The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Google has released Chrome 14.0.835.202 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 14.0.835.202.
Cisco has released a security advisory to address a vulnerability in the Cisco IOS Software Install feature running on Cisco Catalyst Switches. Exploitation of this vulnerability may allow remote code execution by an unauthenticated attacker.
US-CERT encourages administrators to review Cisco Security Advisory cisco-sa-20110928-smart-install for information about software updates and to review the Cisco Applied Mitigation Bulletin for workaround information.
US-CERT is aware of a vulnerability affecting the Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols. Exploitation of this vulnerability may allow an attacker to decrypt encrypted SSL/TLS traffic and obtain sensitive information.
Microsoft has released Security Advisory 2588513 to provide workarounds for this vulnerability in the Windows implementation of the SSL and TLS protocols.
US-CERT encourages Microsoft Windows users and administrators to review Microsoft Security Advisory 2588513 and implement the workarounds listed in the advisory to help mitigate the risks.