U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Cisco UCS Director Default Credentials Vulnerability

Cisco has released a security advisory to address a vulnerability in Cisco Unified Computing System (UCS) Director. This vulnerability could allow an unauthenticated, remote attacker to take complete control of the affected device due to a default root user account created during installation. Successful exploitation of this vulnerability would provide the attacker with full administrative rights to the system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the update provided to address this vulnerability.

Microsoft Releases Security Advisory for Internet Explorer 9 and 10 Use-After-Free Vulnerability

Microsoft has released Security Advisory 2934088 to address a use-after-free vulnerability in Internet Explorer 9 and 10, which can be used by a remote attacker to take control of a vulnerable system. US-CERT and Microsoft are aware of targeted attacks currently exploiting this vulnerability.

Users and administrators are encouraged to review Microsoft Security Advisory 2934088, CERT/CC Vulnerability Note VU#732479 and take appropriate actions to mitigate this vulnerability.

Security Updates Available for Adobe Flash Player

Adobe has released security updates to address a vulnerability in Adobe Flash Player 12.0.0.44 or earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.336 or earlier versions for Linux.  Exploitation of this vulnerability could allow an attacker to take control of an affected system.

US-CERT recommends that users and administrators review Adobe Security Bulletin APSB14-07 to determine which updates should be applied.

 

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top