://technet.microsoft.com/en-us/security/bulletin/ms12-jan>
- Microsoft Update - <https://www.update.microsoft.com/>
- Microsoft Update Overview - <http://www.microsoft.com/security/updates/mu.aspx>
- Managing Automatic Updates - <http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off>
Feedback can be directed to US-CERT.
Produced 2012 by US-CERT, a government organization. Terms of use
January 10, 2012: Initial release
Many different wireless access point models are affected.
Wireless access points with a feature called "Wi-Fi Protected Setup" (or WPS) could allow an attacker to gain access to your wireless network.
Update Firmware
Check your access point vendor's support web site for updated firmware that addresses this vulnerability.
Disable WPS
Depending on the model, you may be able to disable WPS on your access point using the web management site. Note that some access points do not actually disable WPS even though it appears to be disabled in the web management site.
Wireless access points with a feature called "Wi-Fi Protected Setup" (or WPS) have a vulnerability that could allow an attacker to guess your access point's WPS Personal Identification Number (PIN) in a reasonable amount of time.
Software that performs this attack is freely available. An attacker would need to be within range of your wireless network for several hours or more to conduct the attack.
With the WPS PIN, the attacker could gain access to your wireless network. The attacker then may be able to observe your network traffic and mount further attacks.
- Vulnerability Note VU#723755 - <http://www.kb.cert.org/vuls/id/723755>
- Wi-Fi Protected Setup PIN brute force vulnerability - <http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/>
- Cracking WiFi Protected Setup with Reaver - <http://www.tacnetsol.com/news/2011/12/28/cracking-wifi-protected-setup-with-reaver.html>
Feedback can be directed to US-CERT.
Produced 2012 by US-CERT, a government organization. Terms of use
January 06, 2012: Initial release
Adobe has released Security Bulletin APSB11-30, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.
Update Reader
Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB11-30 and update vulnerable versions of Adobe Reader and Acrobat.
Do not access PDF files from untrusted sources
Do not open unfamiliar or unexpected PDF files, particularly those hosted on websites or delivered as email attachments. Please see Cyber Security Tip ST04-010.
Adobe Security Bulletin APSB11-30 and Adobe Security Advisory APSA11-04 describe a number of vulnerabilities affecting Adobe Reader and Acrobat. These vulnerabilities affect Reader and Acrobat 9.4.6 and earlier 9.x versions. These vulnerabilities also affect Reader X and Acrobat X 10.1.1 and earlier 10.x versions.
An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in, which can automatically open PDF documents hosted on a website, is available for multiple web browsers and operating systems.
Adobe Reader X and Adobe Acrobat X will be patched in the next quarterly update scheduled for January 10, 2012.
Additional details for the U3D memory corruption vulnerability can be found in US-CERT Vulnerability Note VU#759307.
- Security update available for Adobe Reader and Acrobat - <https://www.adobe.com/support/security/bulletins/apsb11-30.html>
- Adobe Acrobat and Reader U3D memory corruption vulnerability - <http://www.kb.cert.org/vuls/id/759307>
- Security Advisory for Adobe Reader and Acrobat - <https://www.adobe.com/support/security/advisories/apsa11-04.html>
Feedback can be directed to US-CERT.
Produced 2011 by US-CERT, a government organization. Terms of use
December 16, 2011: Initial release
There are multiple vulnerabilities in Microsoft Windows, Office, and Internet Explorer. Microsoft has released updates to address these vulnerabilities.
Install updates
The updates to address these vulnerabilities are available on the Microsoft Update site (requires Internet Explorer). We recommend enabling automatic updates.
The Microsoft Security Bulletin Summary for December 2011 describes multiple vulnerabilities in Microsoft Windows. Microsoft has released updates to address the vulnerabilities.
- Microsoft Security Bulletin Summary for December 2011 - <https://technet.microsoft.com/en-us/security/bulletin/ms11-dec>
- Microsoft Update - <https://www.update.microsoft.com/>
- Microsoft Update Overview - <http://www.microsoft.com/security/updates/mu.aspx>
- Managing Automatic Updates - <http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off>
Feedback can be directed to US-CERT.
Produced 2011 by US-CERT, a government organization. Terms of use
December 13, 2011: Initial release
There are multiple vulnerabilities in Microsoft Windows. Microsoft has released updates to address these vulnerabilities.
Install updates
The updates to address these vulnerabilities are available on the Microsoft Update site (requires Internet Explorer). We recommend enabling Automatic Updates.
The Microsoft Security Bulletin Summary for November 2011 describes multiple vulnerabilities in Microsoft Windows. Microsoft has released updates to address the vulnerabilities.
- Microsoft Security Bulletin Summary for November 2011 - <http://technet.microsoft.com/en-us/security/bulletin/ms11-nov>
- Microsoft Update - <https://www.update.microsoft.com/>
- Microsoft Update Overview - <http://www.microsoft.com/security/updates/mu.aspx>
- Managing Automatic Updates - <http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off>
Feedback can be directed to US-CERT.
Produced 2011 by US-CERT, a government organization. Terms of use
November 08, 2011: Initial release
There are multiple vulnerabilities in Mac OS X 10.6.8, 10.7, and 10.7.1 and Mac OS X Server 10.6.8, 10.7, and 10.7.1. Apple has released updates to address these vulnerabilities.
