The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
US-CERT is aware of a vulnerability affecting Microsoft Internet Explorer 8. This vulnerability is due to improper handling of circular memory references. Exploitation of this vulnerability may allow an attacker to execute arbitrary code in the context of the user or cause a denial-of-service condition.
At this time, the vendor has not released a fix or a workaround to address this vulnerability. Users and administrators are encouraged to consider implementing the mitigations provided in Microsoft's Enhanced Mitigation Experience Toolkit (EMET). These mitigations will not rectify the vulnerability but will make exploitation of the vulnerability more difficult.
Additional information can be found in US-CERT Vulnerability Note VU#427980. US-CERT will provide updates as further details become available.
Microsoft has issued a Security Bulletin Advance Notification indicating that its January release will contain two bulletins. These bulletins will have the severity ratings of critical and important and will be for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, January 11, 2011.
US-CERT will provide additional information as it becomes available.
Apple has released Mac OS X v10.6.6 to address a vulnerability affecting PackageKit. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review Apple article HT4498 and apply any necessary updates to help mitigate the risks.