| Nov 04, 2011 |
Microsoft Releases Security Advisory for Vulnerability in TrueType Font Parsing Microsoft has released Microsoft Security Advisory 2639658 to address a vulnerability in the Win32k TrueType font parsing engine. By convincing a user to open a malicious email attachment, an attacker may be able to exploit this vulnerability and execute arbitrary code. Microsoft has indicated that it is aware of targeted attacks exploiting this vulnerability. The Duqu malware may exploit this vulnerability. US-CERT encourages users and administrators to take the following actions to help mitigate the risks of this vulnerability and the Duqu malware:
|
| Nov 03, 2011 |
Microsoft Releases Advance Notification for November Security Bulletin Microsoft has issued a Security Bulletin Advance Notification indicating that its November release will contain four bulletins. These bulletins will have the severity ratings of critical, important, and moderate and will be for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, November 8, 2011. US-CERT will provide additional information as it becomes available. |
| Oct 27, 2011 |
Apple Releases QuickTime 7.7.1 Apple has released QuickTime 7.7.1 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. US-CERT encourages users and administrators to review Apple Support Article HT5016 and apply any necessary updates to help mitigate the risks. |
| Oct 26, 2011 |
Cisco Releases Multiple Security Advisories Cisco has released four security advisories to address vulnerabilities affecting Cisco Unified Contact Center, Cisco WebEx Player, Cisco Security Agent, and Cisco Unified Communication Manager. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review Cisco security advisories cisco-sa-20111026-webex, cisco-sa-20111026-uccx, cisco-sa-20111026-csa, and cisco-sa-20111026-cucm and apply any necessary updates to help mitigate the risks. Additional information regarding the vulnerability identified in Cisco Security Advisory cisco-sa-20111026-csa can be found in the US-CERT vulnerability note VU#520721. |
| Oct 25, 2011 |
Google Releases Chrome 15.0.874.102 Google has released Chrome 15.0.874.102 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 15.0.874.102. |
| Oct 19, 2011 |
Cisco Releases Two Security Advisories Cisco has released two security advisories to address vulnerabilities affecting CiscoWorks Common Services and Cisco Show and Share. These vulnerabilities may allow an attacker to execute arbitrary code or bypass security restrictions. US-CERT encourages users and administrators to review Cisco Security advisories cisco-sa-20111019-sns and cisco-sa-20111019-cs and apply any necessary updates to help mitigate the risks. |
| Oct 17, 2011 |
Oracle Pre-Release Announcements for October 2011 Oracle has issued pre-release announcements for its Critical Patch Update and its Java SE Critical Patch Update. The Oracle Critical Patch Update will address 56 vulnerabilities across multiple products. The Oracle Java SE Critical Patch Update will address 20 vulnerabilities. Oracle indicates that the release of these updates is scheduled for Tuesday, October 18, 2011. US-CERT encourages users and administrators to review the Oracle Critical Patch Update Pre-Release Announcements for October 2011 and Oracle Java SE Critical Patch Update Pre-Release Announcements for October 2011. US-CERT will provide additional information as it becomes available. |
| Oct 12, 2011 |
Apple Releases Multiple Security Updates Apple has released security updates for Apple iOS, Safari 5.1.1, OS X Lion v10.7.2, iWork 09, and Apple TV 4.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions. US-CERT encourages users and administrators to review the following Apple Support Articles and apply any necessary updates to help mitigate the risks. |
| Oct 11, 2011 |
Microsoft Releases October Security Bulletin Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Silverlight, Forefront United Access Gateway, and Microsoft Host Integration Server as part of the Microsoft Security Bulletin Summary for October 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges. US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied. Additional information regarding the vulnerability identified in Microsoft Security Bulletin MS11-077 can be found in US-CERT Vulnerability Note VU#619281. |
| Oct 11, 2011 |
Apple Releases iTunes 10.5 Apple has released iTunes 10.5 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4981 and apply any necessary updates to help mitigate the risks. |