The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
VMware has released a security advisory to address vulnerabilities in the Samba and acpid packages of ESX Service Console. These vulnerabilities may allow an attacker to cause a denial-of-service condition, obtain sensitive information or bypass security restrictions.
US-CERT encourages users and administrators to review VMware security bulletin VMSA-2010-0006 and apply any necessary updates to help mitigate the risks.
Oracle has released a critical patch update to address 27 vulnerabilities in Java SE and Java for Business. These vulnerabilities are in the following components: ImageIO, Java 2D, Java Runtime Environment, Java Web Start, Pack200, Sound, JSSE, and HotSpot Server.
US-CERT encourages users and administrators to review the critical patch update and apply any necessary updates to help mitigate the risks.
Microsoft has released an update to its Security Bulletin Summary for March 2010 and has included the out-of-band bulletin MS10-018. This bulletin addresses ten vulnerabilities in Internet Explorer, including one previously announced in Microsoft Security Advisory 981374. The most severe of these vulnerabilities may allow an attacker to execute arbitrary code on the affected system.
US-CERT encourages users and administrators to review Microsoft Security Bulletin MS10-018 and to follow best-practice security policies to determine which updates should be applied.
Microsoft has issued a Security Bulletin Advance Notification indicating that it will be releasing an out-of-band security bulletin. This bulletin will address a vulnerability in Microsoft Internet Explorer 6 and Internet Explorer 7. The notification states that release of this bulletin is scheduled for March 30, 2010. Additional information can be found in Microsoft Security Advisory 981374 and in the Vulnerability Notes Database.
US-CERT will provide additional information as it becomes available.
Apple has released Security Update 2010-002 and Mac OS X v10.6.3 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, bypass security restrictions, or operate with elevated privileges.
US-CERT encourages users and administrators to review Apple Article HT4077 and apply any necessary updates to help mitigate the risks.
US-CERT is aware of public reports of an active email scam. These emails, which appear to come from seemingly legitimate law firms, indicate that someone has filed a copyright lawsuit against the message recipient. The messages may contain malicious attachments or web links. If a user opens the attachment or follows the link, malicious code may be installed on the user's system.
US-CERT encourages users to take the following preventative measures to help mitigate the security risks: