The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
OpenX has released a security update to address a vulnerability in the 2.8 downloadable version of OpenX. Exploitation of this vulnerability may allow an attacker to compromise the integrity of the server running OpenX.
US-CERT encourages users and administrators to review the OpenX "Security Update" blog entry and upgrade to OpenX 6.8.7 to help mitigate the risks. OpenX users are also encouraged to review the "How to Secure your OpenX Installation" blog entry on how to further secure the OpenX installation.
Cisco has released six security advisories to address vulnerabilities affecting the Cisco IOS Software and the Cisco Unified Communications Manager. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition.
US-CERT encourages users and administrators to review the following Cisco security advisories and apply any necessary updates to help mitigate the risks.
Apple has released security update 2010-006 for Mac OS X and Mac OS X Server to address a vulnerability in the AFP package. This vulnerability may allow an attacker to bypass password validation and obtain sensitive information. The article indicates that this vulnerability does not affect systems prior to Mac OS X v10.6.
US-CERT encourages users and administrators to review Apple article HT4361 and apply any necessary updates to help mitigate the risks.
Microsoft has released a security advisory to alert users of a vulnerability affecting ASP.NET. Exploitation of this vulnerability may allow an attacker to obtain sensitive information or tamper with data.
US-CERT encourages administrators to review Microsoft security advisory 2416728 and apply any necessary workarounds until a fix is released by the vendor.
Update: Microsoft has indicated that this vulnerability affects all applications that rely on the ASP.NET platform. Microsoft has also updated the security advisory to include additional workaround details. The Microsoft SharePoint Team has updated its blog entry "Security Advisory 2416728 (Vulnerability in ASP.NET) and SharePoint" to assist users in how to mitigate these risks in SharePoint.
US-CERT will provide additional information as it becomes available.
Apple has released QuickTime 7.6.8 to address two vulnerabilities affecting earlier versions of QuickTime for Windows.
The first vulnerability is due to improper input validation in the QuickTime ActiveX control. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.
The second vulnerability is due to a path searching issue related to insecure loading of dynamic link libraries (DLLs). Exploitation of this vulnerability may allow an attacker to execute arbitrary code. Additional information regarding this class of vulnerabilities can be found in the US-CERT Current Activity entry titled "Insecure Loading of Dynamic Link Libraries in Windows Applications" and in the US-CERT Vulnerability Note VU#707943.
US-CERT encourages users and administrators to review Apple article HT4339 and apply any necessary updates to help mitigate the risks.