The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
US-CERT is aware of public reports indicating that McAfee DAT release 5958 is incorrectly identifying the valid system file, C:\Windows\system32\svchost.exe, as containing malicious code. Reports indicate that a false positive detection occurs on Windows XP Service Pack 3 systems. Symptoms include a denial-of-service condition when the McAfee software attempts to clean the file.
US-CERT encourages users and administrators to review the McAfee Virus Profile: W32/Wecorl.a and apply the "extra.dat" and additional updates provided by McAfee as necessary to mitigate this issue. Users should ensure that they have installed DAT 5959 or greater before running any on-demand scans.
Google has released Chrome 22.214.171.1249 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site scripting attacks, or conduct cross-site request forgery attacks.
US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 126.96.36.1999 for Windows to help mitigate the risks.
Oracle has released Sun Java SE 1.6.0_20 to address several vulnerabilities. The release notes for this version of Java SE indicate that these vulnerabilities are in Java Deployment Toolkit and the new Java Plug-in. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code.
US-CERT encourages users and administrators to review the following documents and apply any necessary updates or workarounds to help mitigate the risks: