The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, Server Software, and Developer Tools as part of the Microsoft Security Bulletin Summary for April 2011. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.
US-CERT encourages users and administrators to review the bulletin and follow best-practices security policies to determine which updates should be applied.
Adobe has released a security update for Adobe Flash Player to address the vulnerability previously referenced in Adobe Security Advisory APSA11-02. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Adobe has indicated that this vulnerability is currently being exploited in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment. This vulnerability affects the following Adobe products:
VideoLAN has issued a security advisory to alert users of a vulnerability affecting VLC Media Player versions 1.0.0 through 1.1.8. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review VideoLAN Security Advisory 1103 and implement the workarounds provided in the advisory until a fix is available from the vendor.
US-CERT will provide additional information as it becomes available.