The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Adobe has released a security hotfix for Adobe ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX to address multiple vulnerabilities. These vulnerabilities could allow an unauthorized user to bypass authentication controls.
US-CERT recommends that users and administrators review Adobe Security Bulletin APSB13-10 and follow best practice security policies to determine which updates should be applied.
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Server Software, and Security Software as part of the Microsoft Security Bulletin summary for April 2013. These vulnerabilities could allow remote code execution, elevation of privilege, denial of service, or information disclosure.
US-CERT encourages users and administrators to review the bulletin and follow best practice security policies to determine which updates should be applied.
The Mozilla Foundation has released updates to address multiple vulnerabilities. These vulnerabilities could allow an attacker to initiate a cross-site scripting attack or obtain sensitive information, enable privilege escalation or execute arbitrary code, or cause a denial-of-service condition.
Updates to the following products are available:
- Firefox 20
- Firefox ESR 17.0.5
- Thunderbird 17.0.5
- Thunderbird ESR 17.0.5
- SeaMonkey 2.17
US-CERT encourages users and administrators to review the Mozilla Foundation Advisories for Firefox 20, Firefox ESR 17.0.5, Thunderbird 17.0.5, Thunderbird ESR 17.0.5, and SeaMonkey 2.17 and apply any necessary updates to help mitigate the risk.