U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Removable Media Security Practices

US-CERT is aware of recent reports indicating that some newly purchased removable media devices are infected with malicious code. This malicious code is a worm that attempts to propagate itself via multiple methods. If a Windows user connects an affected removable media device to a system that has autorun enabled, the system may become infected with this malware with no additional interaction from the user. Autorun is enabled by default.

US-CERT encourages users and administrators to consider implementing the following best security practices to help mitigate the risks associated with this type of issue:

  • Disable autorun in Windows.
  • Maintain up-to-date antivirus software.
  • Maintain up-to-date hardware, operating systems, and software by applying security patches, fixes, and updates.
  • Perform virus scanning of the removable media devices prior to each use.
Information about disabling autorun in Windows, including a fix-it tool, can be found in Microsoft knowledgebase article 967715.

Adobe Releases Security Update for Shockwave Player

Adobe has released a security update for Shockwave Player to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review Adobe security bulletin APSB10-25 and apply any necessary updates to help mitigate the risks. Additional information regarding the 'rcsL' chunk parsing vulnerability can be found in US-CERT vulnerability note VU#402231.

Adobe Releases Security Bulletin for Flash Player, Reader, and Acrobat

Adobe has released a security advisory to alert users of a vulnerability affecting the following applications:

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top