| Jan 12, 2010 |
Microsoft Releases January Security Bulletin Microsoft has released an update to address a vulnerability in Microsoft Windows in its Microsoft Security Bulletin Summary for January 2010. This vulnerability may allow an attacker to execute arbitrary code. An attacker may be able to exploit this vulnerability by convincing a user to view content rendered in a specially crafted Embedded OpenType (EOT) font in an application that can render EOT fonts. Common applications that can render EOT fonts include Microsoft Internet Explorer, Microsoft Office Word, and Microsoft Office PowerPoint. US-CERT encourages users and administrators to review the bulletin and apply any necessary updates to help mitigate the risks. |
| Jan 08, 2010 |
VMware Releases Multiple Updates for ESX VMware has released Security Advisory VMSA-2010-0001 to address multiple vulnerabilities in ESX Service Console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR). Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, cause a denial-of-service condition, bypass security restrictions, and compromise a vulnerable system. Additionally, VMware has updated two previously released advisories: VMSA-2009-0014.2 that addresses vulnerabilities in the DHCP, Service Console Kernel, and Java JRE packages for ESX, and VMSA-2009-0004.3 that addresses vulnerabilities in the OpenSSL, BIND, and Vim packages for ESX. US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2010-0001, VMSA-2009-0014.2, and VMSA-2009-0004.3 and apply any necessary updates to help mitigate the risks. |
| Jan 07, 2010 |
Microsoft Releases Advance Notification for January Security Bulletin Microsoft has issued a Security Bulletin Advance Notification indicating that its January release cycle will contain one bulletin, which will have a severity rating of Critical. The notification states that this bulletin is for Microsoft Windows. Release of this bulletin is scheduled for Tuesday, January 12. US-CERT will provide additional information as it becomes available. |
| Jan 07, 2010 |
PowerDNS Recursor Update Addresses Multiple Vulnerabilities PowerDNS has released PowerDNS Recursor 3.1.7.2 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or spoof DNS information. US-CERT encourages users and administrators to review PowerDNS Security Advisories 2010-01 and 2010-02 and apply any necessary updates. |
| Dec 22, 2009 |
Adobe Releases Security Update for Flash Media Server Adobe has released a security bulletin to address multiple vulnerabilities in Flash Media Server (FMS) 3.5.2 and earlier. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Adobe security bulletin APSB09-18 and apply any necessary updates to help mitigate the risks. |
| Dec 17, 2009 |
Cisco Releases Security Advisory for Cisco WebEx WRF Player Vulnerabilities Cisco has released a security advisory to address multiple vulnerabilities in WebEx WRF Player. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20091216-webex and apply any necessary updates to help mitigate the risks. |
| Dec 16, 2009 |
Mozilla Releases Firefox 3.5.6 and Firefox 3.0.16 Mozilla has released Firefox 3.5.6 and Firefox 3.0.16 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, operate with escalated privileges, or mislead users. These vulnerabilities may also affect SeaMonkey and Thunderbird. US-CERT encourages users and administrators to review the security advisories for their version of Firefox and upgrade to Firefox 3.5.6 or Firefox 3.0.16 to help mitigate the risks. |
| Dec 15, 2009 |
Adobe Reader and Acrobat Remote Code Execution Vulnerability Adobe has stated that they are investigating public reports of a vulnerability affecting Adobe Reader and Acrobat. Public reports indicate that exploitation of this vulnerability may occur when a user opens a specially crafted PDF file. Exploitation of this vulnerability may result in arbitrary code execution. Public reports currently indicate active exploitation of this vulnerability. US-CERT encourages users and administrators to do the following to help mitigate the risks until the vendor is able to provide an update:
|
| Dec 14, 2009 |
FBI Releases Warning about Scareware The Federal Bureau of Investigation (FBI) has released a warning to alert users about an ongoing threat involving pop-up security messages that appear on the Internet. These pop-up messages may contain seemingly legitimate antivirus software. Users who click on these pop-up messages to purchase and install the bogus software may become infected with malicious code or to become victims of a phishing attack. US-CERT encourages users and administrators to do the following to help mitigate the risks:
|
| Dec 11, 2009 |
Microsoft Releases Security Advisory 954157 Microsoft has released security advisory 954157 to notify users of an update that increases the security of the Indeo codec on Microsoft Windows 2000, XP, and Server 2003. The advisory states that the Indeo codec running on these systems may allow remote code execution when opening specially crafted media content. Microsoft indicates that this update blocks the Indeo codec from being launched in Internet Explorer or Windows Media player, which removes a potential attack vector. US-CERT encourages users and administrators to review Microsoft security advisory 954157 and apply any necessary updates or workarounds to help mitigate the risks. |