| Jan 14, 2011 |
Google Releases Chrome 8.0.552.237 Google has released Chrome 8.0.552.237 for all platforms to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks. |
| Jan 12, 2011 |
RIM Releases Security Advisory for BlackBerry Enterprise Server RIM has released a security advisory to address a vulnerability in the PDF distiller of the BlackBerry attachment service for BlackBerry Enterprise Server. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review BlackBerry security advisory KB25382 and apply any necessary updates to help mitigate the risks. |
| Jan 12, 2011 |
Microsoft Security Advisory 2488013 Microsoft Security Advisory 2488013 addresses a vulnerability in Internet Explorer. This advisory has been updated to include Microsoft Fix It 50591 that prevents the recursive loading of CSS style sheets in Internet Explorer as a mitigation for this vulnerability. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Microsoft Security Advisory 2488013 and implement the suggested workarounds to help mitigate the risks. Microsoft Fix IT 50591 is available from Microsoft Knowledgebase Article 2488013. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#634956. US-CERT will provide additional information as it becomes available. |
| Jan 11, 2011 |
Microsoft Releases January Security Bulletin Microsoft has released updates to address vulnerabilities in Microsoft Windows as part of the Microsoft Security Bulletin Summary for January 2011. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied. |
| Jan 07, 2011 |
Microsoft Internet Explorer 8 use-after-free Vulnerability US-CERT is aware of a vulnerability affecting Microsoft Internet Explorer 8. This vulnerability is due to improper handling of circular memory references. Exploitation of this vulnerability may allow an attacker to execute arbitrary code in the context of the user or cause a denial-of-service condition. At this time, the vendor has not released a fix or a workaround to address this vulnerability. Users and administrators are encouraged to consider implementing the mitigations provided in Microsoft's Enhanced Mitigation Experience Toolkit (EMET). These mitigations will not rectify the vulnerability but will make exploitation of the vulnerability more difficult. Additional information can be found in US-CERT Vulnerability Note VU#427980. US-CERT will provide updates as further details become available. |
| Jan 06, 2011 |
Apple Releases Mac OS X v10.6.6 Apple has released Mac OS X v10.6.6 to address a vulnerability affecting PackageKit. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4498 and apply any necessary updates to help mitigate the risks. |
| Jan 06, 2011 |
Microsoft Releases Advance Notification for January Security Bulletin Microsoft has issued a Security Bulletin Advance Notification indicating that its January release will contain two bulletins. These bulletins will have the severity ratings of critical and important and will be for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, January 11, 2011. US-CERT will provide additional information as it becomes available. |
| Jan 05, 2011 |
Microsoft Releases Security Advisory Microsoft has released security advisory 2490606 to alert users of a vulnerability affecting the Windows Graphics Rendering Engine. Exploitation of this vulnerability may allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. US-CERT encourages users and administrators to review Microsoft security advisory 2490606 and the suggested workarounds to help mitigate the risks until a fix is available from the vendor. US-CERT will provide additional information as it becomes available. |
| Jan 03, 2011 |
WordPress.org has released WordPress 3.0.4 WordPress.org has released WordPress 3.0.4 to address a vulnerability in the HTML sanitation library. Exploitation of this vulnerability may allow an attacker to insert arbitrary HTML and script code into the browser session. US-CERT encourages users and administrators to review the WordPress.org blog entry and apply any necessary updates to help mitigate the risks. |
| Dec 22, 2010 |
Microsoft WMI Administrative Tool ActiveX Control Vulnerability US-CERT is aware of a vulnerability affecting the WBEMSingleView.ocx ActiveX control. This control is part of the Microsoft WMI Administrative Tools package. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to set the kill bit for CLSID 2745E5F5-D234-11D0-847A00C04FD7BB08 to help mitigate the risks until a fix is available from the vendor. Information on how to set a kill bit can be found in Microsoft knowledgebase article KB240797. Users and administrators are also encouraged to implement best security practices defined in the Securing Your Web Browser document to reduce the risk of this and similar vulnerabilities. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#725596. |