The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
VMware has released Security Advisory VMSA-2010-0001 to address multiple vulnerabilities in ESX Service Console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR). Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, cause a denial-of-service condition, bypass security restrictions, and compromise a vulnerable system.
Additionally, VMware has updated two previously released advisories: VMSA-2009-0014.2 that addresses vulnerabilities in the DHCP, Service Console Kernel, and Java JRE packages for ESX, and VMSA-2009-0004.3 that addresses vulnerabilities in the OpenSSL, BIND, and Vim packages for ESX.
Microsoft has issued a Security Bulletin Advance Notification indicating that its January release cycle will contain one bulletin, which will have a severity rating of Critical. The notification states that this bulletin is for Microsoft Windows. Release of this bulletin is scheduled for Tuesday, January 12.
US-CERT will provide additional information as it becomes available.
PowerDNS has released PowerDNS Recursor 220.127.116.11 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or spoof DNS information.
US-CERT encourages users and administrators to review PowerDNS Security Advisories 2010-01 and 2010-02 and apply any necessary updates.