The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Microsoft has released security advisory 2490606 to alert users of a vulnerability affecting the Windows Graphics Rendering Engine. Exploitation of this vulnerability may allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.
US-CERT encourages users and administrators to review Microsoft security advisory 2490606 and the suggested workarounds to help mitigate the risks until a fix is available from the vendor.
US-CERT will provide additional information as it becomes available.
WordPress.org has released WordPress 3.0.4 to address a vulnerability in the HTML sanitation library. Exploitation of this vulnerability may allow an attacker to insert arbitrary HTML and script code into the browser session.
US-CERT encourages users and administrators to review the WordPress.org blog entry and apply any necessary updates to help mitigate the risks.
US-CERT is aware of a vulnerability affecting the WBEMSingleView.ocx ActiveX control. This control is part of the Microsoft WMI Administrative Tools package. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to set the kill bit for CLSID 2745E5F5-D234-11D0-847A00C04FD7BB08 to help mitigate the risks until a fix is available from the vendor. Information on how to set a kill bit can be found in Microsoft knowledgebase article KB240797. Users and administrators are also encouraged to implement best security practices defined in the Securing Your Web Browser document to reduce the risk of this and similar vulnerabilities. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#725596.