The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Microsoft has released updates to address vulnerabilities in Microsoft Office and Forefront United Access Gateway as part of the Microsoft Security Bulletin Summary for November 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.
US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.
Cisco has released a vulnerability alert to inform users of a vulnerability affecting the Intelligent Contact Manager Setup Manager. This vulnerability may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review the vulnerability alert and consider implementing the safeguards provided in the alert to help mitigate the risks until a patch is released by the vendor.
Adobe has released Flash Player 10.1.102.64 for Windows, Macintosh, Linux, and Solaris to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or bypass cross-domain policy file restrictions. The Adobe security bulletin indicates that updates for Android will be available by November 9, 2010.
US-CERT encourages users and administrators to review Adobe security bulletin APSB10-26 and update to Flash Player 10.1.102.64 to help mitigate the risks associated with these vulnerabilities.