U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

WordPress.org has released WordPress 3.0.4

WordPress.org has released WordPress 3.0.4 to address a vulnerability in the HTML sanitation library. Exploitation of this vulnerability may allow an attacker to insert arbitrary HTML and script code into the browser session.

US-CERT encourages users and administrators to review the WordPress.org blog entry and apply any necessary updates to help mitigate the risks.

Microsoft WMI Administrative Tool ActiveX Control Vulnerability

US-CERT is aware of a vulnerability affecting the WBEMSingleView.ocx ActiveX control. This control is part of the Microsoft WMI Administrative Tools package. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to set the kill bit for CLSID 2745E5F5-D234-11D0-847A00C04FD7BB08 to help mitigate the risks until a fix is available from the vendor. Information on how to set a kill bit can be found in Microsoft knowledgebase article KB240797. Users and administrators are also encouraged to implement best security practices defined in the Securing Your Web Browser document to reduce the risk of this and similar vulnerabilities. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#725596.

Microsoft Releases Blog Entry Regarding Recent Outlook 2007 Update

The Microsoft Outlook product team has posted a blog entry to inform users of several issues related to the Outlook 2007 update (KB2412171) that was released on December 14. The product team has identified these issues as:

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top