The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Microsoft has released updates to address vulnerabilities in Microsoft Office, Office Services, Web Apps, Windows and Internet Explorer as part of the Microsoft Security Bulletin Summary for April, 2014. These vulnerabilities could allow remote code executions.
US-CERT encourages users and administrators to review the bulletin and follow best practice security policies to determine which updates should be applied.
A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension. This may allow an attacker to decrypt traffic or perform other attacks. OpenSSL version 1.0.1g resolves this vulnerability. The 1.0.0 and 0.9.8 branches are not vulnerable.
US-CERT recommends users and administrators review Vulnerability Note VU#720951 for additional information and mitigation details.
Apple released Safari 6.1.3 and Safari 7.0.3 for OS X to address multiple vulnerabilities in WebKit. Software memory corruption issues may lead to information disclosure, unexpected application termination, or arbitrary code execution.
Users and administrators are encouraged to review Apple Support Article HT6181 and apply the necessary updates.