The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Microsoft has issued a Security Bulletin Advance Notification indicating that it will be releasing an out-of-band security bulletin to address a vulnerability affecting Windows. The Microsoft SharePoint Team blog indicates that this bulletin will address the recently reported vulnerability in ASP.NET. Exploitation of this vulnerability may allow an attacker to obtain sensitive information or tamper with data. Release of this bulletin is scheduled for September 28, 2010.
US-CERT encourages users and administrators to review the Microsoft Security Bulletin Advance Notification, the SharePoint Team blog entry, and Microsoft Security Advisory 2416728 for additional information regarding this vulnerability.
OpenX has released a security update to address a vulnerability in the 2.8 downloadable version of OpenX. Exploitation of this vulnerability may allow an attacker to compromise the integrity of the server running OpenX.
US-CERT encourages users and administrators to review the OpenX "Security Update" blog entry and upgrade to OpenX 6.8.7 to help mitigate the risks. OpenX users are also encouraged to review the "How to Secure your OpenX Installation" blog entry on how to further secure the OpenX installation.
Cisco has released six security advisories to address vulnerabilities affecting the Cisco IOS Software and the Cisco Unified Communications Manager. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition.
US-CERT encourages users and administrators to review the following Cisco security advisories and apply any necessary updates to help mitigate the risks.