The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
RIM has released a security advisory to address a vulnerability in the PDF distiller of the BlackBerry attachment service for the BlackBerry Enterprise Server. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review BlackBerry security advisory KB24547 and apply any necessary updates to help mitigate the risks.
Oracle has released its Critical Patch Update for October 2010 to address 85 vulnerabilities across multiple products. This update contains the following security fixes:
- 7 for Oracle Database Server
- 8 for Oracle Fusion Middleware
- 1 for Oracle Enterprise Manager Grid Control
- 6 for Oracle E-Business Suite
- 2 for Oracle Supply Chain Products Suite
- 21 for Oracle PeopleSoft and JDEdwards Suite
- 4 for Oracle Siebel Suite
- 1 for Oracle Primavera Products Suite
- 26 for Oracle Sun Products Suite
- 5 for Oracle Open Office Suite
- 4 for Oracle VM
Microsoft has released updates to address vulnerabilities in Microsoft Windows, .NET Framework, Server Software, Office, and Internet Explorer as part of the Microsoft Security Bulletin Summary for October 2010. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, operate with elevated privileges, cause a denial-of-service condition, or tamper with data.
US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.