U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Microsoft Releases Security Advisory

Microsoft has released a security advisory indicating that it is aware of a remote attack vector for a class of vulnerabilities related to how applications load external dynamic link libraries (DLLs). If an application does not securely load DLL files, an attacker may be able to cause the application to load an arbitrary library. By convincing a user to open a file from a location that is under an attacker's control, such as a USB drive or network share, a remote attacker may be able exploit this vulnerability. Exploitation of this vulnerability may result in the execution of arbitrary code or elevation of privileges.

At this time, US-CERT is aware of reports of publicly available exploit code for this vulnerability.

VideoLAN Releases a Security Advisory for VLC Media Player

VideoLAN has released a security advisory to address a vulnerability in VLC Media Player. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. The updated release also addresses additional issues that could result in a denial-of-service attack.

US-CERT encourages users and administrators to review VideoLAN security advisory VideoLAN-SA-1004 and apply any necessary updates or workarounds to help mitigate the risks.

Google Releases Chrome 5.0.375.127

Google has released Chrome 5.0.375.127 for Windows, Mac, and Linux to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or conduct spoofing attacks.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top