U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Microsoft Re-Releases Security Update for MS10-025

Microsoft has re-released the security update related to Microsoft security bulletin MS10-025. This vulnerability affects Windows Media Services running on Windows 2000 Server. The original release of this update had been revoked last week because it did not effectively correct the underlying vulnerability.

US-CERT encourages users and administrators to review Microsoft security bulletin MS10-025 and apply the update as necessary to help mitigate the risks. Additional information regarding the re-release of this update can be found in the Microsoft Security Response Center blog.

Microsoft Revokes Security Update

The Microsoft Security Response Center has posted a blog entry indicating that it has revoked the update related to Microsoft security bulletin MS10-025 because it does not effectively correct the underlying vulnerability. This vulnerability affects Windows Media Services running on Windows 2000 Server. The blog entry indicates that Microsoft has targeted a re-release of the update for next week.

US-CERT encourages users and administrators to review the Microsoft Security Response Center blog entry and implement the suggested guidance to help mitigate the risks.

US-CERT will provide additional information as it becomes available.

VideoLAN Releases Security Advisory for VLC Media Player

VideoLAN has released a security advisory to address multiple vulnerabilities in VLC Media Player. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review VideoLAN security advisory VideoLAN-SA-1003 and apply any necessary updates or workarounds to help mitigate the risks.

Cisco Releases Security Advisory for Small Business Video Surveillance Cameras and 4-Port Gigabit Security Routers

Cisco has released a security advisory to address a vulnerability that affects Cisco Small Business Video Surveillance Cameras and Cisco RVS4000 4-Port Gigabit Security Routers. This vulnerability may allow an unprivileged user to gain full administrative access on the device or obtain sensitive information.

US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20100421-vsc and apply any necessary updates or workarounds to help mitigate the risks.

McAfee DAT 5958 Issues

US-CERT is aware of public reports indicating that McAfee DAT release 5958 is incorrectly identifying the valid system file, C:\Windows\system32\svchost.exe, as containing malicious code. Reports indicate that a false positive detection occurs on Windows XP Service Pack 3 systems. Symptoms include a denial-of-service condition when the McAfee software attempts to clean the file.

US-CERT encourages users and administrators to review the McAfee Virus Profile: W32/Wecorl.a and apply the "extra.dat" and additional updates provided by McAfee as necessary to mitigate this issue. Users should ensure that they have installed DAT 5959 or greater before running any on-demand scans.

Google Releases Chrome 4.1.249.1059

Google has released Chrome 4.1.249.1059 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site scripting attacks, or conduct cross-site request forgery attacks.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 4.1.249.1059 for Windows to help mitigate the risks.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top