The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
WordPress.org has released WordPress 3.0.4 to address a vulnerability in the HTML sanitation library. Exploitation of this vulnerability may allow an attacker to insert arbitrary HTML and script code into the browser session.
US-CERT encourages users and administrators to review the WordPress.org blog entry and apply any necessary updates to help mitigate the risks.
US-CERT is aware of a vulnerability affecting the WBEMSingleView.ocx ActiveX control. This control is part of the Microsoft WMI Administrative Tools package. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to set the kill bit for CLSID 2745E5F5-D234-11D0-847A00C04FD7BB08 to help mitigate the risks until a fix is available from the vendor. Information on how to set a kill bit can be found in Microsoft knowledgebase article KB240797. Users and administrators are also encouraged to implement best security practices defined in the Securing Your Web Browser document to reduce the risk of this and similar vulnerabilities. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#725596.
The Microsoft Outlook product team has posted a blog entry to inform users of several issues related to the Outlook 2007 update (KB2412171) that was released on December 14. The product team has identified these issues as: