The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Office, Microsoft .NET Framework, and Microsoft Developer Tools as part of the Microsoft Security Bulletin Summary for August 2011. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, cause a denial-of-service condition, or disclose sensitive information.
US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.
TimThumb, a PHP script that is reused in many popular themes for the WordPress blog software, contains a vulnerability that allows a remote attacker to upload arbitrary PHP code to an affected site.
US-CERT encourages users and administrators to:
- determine if any hosted blogs use TimThumb by searching for timthumb.php or thumb.php
- review the blog entry on the issue and apply any necessary updates or workarounds to help mitigate the risks
Google has released Chrome 13.0.782.107 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to perform a cross-site scripting attack, or to execute arbitrary code.
US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 13.0.782.107 to help mitigate the security risks.