The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Microsoft has issued a Security Bulletin Advance Notification indicating that its December 2013 release will contain 11 bulletins. These bulletins will have severity ratings of critical and important and will be for Microsoft Windows, Microsoft Office, Microsoft Lync, Internet Explorer, Microsoft Exchange, Microsoft Server Software, and Microsoft Developer Tools. These bulletins are scheduled for release on December 10, 2013.
US-CERT will provide more information as it becomes available.
Microsoft has released Security Advisory 2914486 to address a vulnerability in a kernel component of Windows XP and Windows Server 2003. This vulnerability could allow an attacker to obtain elevation of privilege and then execute arbitrary code. Microsoft is aware of limited, targeted attacks that attempt to exploit this vulnerability in the wild.
US-CERT encourages users and administrators to review Microsoft Security Advisory 2914486. Please note that the advisory indicates that the workaround does not correct the vulnerability, but it may help mitigate risk against known attack vectors.
US-CERT will provide additional information as it becomes available.
As the winter holidays approach, US-CERT reminds users to stay aware of seasonal scams and cyber campaigns, which may include:
- electronic greeting cards that may contain malware
- requests for charitable contributions that may be phishing scams and may originate from illegitimate sources claiming to be charities
- screensavers or other forms of media that may contain malware
- credit card applications that may be phishing scams or identity theft attempts
- online shopping advertisements that may be phishing scams or identity theft attempts from bogus retailers
- shipping notifications that may be phishing scams or may contain malware
US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns: