The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
US-CERT is aware of a vulnerability affecting the Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols. Exploitation of this vulnerability may allow an attacker to decrypt encrypted SSL/TLS traffic and obtain sensitive information.
Microsoft has released Security Advisory 2588513 to provide workarounds for this vulnerability in the Windows implementation of the SSL and TLS protocols.
US-CERT encourages Microsoft Windows users and administrators to review Microsoft Security Advisory 2588513 and implement the workarounds listed in the advisory to help mitigate the risks.
Adobe has released a security update for Adobe Flash Player to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, or perform a cross-site scripting attack. Adobe has indicated that one of the vulnerabilities is currently being exploited in targeted attacks via a malicious link delivered in an email message. These vulnerabilities affect Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.3.186.6 and earlier versions for Android.
US-CERT encourages users and administrators to review Adobe Security Bulletin APSB11-26 and apply any necessary updates to help mitigate the risks. Google Chrome users should update to Chrome 14.0.835.186 to address these vulnerabilities.
Cisco has released a security advisory to address a vulnerability in Cisco Identity Services Engine. Exploitation of this vulnerability may allow a remote attacker to gain complete administrative control of the device.
US-CERT encourages users and administrators to review Cisco Security Advisory cisco-sa-20110920 and apply any necessary updates or workarounds to help mitigate the risks.