The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
RealNetworks, Inc. has released an update for RealPlayer to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review the RealNetworks notice released on December 10, 2010 and apply any necessary updates to help mitigate the risks.
The Mozilla Foundation has released Firefox 3.6.13 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, spoof the location bar, or operate with elevated privileges. The Mozilla foundation has also released Firefox 3.5.16 to address these same vulnerabilities. Some of these vulnerabilities also affect Thunderbird and SeaMonkey and are addressed in Thunderbird 3.1.7 and 3.0.11 and SeaMonkey 2.0.11.
US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories released on December 9, 2010 and apply any necessary updates to help mitigate the risks.
Microsoft has issued a Security Bulletin Advance Notification indicating that its December release will contain 17 bulletins. Two of these bulletins will have a severity rating of critical and will be for Microsoft Windows and Internet Explorer. Fourteen of the bulletins will have a severity rating of important and will be for Microsoft Windows, Office, and SharePoint. The remaining bulletin will have a severity rating of moderate and will be for Microsoft Exchange. Release of these bulletins is scheduled for Tuesday, December 14, 2010.
US-CERT will provide additional information as it becomes available.