The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Oracle has released its Critical Patch Update for October 2010 to address 85 vulnerabilities across multiple products. This update contains the following security fixes:
- 7 for Oracle Database Server
- 8 for Oracle Fusion Middleware
- 1 for Oracle Enterprise Manager Grid Control
- 6 for Oracle E-Business Suite
- 2 for Oracle Supply Chain Products Suite
- 21 for Oracle PeopleSoft and JDEdwards Suite
- 4 for Oracle Siebel Suite
- 1 for Oracle Primavera Products Suite
- 26 for Oracle Sun Products Suite
- 5 for Oracle Open Office Suite
- 4 for Oracle VM
Microsoft has released updates to address vulnerabilities in Microsoft Windows, .NET Framework, Server Software, Office, and Internet Explorer as part of the Microsoft Security Bulletin Summary for October 2010. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, operate with elevated privileges, cause a denial-of-service condition, or tamper with data.
US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.
Oracle has issued a critical patch update pre-release announcement indicating that its October release will contain 81 new vulnerability fixes. Release of the critical patch update is scheduled for Tuesday, October 12, 2010.
US-CERT encourages users and administrators to review the pre-release announcement. Additional information will be provided as it becomes available.