The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh to address multiple vulnerabilities affecting the following software versions:
- Adobe Reader XI (11.0.05) and earlier 11.x versions for Windows and Macintosh
- Adobe Reader X (10.1.8) and earlier 10.x versions for Windows and Macintosh
- Adobe Acrobat XI (11.0.05) and earlier 11.x versions for Windows and Macintosh
- Adobe Acrobat X (10.1.8) and earlier 10.x versions for Windows and Macintosh
Exploitation of these vulnerabilities could lead to a crash or potentially allow an attacker to take control of the affected system.
US-CERT recommends that users and administrators review Adobe Security Bulletin APSB14-01 and follow best practice security policies to determine which updates should be applied.
Microsoft has released updates to address vulnerabilities in Microsoft Office, Server Software, Windows, and Microsoft Dynamics AX, as part of the Microsoft Security Bulletin Summary for January 2014. These vulnerabilities could allow remote code execution, elevation of privilege or a denial of service.
US-CERT encourages users and administrators to review the bulletin and follow best practice security policies to determine which updates should be applied.
A vulnerability in the "monlist" feature of ntpd can allow remote attackers to cause distributed denial of service attack (DDoS) via forged requests. US-CERT and the Canadian Cyber Incident Response Center (CCIRC) have both observed active use of this attack vector in recent DDoS attacks.