2010-02-09T15:13:28-05:00 US-CERT info@us-cert.gov http://www.us-cert.gov http://www.us-cert.gov/ The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT. Copyright 2010 Carnegie Mellon University http://www.us-cert.gov/current/index.html#microsoft_releases_february_security_bulletin2 2010-02-09T15:13:28-05:00 2010-02-09T15:13:28-05:00 Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for <a href="http://www.microsoft.com/technet/security/bulletin/ms10-feb.mspx" target="_self">February 2010</a>. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.<br><br>US-CERT encourages users and administrators to review the <a href="http://www.microsoft.com/technet/security/bulletin/ms10-feb.mspx" target="_self">bulletins</a> and follow best-practice security policies to determine which updates should be applied.<br> http://www.us-cert.gov/current/index.html#oracle_releases_security_alert_for 2010-02-07T13:26:28-05:00 2010-02-07T13:26:28-05:00 Oracle has released a <a href="http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html" target="_self">security alert</a> to address a vulnerability in Oracle WebLogic Server. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands on an affected system.<br><br>US-CERT encourages users and administrators to review the Oracle <a href="http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html" target="_self">security alert</a> and apply any necessary updates to help mitigate the risks.<br> http://www.us-cert.gov/current/index.html#microsoft_releases_advance_notification_for31 2010-02-04T14:26:24-05:00 2010-02-04T14:26:24-05:00 <font><font face="arial" size="2">Microsoft has issued a </font></font><a href="http://www.microsoft.com/technet/security/bulletin/ms10-feb.mspx" target="_self">Security Bulletin Advance Notification</a><font><font face="arial" size="2">, indicating that its February release cycle will contain 13 bulletins. Five of them will have a severity rating of Critical and will be for Microsoft Windows. The remaining eight bulletins have an Important rating and are for Microsoft Windows and Microsoft Office. Release of these bulletins is scheduled for Tuesday, February 9, 2010.<br><br>US-CERT will provide additional information as it becomes available.<br></font></font> http://www.us-cert.gov/current/index.html#apple_releases_iphone_os_32 2010-02-04T08:09:32-05:00 2010-02-04T08:09:32-05:00 Apple has released iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod touch to address vulnerabilities in the CoreAudio, ImageIO, Recovery Mode and WebKit packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.<br><br>US-CERT encourages users and administrators to review Apple article <a href="http://support.apple.com/kb/HT4013" target="_self">HT4013</a> and apply any necessary updates to help mitigate the risks.<br> http://www.us-cert.gov/current/index.html#microsoft_releases_security_advisory_980088 2010-02-03T20:39:48-05:00 2010-02-03T20:39:48-05:00 Microsoft has released Security Advisory <a href="http://www.microsoft.com/technet/security/advisory/980088.mspx" target="_self">980088</a> to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to harvest user credentials and other sensitive information by enticing users to visit a maliciously crafted web page.<br><br>US-CERT encourages users and administrators to review Microsoft Security Advisory <a href="http://www.microsoft.com/technet/security/advisory/980088.mspx" target="_self">980088</a> and apply the suggested workarounds of running Internet Explorer in Protected Mode and setting the Internet zone security setting to High to mitigate the risk of unwanted information disclosure.<br> http://www.us-cert.gov/current/index.html#cisco_releases_security_advisory_for16 2010-01-28T08:08:12-05:00 2010-01-28T08:08:12-05:00 Cisco has released a <a href="http://www.cisco.com/warp/public/707/cisco-sa-20100127-mp.shtml" target="_self">security advisory</a> to address multiple vulnerabilities in Unified MeetingPlace. These vulnerabilities may allow a remote, unauthenticated attacker to obtain sensitive information, manipulate configuration data, create unauthorized accounts, operate with elevated privileges or cause a denial-of-service condition.<br><br>US-CERT encourages users and administrators to review Cisco security advisory <a href="http://www.cisco.com/warp/public/707/cisco-sa-20100127-mp.shtml" target="_self">cisco-sa-20100127-mp</a> and apply any necessary updates to help mitigate the risks.<br> http://www.us-cert.gov/current/index.html#google_releases_chrome_4_0 2010-01-26T08:26:02-05:00 2010-01-26T08:26:02-05:00 Google has released Chrome 4.0.249.78 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, or cause a denial-of-service condition.<br><br>US-CERT encourages users and administrators to review the Google Chrome Releases <a href="http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" target="_self">blog entry</a> and update to Chrome 4.0.249.78 for Windows to help mitigate the risks.<br> http://www.us-cert.gov/current/index.html#realnetworks_inc_releases_updates_to 2010-01-22T08:36:01-05:00 2010-01-22T08:36:01-05:00 RealNetworks, Inc. has released updates to address multiple vulnerabilities in several versions of RealPlayer for Windows, Mac, and Linux and several versions of the Helix Player for Linux. These vulnerabilities may allow an attacker to execute arbitrary code.<br><br>US-CERT encourages users and administrators to review the RealNetworks, Inc. <a href="http://service.real.com/realplayer/security/01192010_player/en/" target="_self">advisory</a> and apply any necessary updates to help mitigate the risks.<br> http://www.us-cert.gov/current/index.html#microsoft_releases_cumulative_security_update 2010-01-21T13:57:33-05:00 2010-01-21T13:57:33-05:00 Microsoft has released Security Bulletin <a href="http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx" target="_self">MS10-002</a> as a Cumulative Security Update for Internet Explorer. This update addresses multiple vulnerabilities that when exploited, may allow an attacker to execute arbitrary code.<br><br>US-CERT encourages users and administrators to review Microsoft Security Bulletin <a href="http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx" target="_self">MS10-002</a> and apply any necessary updates to help mitigate the risks.<br> http://www.us-cert.gov/current/index.html#apple_releases_security_update_2010 2010-01-20T08:52:17-05:00 2010-01-20T08:52:17-05:00 Apple has released Security Update 2010-001 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.<br><br>US-CERT encourages users and administrators to review Apple article <a href="http://support.apple.com/kb/HT4004" target="_self">HT4004</a> and apply any necessary updates to help mitigate the risks.