The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Microsoft has released Microsoft Security Advisory 2639658 to address a vulnerability in the Win32k TrueType font parsing engine. By convincing a user to open a malicious email attachment, an attacker may be able to exploit this vulnerability and execute arbitrary code.
Microsoft has indicated that it is aware of targeted attacks exploiting this vulnerability. The Duqu malware may exploit this vulnerability.
UPDATE: Microsoft has provided an update to address this vulnerability in Microsoft Security Bulletin MS11-087.
US-CERT encourages users and administrators to take the following actions to help mitigate the risks of this vulnerability and the Duqu malware:
Microsoft has released updates to address vulnerabilities in Microsoft Windows as part of the Microsoft Security Bulletin Summary for November 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.
US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.
Apple has released QuickTime 7.7.1 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.
US-CERT encourages users and administrators to review Apple Support Article HT5016 and apply any necessary updates to help mitigate the risks.