The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Microsoft has released Microsoft security advisory 2458511 to alert users of a vulnerability affecting all supported versions of Internet Explorer. This vulnerability may allow an attacker to execute arbitrary code.
Update: Microsoft has released two Fix it tools in Microsoft Support article 2458511 to help mitigate the risks until a security update is available.
US-CERT encourages users and administrators to review Microsoft Security Advisory 2458511 and consider implementing the suggested workarounds or using the Microsoft Fix it tools provided in Microsoft Support article 2458511 to help mitigate the risks until a fix is available from the vendor.
US-CERT is aware of recent reports indicating that some newly purchased removable media devices are infected with malicious code. This malicious code is a worm that attempts to propagate itself via multiple methods. If a Windows user connects an affected removable media device to a system that has autorun enabled, the system may become infected with this malware with no additional interaction from the user. Autorun is enabled by default.
US-CERT encourages users and administrators to consider implementing the following best security practices to help mitigate the risks associated with this type of issue:
- Disable autorun in Windows.
- Maintain up-to-date antivirus software.
- Maintain up-to-date hardware, operating systems, and software by applying security patches, fixes, and updates.
- Perform virus scanning of the removable media devices prior to each use.
Adobe has released a security update for Shockwave Player to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review Adobe security bulletin APSB10-25 and apply any necessary updates to help mitigate the risks. Additional information regarding the 'rcsL' chunk parsing vulnerability can be found in US-CERT vulnerability note VU#402231.