Official website of the Department of Homeland Security
The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Microsoft Releases Security Advisory to Address VBScript Vulnerability
Published Tuesday, March 2, 2010
Microsoft has released a security advisory to address a vulnerability in VBScript. The advisory indicates that this vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. By convincing a user to view a specially crafted HTML document (web page, HTML email, or email attachment) with Internet Explorer and to press the F1 key, an attacker could run arbitrary code with the privileges of the user running the application.
US-CERT encourages users and administrators to do the following to help mitigate the risks:
Adobe Releases a Security Update for Download Manager
Published Wednesday, February 24, 2010
Adobe has released a security bulletin to address a vulnerability in the Adobe Download Manager. This vulnerability could allow an attacker to download and install unauthorized software.
US-CERT encourages users and administrators to review security bulletin APSB10-08 and review the steps to mitigate the issue.
Mozilla Releases Security Advisories
Published Thursday, February 18, 2010
The Mozilla Foundation has released multiple security advisories to address vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or bypass security restrictions.
US-CERT encourages users and administrators to review the Mozilla Foundation security advisories. Firefox users may upgrade to version 3.0.18, 3.5.8, or 3.6 to help mitigate the risks. Thunderbird users should upgrade to version 3.0.2, and SeaMonkey users should upgrade to version 2.0.3 once those updates are released by the vendor.
Pages
This product is provided subject to this Notification and this Privacy & Use policy.