The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Adobe has released a security advisory to address multiple vulnerabilities in Adobe Reader and Acrobat. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or operate with escalated privileges.
US-CERT encourages users and administrators to review Adobe security advisory APSB11-24 and apply any necessary updates to help mitigate the risks.
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Server Software as part of the Microsoft Security Bulletin Summary for September 2011. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.
US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.
US-CERT is aware of public reports of the existence of fraudulent SSL certificates issued by DigiNotar. These fraudulent SSL certificates could be used by an attacker to masquerade as legitimate sites.
Mozilla has released Firefox 3.6.22 and Firefox 6.0.2 to address this issue. Additional information can be found in the Mozilla Security Blog.
Microsoft has removed the DigiNotar root certificates from the Microsoft Certificate Trust List. This change affects all versions of Windows Vista, Windows 7, Windows XP, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2003. Additional information can be found in Microsoft Security Advisory 2607712.