The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Cisco has released a vulnerability alert to inform users of a vulnerability affecting the Intelligent Contact Manager Setup Manager. This vulnerability may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review the vulnerability alert and consider implementing the safeguards provided in the alert to help mitigate the risks until a patch is released by the vendor.
Adobe has released Flash Player 10.1.102.64 for Windows, Macintosh, Linux, and Solaris to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or bypass cross-domain policy file restrictions. The Adobe security bulletin indicates that updates for Android will be available by November 9, 2010.
US-CERT encourages users and administrators to review Adobe security bulletin APSB10-26 and update to Flash Player 10.1.102.64 to help mitigate the risks associated with these vulnerabilities.
Microsoft has issued an Security Bulletin Advance Notification indicating that its November release will contain three bulletins. One of these bulletins will have the severity rating of critical and will be for Microsoft Office. The remaining two bulletins will have the severity rating of important and will be for Microsoft Office and Forefront Unified Access Gateway. Release of these bulletins is scheduled for Tuesday, November 9, 2010
US-CERT will provide additional information as it becomes available.