The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Multiple Cisco products include an implementation of Apache Struts 2 which contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and execute arbitrary commands on a targeted system.
Cisco products affected by this vulnerability include:
- Cisco Business Edition 3000 Series
- Cisco Identity Services Engine (ISE)
- Cisco Media Experience Engine (MXE) 3500 Series
- Cisco Unified Contact Center Enterprise (Cisco Unified CCE)
US-CERT encourages users and administrators to review the Cisco Advisory and apply the necessary updates.
Adobe has released security updates to address multiple vulnerabilities in Flash Player and Air. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system.
The following updates are available:
- Adobe Flash Player 188.8.131.52 for Windows, Macintosh and Linux
- Adobe Flash Player 184.108.40.2064 for Linux
- Adobe AIR 220.127.116.11 for Windows, Macintosh and Android
- Adobe AIR SDK and Compiler 18.104.22.168 for Windows, Macintosh, Android and iOS
- Adobe AIR SDK 22.214.171.124 for Windows, Macintosh, Android and iOS
Users and administrators are encouraged to review Adobe Security Bulletin APSB14-17 and determine which updates should be applied.
Microsoft has released updates to address vulnerabilities in Windows, Internet Explorer, and Microsoft Service Bus for Windows Server as part of the Microsoft Security Bulletin Summary for July 2014. Some of these vulnerabilities could allow remote code execution, elevation of privilege, or denial of service.
US-CERT encourages users and administrators to review the bulletin and apply the necessary updates.