08.13.2010 - Current Activity
This is an archived copy of current activity, if you would like to see the most recent version, please click here.
Cisco IOS Software Vulnerability
added August 13, 2010 at 08:22 am
Cisco has released a security advisory to address a vulnerability affecting IOS Software Release 1.5.1(2)T. This vulnerability may allow an attacker to cause a denial-of-service condition by sending a specially crafted packet through normal network traffic.
US-CERT encourages users and administrators to review Cisco advisory cisco-sa-20100812-tcp and apply any necessary updates to help mitigate the risks.
Apple Releases QuickTime 7.6.7
added August 13, 2010 at 08:08 am
Apple has released QuickTime 7.6.7 for Windows to address a vulnerability. This vulnerability is due to a stack buffer overflow that exists in QuickTime error logging. By convincing a user to open a specially crafted movie file, a remote attacker may be able to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review Apple article HT4290 and update to QuickTime 7.6.7 to help mitigate the risks.
Apple Releases Updates for iPhone, iPod touch, and iPad
added August 11, 2010 at 04:16 pm
Apple has released iOS 4.0.2 for the iPhone and iPod touch and iOS 3.2.2 for the iPad to address vulnerabilities in the FreeType and IOSurface packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or gain system privileges.
iPhone and iPod touch users are encouraged to review Apple article HT4291 and upgrade to iOS 4.0.2. iPad users are encouraged to review Apple article HT4292 and upgrade to iOS 3.2.2. Additional information regarding the vulnerability affecting the FreeType package can be found in US-CERT Vulnerability Note VU#275247.
Adobe Releases Security Update for Flash Player
added August 11, 2010 at 08:42 am
Adobe has released Flash Player 10.1.82.76 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. This vulnerability also affects Adobe Air 2.0.2.12310 and earlier versions.
US-CERT encourages users and administrators to review Adobe Security Bulletin APSB10-16 and apply any necessary updates to help mitigate the risks. Additional information can be found in the US-CERT Vulnerability Note VU#660993.
Google Releases Chrome 5.0.375.126
added August 11, 2010 at 08:12 am
Google has released Chrome 5.0.375.126 for Linux, Mac, and Windows. Chrome 5.0.375.126 contains an updated version of the Flash plugin which addresses multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.
Microsoft Releases August Security Bulletin
added August 10, 2010 at 01:25 pm
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, and Silverlight as part of the Microsoft Security Bulletin Summary for August 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.
US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.
Foxit Releases Foxit Reader 4.1.1.0805
added August 6, 2010 at 10:31 am
Foxit has released Foxit Reader 4.1.1.0805 to address a vulnerability associated with the improper rendering of PDF documents. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review the security release notes for Foxit Reader 4.1.1.0805 and apply any necessary updates to help mitigate the risks. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#275247.
US-CERT will provide additional information as it becomes available.
Microsoft Releases Advance Notification for August Security Bulletin
added August 5, 2010 at 01:39 pm
Microsoft has issued a Security Bulletin Advance Notification indicating that its August release will contain 14 bulletins. Eight bulletins will have the severity rating of critical and will be for Microsoft Windows, Internet Explorer, Office, and Silverlight. The remaining six bulletins will have the severity rating of important and will be for Microsoft Windows and Office. Release of these bulletins is scheduled for Tuesday, August 10, 2010.
US-CERT will provide additional information as it becomes available.
Cisco Releases Security Advisory for Firewall Services Module
added August 5, 2010 at 08:30 am
Cisco has released a security advisory to address multiple vulnerabilities in the Cisco Firewall Services Module. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition.
US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20100804-fwsm and apply any necessary updates to help mitigate the risks.
Microsoft Releases Out-of-Band Security Bulletin to Address Shortcut Vulnerability
added August 2, 2010 at 01:55 pm
Microsoft has released security bulletin MS10-046 to address a critical vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for shortcut files. By convincing a user to display a specially crafted shortcut file, a remote attacker may be able to execute arbitrary code.
US-CERT strongly encourages users and administrators to review Microsoft security bulletin MS10-046 and apply any necessary updates to mitigate the risks.
Additional information regarding this vulnerability can be found in the following:
- Microsoft Security Bulletin MS10-046
- Microsoft Security Advisory 2286198
- US-CERT Current Activity Entry "Microsoft Windows .LNK Vulnerability"
- US-CERT Vulnerability Note VU#940193