The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Lync, Office, and Windows Essentials as part of the Microsoft Security Bulletin Summary for May 2013. These vulnerabilities could allow remote code execution, denial of service, spoofing, information disclosure, or elevation of privilege.
US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.
Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1, and 9.0 for Windows, Macintosh, and UNIX. This hotfix addresses a vulnerability (CVE-2013-1389) that could allow a remote attacker to execute arbitrary code and a vulnerability (CVE-2013-3336) that could permit an unauthorized user to remotely retrieve files stored on the server. There are reports that this vulnerability is being exploited in the wild.
US-CERT recommends that users and administrators review Adobe Security Advisory APSA13-03 and Adobe Security Bulletin APSB13-13 and follow best-practice security policies to determine if their organization is affected and the appropriate response.
Microsoft is investigating public reports of a remote code execution vulnerability in Internet Explorer 8 and is aware of attacks that attempt to exploit this vulnerability. This vulnerability may allow an attacker to execute arbitrary code if a user accesses a specially crafted website. Microsoft is actively working with partners to monitor the threat landscape and take action against these malicious sites that attempt to exploit this vulnerability.
US-CERT encourages users and administrators to review Microsoft Security Advisory 2847140. Please note that the advisory indicates that the workaround does not correct the vulnerability, but it may help mitigate risk against known attack vectors.
US-CERT will provide additional information as it becomes available.