The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Oracle has released its Critical Patch Update for January 2011 to address 82 vulnerabilities across multiple products. This update contains the following security fixes:
- 7 for Oracle Database Server
- 16 for Oracle Fusion Middleware
- 2 for Oracle Enterprise Manager Grid Control
- 16 for Oracle Applications
- 3 for Oracle Supply Chain Products Suite
- 11 for Oracle PeopleSoft and JDEdwards Suite
- 2 for Oracle Industry Applications
- 23 for Oracle Sun Products Suite
- 2 for Oracle Open Office Suite
US-CERT encourages users and administrators to review the January 2011 Critical Patch Update and apply any necessary updates to help mitigate the risks.
Google has released Chrome 8.0.552.237 for all platforms to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.
Microsoft Security Advisory 2488013 addresses a vulnerability in Internet Explorer. This advisory has been updated to include Microsoft Fix It 50591 that prevents the recursive loading of CSS style sheets in Internet Explorer as a mitigation for this vulnerability. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review Microsoft Security Advisory 2488013 and implement the suggested workarounds to help mitigate the risks. Microsoft Fix IT 50591 is available from Microsoft Knowledgebase Article 2488013. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#634956.
US-CERT will provide additional information as it becomes available.