| Jan 20, 2010 |
Apple Releases Security Update 2010-001 Apple has released Security Update 2010-001 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4004 and apply any necessary updates to help mitigate the risks. |
| Jan 14, 2010 |
Microsoft Releases Security Advisory 979352 Microsoft has released Security Advisory 979352 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to execute arbitrary code. Microsoft also indicates that it is aware of public, active exploitation of this vulnerability. US-CERT encourages users and administrators to review Microsoft Security Advisory 979352 and apply the suggested workaround of setting the Internet zone security setting to High to help mitigate the risks. Additional information about this vulnerability can be found in Vulnerability Note VU#492515. |
| Jan 13, 2010 |
Haitian Earthquake Disaster Email Scams and Search Engine Poisoning Campaigns US-CERT would like to warn users of potential email scams and search engine poisoning campaigns that may circulate regarding the Haitian Earthquake disaster. The scam emails may contain links or attachments which may direct users to phishing or malware-laden websites. Fraudulent search engine results may return similar malicious web links to phishing and malware websites. US-CERT encourages users to take the following measures to protect themselves:
|
| Jan 13, 2010 |
IRS Warns of Online Scams US-CERT is aware of reports of tax season phishing scams. The U.S. Internal Revenue Service has issued a news release on its website warning consumers about potential scams. These scams are circulating via fraudulent email or other online messages appearing to come from the IRS. They attempt to convince consumers to reveal personal and financial information that can be used to gain access to bank accounts, credit cards, and other financial institutions. US-CERT encourages users to do the following to mitigate the risks:
|
| Jan 12, 2010 |
Adobe Releases Update for Adobe Reader and Acrobat Adobe has released an update for Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities affect Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX and Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Adobe Security Bulletin APBS10-02 and apply any necessary updates to help mitigate the risks. |
| Jan 12, 2010 |
Oracle Releases Critical Patch Update for January 2010 Oracle has released its Critical Patch Update for January 2010 to address 24 vulnerabilities across several products. This update contains the following security fixes:
|
| Jan 12, 2010 |
Microsoft Releases January Security Bulletin Microsoft has released an update to address a vulnerability in Microsoft Windows in its Microsoft Security Bulletin Summary for January 2010. This vulnerability may allow an attacker to execute arbitrary code. An attacker may be able to exploit this vulnerability by convincing a user to view content rendered in a specially crafted Embedded OpenType (EOT) font in an application that can render EOT fonts. Common applications that can render EOT fonts include Microsoft Internet Explorer, Microsoft Office Word, and Microsoft Office PowerPoint. US-CERT encourages users and administrators to review the bulletin and apply any necessary updates to help mitigate the risks. |
| Jan 08, 2010 |
VMware Releases Multiple Updates for ESX VMware has released Security Advisory VMSA-2010-0001 to address multiple vulnerabilities in ESX Service Console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR). Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, cause a denial-of-service condition, bypass security restrictions, and compromise a vulnerable system. Additionally, VMware has updated two previously released advisories: VMSA-2009-0014.2 that addresses vulnerabilities in the DHCP, Service Console Kernel, and Java JRE packages for ESX, and VMSA-2009-0004.3 that addresses vulnerabilities in the OpenSSL, BIND, and Vim packages for ESX. US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2010-0001, VMSA-2009-0014.2, and VMSA-2009-0004.3 and apply any necessary updates to help mitigate the risks. |
| Jan 07, 2010 |
Microsoft Releases Advance Notification for January Security Bulletin Microsoft has issued a Security Bulletin Advance Notification indicating that its January release cycle will contain one bulletin, which will have a severity rating of Critical. The notification states that this bulletin is for Microsoft Windows. Release of this bulletin is scheduled for Tuesday, January 12. US-CERT will provide additional information as it becomes available. |
| Jan 07, 2010 |
PowerDNS Recursor Update Addresses Multiple Vulnerabilities PowerDNS has released PowerDNS Recursor 3.1.7.2 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or spoof DNS information. US-CERT encourages users and administrators to review PowerDNS Security Advisories 2010-01 and 2010-02 and apply any necessary updates. |