| May 11, 2010 |
Microsoft Releases May Security Bulletin Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, and Visual Basic for Applications as part of the Microsoft Security Bulletin Summary for May 2010. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied. |
| May 10, 2010 |
Apple Safari Vulnerability US-CERT is aware of a vulnerability affecting Apple Safari. By convincing a user to open a specially crafted web page, an attacker may be able to execute arbitrary code. Exploit code for this vulnerability is publicly available. US-CERT encourages users and administrators to disable JavaScript as detailed in the Securing Your Web Browser document until a fix is provided by the vendor. Additional information regarding this vulnerability can be found in the Vulnerability Notes Database. US-CERT will provide additional information as it becomes available. |
| May 07, 2010 |
Microsoft Releases Advance Notification for May Security Bulletin Microsoft has issued a Security Bulletin Advance Notification, indicating that its May release cycle will contain two bulletins. Both of these bulletins will have the severity rating of critical and will be for Microsoft Windows, Office, and Visual Basic for Applications. Release of these bulletins is scheduled for Tuesday, May 11, 2010. US-CERT will provide additional information as it becomes available. |
| May 05, 2010 |
Foxit Releases Foxit Reader 3.3 The Foxit Corporation has released Foxit Reader 3.3 for Windows. This release of Foxit Reader contains a component called Trust Manager. Foxit Reader release notes indicate that the Trust Manager enables users to allow or deny unauthorized actions and data transmission, including URL connection, attachments PDF action, and JavaScript. This addresses the vulnerability in the PDF specification /Launch function. US-CERT encourages users and administrators to review the Foxit Reader 3.3 release notes and upgrade to Foxit Reader 3.3 to help mitigate the risks associated with the PDF specification /Launch function vulnerability. Additional information regarding the /Launch function vulnerability can be found in the Vulnerability Notes Database. |
| Apr 30, 2010 |
Opera Software Releases Opera 10.53 Opera Software has released Opera 10.53 to address a vulnerability. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Opera Software security advisory related to this vulnerability and upgrade to Opera 10.53 to help mitigate the risks. |
| Apr 30, 2010 |
Microsoft Releases Security Advisory 983438 Microsoft has released security advisory 983438 to notify users of a vulnerability in Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007. The advisory states that Microsoft is investigating public reports of exploitation of the vulnerability that may allow the execution of arbitrary script within the SharePoint site. US-CERT encourages users and administrators to review Microsoft Security Advisory 983438 and apply any workarounds to mitigate the risks. US-CERT will provide additional information as it becomes available. |
| Apr 28, 2010 |
Google Releases Chrome 4.1.249.1064 Google has released Chrome 4.1.249.1064 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or bypass the same origin policy in the browser. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 4.1.249.1064 for Windows to help mitigate the risks. |
| Apr 27, 2010 |
Microsoft Re-Releases Security Update for MS10-025 Microsoft has re-released the security update related to Microsoft security bulletin MS10-025. This vulnerability affects Windows Media Services running on Windows 2000 Server. The original release of this update had been revoked last week because it did not effectively correct the underlying vulnerability. US-CERT encourages users and administrators to review Microsoft security bulletin MS10-025 and apply the update as necessary to help mitigate the risks. Additional information regarding the re-release of this update can be found in the Microsoft Security Response Center blog. |
| Apr 23, 2010 |
Microsoft Revokes Security Update The Microsoft Security Response Center has posted a blog entry indicating that it has revoked the update related to Microsoft security bulletin MS10-025 because it does not effectively correct the underlying vulnerability. This vulnerability affects Windows Media Services running on Windows 2000 Server. The blog entry indicates that Microsoft has targeted a re-release of the update for next week. US-CERT encourages users and administrators to review the Microsoft Security Response Center blog entry and implement the suggested guidance to help mitigate the risks. US-CERT will provide additional information as it becomes available. |
| Apr 22, 2010 |
Cisco Releases Security Advisory for Small Business Video Surveillance Cameras and 4-Port Gigabit Security Routers Cisco has released a security advisory to address a vulnerability that affects Cisco Small Business Video Surveillance Cameras and Cisco RVS4000 4-Port Gigabit Security Routers. This vulnerability may allow an unprivileged user to gain full administrative access on the device or obtain sensitive information. US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20100421-vsc and apply any necessary updates or workarounds to help mitigate the risks. |