Install updates
The updates to address these vulnerabilities are available through the Mac OS X Software Update feature. Apple support article Mac OS X: Updating your software describes how to install these updates.
The Apple Security Advisory for OS X Lion v10.7.2 and Security Update 2011-006 describes multiple vulnerabilities in Mac OS X and Mac OS X Server. Apple has released updates to address these vulnerabilities.
- OS X Lion v10.7.2 and Security Update 2011-006 - <http://support.apple.com/kb/HT5002>
- Mac OS X: Updating your software - <http://support.apple.com/kb/HT1338>
Feedback can be directed to US-CERT.
Produced 2011 by US-CERT, a government organization. Terms of use
October 13, 2011: Initial release
There are multiple vulnerabilities in Microsoft Windows, .NET Framework, Silverlight, Internet Explorer, Forefront Unified Access Gateway, and Host Integration Server. Microsoft has released updates to address these vulnerabilities.
Install updates
The updates to address these vulnerabilities are available on the Microsoft Update site (requires Internet Explorer). We recommend enabling Automatic Updates.
The Microsoft Security Bulletin Summary for October 2011 describes multiple vulnerabilities in Microsoft Windows, .NET Framework, Silverlight, Internet Explorer, Forefront Unified Access Gateway, and Host Integration Server. Microsoft has released updates to address the vulnerabilities.
- Microsoft Security Bulletin Summary for October 2011 - <http://technet.microsoft.com/en-us/security/bulletin/ms11-oct>
- Microsoft Update - <https://www.update.microsoft.com/>
- Microsoft Update Overview - <http://www.microsoft.com/security/updates/mu.aspx>
- Managing Automatic Updates - <http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off>
Feedback can be directed to US-CERT.
Produced 2011 by US-CERT, a government organization. Terms of use
October 11, 2011: Initial release
There are multiple vulnerabilities in Microsoft Windows, Microsoft Server Software, and Microsoft Office. Microsoft has released updates to address these vulnerabilities.
Install updates
The updates to address these vulnerabilities are available on the Microsoft Update site (requires Internet Explorer). We recommend enabling Automatic Updates.
The Microsoft Security Bulletin Summary for September 2011 describes multiple vulnerabilities in Microsoft Windows, Microsoft Server Software, and Microsoft Office. Microsoft has released updates to address the vulnerabilities.
- Microsoft Security Bulletin Summary for September 2011 - <http://technet.microsoft.com/en-us/security/bulletin/ms11-sep>
- Microsoft Update - <https://www.update.microsoft.com/>
- Microsoft Update Overview - <http://www.microsoft.com/security/updates/mu.aspx>
- Managing Automatic Updates - <http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off>
Feedback can be directed to US-CERT.
Produced 2011 by US-CERT, a government organization. Terms of use
September 13, 2011: Initial release
There are multiple vulnerabilities in Adobe Shockwave Player, Flash Media Server, Flash Player, Photoshop CS5, and RoboHelp. Adobe has released updates to address these vulnerabilities.
Users of these Adobe products should review the relevant Adobe security bulletins and follow the recommendations in the "Solution" section.
APSB11-19: Security update available for Adobe Shockwave Player
APSB11-20: Security update available for Adobe Flash Media Server
APSB11-21: Security update available for Adobe Flash Player
APSB11-22: Security update available for Adobe Photoshop CS5
Adobe security bulletins APSB11-19, APSB11-20, APSB11-21, APSB11-22, and APSB11-23 describe multiple vulnerabilities in Adobe Shockwave Player, Flash Media Server, Flash Player, Photoshop CS5, and RoboHelp. An attacker may use these vulnerabilities to run malicious code or cause a denial of service on an affected system. Adobe has released updates to address these vulnerabilities.
- Security update available for Adobe Shockwave Player - <http://www.adobe.com/support/security/bulletins/apsb11-19.html>
- Security update available for Adobe Flash Media Server - <http://www.adobe.com/support/security/bulletins/apsb11-20.html>
- Security update available for Adobe Flash Player - <http://www.adobe.com/support/security/bulletins/apsb11-21.html>
- Security update available for Adobe Photoshop CS5 - <http://www.adobe.com/support/security/bulletins/apsb11-22.html>
- Security updates available for RoboHelp - <http://www.adobe.com/support/security/bulletins/apsb11-23.html>
Feedback can be directed to US-CERT.
Produced 2011 by US-CERT, a government organization. Terms of use
August 10, 2011: Initial release
There are multiple vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET Framework, and Microsoft Developer Tools. Microsoft has released updates to address these vulnerabilities.
Install updates
The updates to address these vulnerabilities are available on the Microsoft Update site (requires Internet Explorer). We recommend enabling Automatic Updates.
The Microsoft Security Bulletin Summary for August 2011 describes multiple vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET Framework, and Microsoft Developer Tools. Microsoft has released updates to address these vulnerabilities, which may allow an attacker to gain control of your computer or cause it to crash.
- Microsoft Security Bulletin Summary for August 2011 - <http://www.microsoft.com/technet/security/bulletin/ms11-aug.mspx>
- Microsoft Update - <https://www.update.microsoft.com/>
- Microsoft Update Overview - <http://www.microsoft.com/security/updates/mu.aspx>
- Managing Automatic Updates - <http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off>
Feedback can be directed to US-CERT.
Produced 2011 by US-CERT, a government organization. Terms of use
August 09, 2011: Initial release