06.10.2010 - Current Activity
This is an archived copy of current activity, if you would like to see the most recent version, please click here.
Adobe Releases Flash 10.1
added June 10, 2010 at 08:00 pm
Adobe has released a Security Bulletin to address vulnerabilities in Adobe Flash Player 10.0.45.2 and earlier versions and in Adobe AIR 1.5.3.9130 and earlier versions. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review Adobe Security Bulletin APSB10-14 and to update to Adobe Flash Player 10.1 to help mitigate the risks.
Microsoft Windows Help and Support Center Vulnerability
added June 10, 2010 at 11:01 am
US-CERT is aware of a vulnerability affecting the Mircosoft Windows Help and Support Center. This vulnerability is due to improper sanitization of hcp:// URIs. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands.
US-CERT encourages users and administrators to review Vulnerability Note VU#578319 and implement the workarounds to help mitigate the risks and reduce attack vectors.
US-CERT will provide additional information as it becomes available.
Google Releases Chrome 5.0.375.70
added June 9, 2010 at 08:11 am
Google has released Chrome 5.0.375.70 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site scripting attacks, bypass security restrictions, or obtain sensitive information.
US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 5.0.375.70 to help mitigate the security risks.
Microsoft Releases June Security Bulletin
added June 8, 2010 at 01:30 pm
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SharePoint, and .NET Framework as part of the Microsoft Security Bulletin Summary for June 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.
US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.
Apple Releases Safari 5.0 and Safari 4.1
added June 8, 2010 at 10:01 am
Apple has released Safari 5.0 and Safari 4.1 for Windows and Mac OS X to address multiple vulnerabilities in ColorSync, Safari, and WebKit. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or conduct cross-site scripting attacks.
US-CERT encourages users and administrators to review Apple article HT4196 and apply any necessary updates to help mitigate the risks.
Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat
added June 5, 2010 at 10:28 am
Adobe has released a security advisory to notify users of a vulnerability in Adobe Flash Player, Reader, and Acrobat. Exploitation of this vulnerability may allow an attacker to execute arbitrary code and take control of the affected system. The advisory indicates that Adobe is aware of active exploitation of this vulnerability.
US-CERT encourages users and administrators to review Adobe security advisory APSA10-01 and apply any necessary workarounds until a fix is released by the vendor.
US-CERT will provide additional information as it becomes available.
Microsoft Releases Advance Notification for June Security Bulletin
added June 4, 2010 at 08:16 am
Microsoft has issued a Security Bulletin Advance Notification, indicating that its June release will contain ten bulletins. Three of these bulletins will have the severity rating of critical and will be for Microsoft Windows and Internet Explorer. The remaining bulletins will have the severity rating of important and will be for Microsoft Windows, Microsoft Office, and Microsoft Sharepoint Services. Release of these bulletins is scheduled for Tuesday, June 8, 2010.
US-CERT will provide additional information as it becomes available.
Cisco Network Building Manager Vulnerabilities
added May 27, 2010 at 07:57 am
Cisco has released a security advisory to address multiple vulnerabilities in Network Building Manager. The advisory indicates that the legacy Richards-Zeta Mediator products are also affected by these vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to operate with escalated privileges or obtain sensitive information.
US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20100526-mediator and apply any necessary updates to help mitigate the risks.
Google Releases Chrome 5.0.375.55
added May 26, 2010 at 08:16 am
Google has released Chrome 5.0.375.55 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to bypass security restrictions, execute script in an unsafe context, or mislead users.
US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 5.0.375.55 to help mitigate the risks.
Apple Releases Updates for Java Mac OS X 10.5 and 10.6
added May 19, 2010 at 08:56 am
Apple has released Java for Mac OS X 10.5 Update 7 and Java for Mac OS X 10.6 Update 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review Apple Article HT4170 and HT4171 and apply any necessary updates to help mitigate the risks.