U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Adobe Releases Security Updates for Reader and Acrobat

Adobe has released updates for Adobe Reader and Acrobat for Windows, Macintosh, and UNIX. These updates address multiple vulnerabilities including those described in Adobe security advisory APSA10-02 and Flash Player security bulletin APSB10-22. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Adobe security bulletin APSB10-21 and apply any necessary updates to help mitigate the risks. Additional information regarding these vulnerabilities can be found in the following:

Microsoft Releases Security Bulletin MS10-070

Microsoft has released Microsoft Security Bulletin MS10-070 to address a vulnerability affecting ASP.NET. Exploitation of this vulnerability may allow an attacker to obtain sensitive information or tamper with data.

US-CERT encourages users and administrators to review Microsoft Security Bulletin MS10-070 and apply any necessary updates to help mitigate the risks.

Microsoft Releases Advance Notification for Out-of-Band Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that it will be releasing an out-of-band security bulletin to address a vulnerability affecting Windows. The Microsoft SharePoint Team blog indicates that this bulletin will address the recently reported vulnerability in ASP.NET. Exploitation of this vulnerability may allow an attacker to obtain sensitive information or tamper with data. Release of this bulletin is scheduled for September 28, 2010.

US-CERT encourages users and administrators to review the Microsoft Security Bulletin Advance Notification, the SharePoint Team blog entry, and Microsoft Security Advisory 2416728 for additional information regarding this vulnerability.

OpenX Releases Security Update

OpenX has released a security update to address a vulnerability in the 2.8 downloadable version of OpenX. Exploitation of this vulnerability may allow an attacker to compromise the integrity of the server running OpenX.

US-CERT encourages users and administrators to review the OpenX "Security Update" blog entry and upgrade to OpenX 6.8.7 to help mitigate the risks. OpenX users are also encouraged to review the "How to Secure your OpenX Installation" blog entry on how to further secure the OpenX installation.

Cisco Releases Security Advisories

Cisco has released six security advisories to address vulnerabilities affecting the Cisco IOS Software and the Cisco Unified Communications Manager. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the following Cisco security advisories and apply any necessary updates to help mitigate the risks.

Apple Releases Security Update 2010-006

Apple has released security update 2010-006 for Mac OS X and Mac OS X Server to address a vulnerability in the AFP package. This vulnerability may allow an attacker to bypass password validation and obtain sensitive information. The article indicates that this vulnerability does not affect systems prior to Mac OS X v10.6.

US-CERT encourages users and administrators to review Apple article HT4361 and apply any necessary updates to help mitigate the risks.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top