Mailing Lists & Feeds
Current Activity Calendar
| December 06, 2006 - Current ActivityThis is an archived copy of current activity, if you would like to see the most recent version, please click here.Active Exploitation of a Vulnerability in Microsoft Wordadded December 6, 2006 | updated December 6, 2006US-CERT is aware of reports of active exploitation of a new vulnerability in Microsoft Word. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the user running Word. More information about this vulnerability can be found in the following:
US-CERT recommends that users to take the following actions to mitigate the security risks:
Additionally, US-CERT strongly encourages users not to open unfamiliar or unexpected email attachments, even if sent by a known and trusted source. Users may wish to read Cyber Security Tip ST04-010 for more information on working with email attachments. US-CERT will continue to investigate this vulnerability and provide additional information as it becomes available. Adobe Reader and Acrobat ActiveX Vulnerabilitiesadded November 29, 2006 | updated November 30, 2006US-CERT is aware of a report of multiple vulnerabilities that affect the ActiveX control for Adobe Reader and Acrobat. More information about these vulnerabilities can be found in the following:
Until an official update, patch, or more information becomes available, we recommend the following actions to help mitigate the security risks:
Apple Releases Security Update for Multiple Vulnerabilitiesadded November 29, 2006Apple has released Security Update 2006-007 to correct multiple vulnerabilities in Mac OS X and related products. More information about the vulnerabilities can be found in these Vulnerability Notes and Technical Cyber Security Alert TA06-333A. US-CERT encourages users to apply the appropriate updates as soon as possible. US-CERT will continue to investigate these vulnerabilities and provide additional information as it becomes available. Google Search Appliance Vulnerable to Cross-site Scriptingadded November 29, 2006US-CERT is aware of a cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini devices. Specifically, the flaw exists in the way that Google Search Appliance and Google Mini devices handle UTF-7 (Unicode Transformation Format) encoded URIs (Uniform Resource Identifier). Until an official update, patch, or more information becomes available, we recommend the following actions to help mitigate the security risks:
New Spybot Worm Targets Old Symantec Vulnerabilityadded November 28, 2006 | updated November 29, 2006Symantec has confirmed reports of a new worm attempting to exploit previously patched flaws in Microsoft Windows and Symantec Client Security and Antivirus Corporate Edition. The worm, named W32.Spybot.ACYR, spreads through Internet Relay Chat (IRC) channels and to network shares with weak passwords. Successful exploitation could allow a remote unauthenticated attacker to execute arbitrary code with SYSTEM privileges. According to Symantec in its Security Response Weblog, the impact of the attack is minimal thus far. Symantec further states that customers who have applied the patch are not susceptible to this new attack. More information about the vulnerabilities in the Symantec products can be found in the following:
US-CERT recommends that users to take the following actions to mitigate the security risks:
US-CERT will continue to investigate and provide additional information as it becomes available. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Information For
Sign Up
Reporting
DHS Threat Advisory
The threat level in the airline sector is High or Orange. Read more
Get Adobe Reader