U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Google Releases Chrome 7.0.517.44

Google has released Chrome 7.0.517.41 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.

Microsoft Releases Security Advisory for Internet Explorer

Microsoft has released Microsoft security advisory 2458511 to alert users of a vulnerability affecting all supported versions of Internet Explorer. This vulnerability may allow an attacker to execute arbitrary code.

Update: Microsoft has released two Fix it tools in Microsoft Support article 2458511 to help mitigate the risks until a security update is available.

US-CERT encourages users and administrators to review Microsoft Security Advisory 2458511 and consider implementing the suggested workarounds or using the Microsoft Fix it tools provided in Microsoft Support article 2458511 to help mitigate the risks until a fix is available from the vendor.

Removable Media Security Practices

US-CERT is aware of recent reports indicating that some newly purchased removable media devices are infected with malicious code. This malicious code is a worm that attempts to propagate itself via multiple methods. If a Windows user connects an affected removable media device to a system that has autorun enabled, the system may become infected with this malware with no additional interaction from the user. Autorun is enabled by default.

US-CERT encourages users and administrators to consider implementing the following best security practices to help mitigate the risks associated with this type of issue:

  • Disable autorun in Windows.
  • Maintain up-to-date antivirus software.
  • Maintain up-to-date hardware, operating systems, and software by applying security patches, fixes, and updates.
  • Perform virus scanning of the removable media devices prior to each use.
Information about disabling autorun in Windows, including a fix-it tool, can be found in Microsoft knowledgebase article 967715.

Adobe Releases Security Update for Shockwave Player

Adobe has released a security update for Shockwave Player to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review Adobe security bulletin APSB10-25 and apply any necessary updates to help mitigate the risks. Additional information regarding the 'rcsL' chunk parsing vulnerability can be found in US-CERT vulnerability note VU#402231.

Adobe Releases Security Bulletin for Flash Player, Reader, and Acrobat

Adobe has released a security advisory to alert users of a vulnerability affecting the following applications:

Cisco Releases Security Advisory for CiscoWorks Common Services

Cisco has released a security advisory to address a vulnerability affecting CiscoWorks Common Services for Oracle Solaris and Microsoft Windows. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code with administrative privileges or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20101027-cs and apply any necessary updates or workarounds to help mitigate the risks.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top