U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Microsoft Releases July 2015 Security Bulletin

Microsoft has released 14 updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow remote code execution or elevation of privileges.

US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-058 and MS15-065 through MS15-077 and apply the necessary updates.

Adobe Releases Security Update for Shockwave Player

Adobe has released a security update to address critical vulnerabilities in Shockwave Player for Windows and Macintosh. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-17 and apply the necessary update.

Updates Available for Flash AS3 opaqueBackground and BitmapData Use-After-Free Vulnerabilities

Adobe has released security updates to address critical vulnerabilities within the ActionScript 3 opaqueBackground and BitmapData classes of Flash Player. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on a vulnerable system. Versions affected include Adobe Flash Player 9 through 18.0.0.204.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-18 and apply the necessary updates. Additional information can be found in Vulnerability Notes VU#338736 and VU#918568.

VMware Releases Security Advisory

VMware has released security updates to address a host privilege escalation vulnerability in VMware Workstation, Player and Horizon View Client for Windows. Exploitation of this vulnerability may allow an attacker to escalate privileges on an affected VMware system.

Updates available include:

  • VMware Workstation 11.1.1
  • VMware Workstation 10.0.7
  • VMware Player 7.1.1
  • VMware Player 6.0.7
  • VMware Horizon Client for Windows (with Local Mode Option) 5.4.2

Users and administrators are encouraged to review the VMware Security Advisory VMSA-2015-0005 and apply the necessary updates.

OpenSSL Releases Security Advisory

OpenSSL has released updates to address a vulnerability that could impact proper certificate verification. A remote attacker could ‘issue’ invalid certificates that pass validation by affected versions.

Updates available include:

  • OpenSSL 1.0.2d for 1.0.2b/1.02c users
  • OpenSSL 1.0.1p for 1.0.1n/1.0.1o users

Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Macintosh, and Linux. These include a critical vulnerability (CVE-2015-5119) in Adobe Flash Player 18.0.0.194 and earlier versions. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been made publicly available.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-16 and apply the necessary updates.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top