| Apr 22, 2010 |
VideoLAN Releases Security Advisory for VLC Media Player VideoLAN has released a security advisory to address multiple vulnerabilities in VLC Media Player. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review VideoLAN security advisory VideoLAN-SA-1003 and apply any necessary updates or workarounds to help mitigate the risks. |
| Apr 21, 2010 |
McAfee DAT 5958 Issues US-CERT is aware of public reports indicating that McAfee DAT release 5958 is incorrectly identifying the valid system file, C:Windowssystem32svchost.exe, as containing malicious code. Reports indicate that a false positive detection occurs on Windows XP Service Pack 3 systems. Symptoms include a denial-of-service condition when the McAfee software attempts to clean the file. McAfee has released an extra DAT file to rectify the detection of the false positive. US-CERT encourages users and administrators to review the McAfee Virus Profile: W32/Wecorl.a and apply the extra DAT file as necessary to mitigate this issue. |
| Apr 21, 2010 |
Google Releases Chrome 4.1.249.1059 Google has released Chrome 4.1.249.1059 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site scripting attacks, or conduct cross-site request forgery attacks. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 4.1.249.1059 for Windows to help mitigate the risks. |
| Apr 16, 2010 |
Oracle Releases Sun Java SE 1.6.0_20 Oracle has released Sun Java SE 1.6.0_20 to address several vulnerabilities. The release notes for this version of Java SE indicate that these vulnerabilities are in Java Deployment Toolkit and the new Java Plug-in. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code. US-CERT encourages users and administrators to review the following documents and apply any necessary updates or workarounds to help mitigate the risks:
|
| Apr 15, 2010 |
Apple Releases Security Update 2010-003 Apple has released security update 2010-003 to address a vulnerability in the ATS package. This vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Apple article HT4131 and apply any necessary updates to help mitigate the risks. |
| Apr 15, 2010 |
Cisco Releases Security Advisory Cisco has released a security advisory to address a vulnerability in Cisco Secure Desktop. Cisco Secure Desktop contains a vulnerable ActiveX control that may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20100414-csd and apply any necessary updates to help mitigate the risks. Cisco has provided a workaround for users who are unable to apply the update. Additionally, users and administrators may want to review and implement the best security practices described in the Securing Your Web Browser document to help prevent future, similar attacks. |
| Apr 13, 2010 |
Oracle Releases Critical Patch Update for April 2010 Oracle has released its Critical Patch Update for April 2010 to address 47 vulnerabilities across several products. This update contains the following security fixes:
|
| Apr 13, 2010 |
Adobe Releases Security Updates for Adobe Reader and Acrobat Adobe has released security updates to address multiple vulnerabilities that affect the following:
US-CERT encourages users and administrators to review Adobe security bulletin APSB10-09 and apply any necessary updates to help mitigate the risks. |
| Apr 13, 2010 |
Microsoft Releases April Security Bulletin Microsoft has released an update to address vulnerabilities in Microsoft Windows, Office, and Exchange as part of the Microsoft Security Bulletin Summary for April 2010. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, cause a denial-of-service attack or spoof an IPv4 address to bypass filtering devices. US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied. |
| Apr 13, 2010 |
Sun Java Deployment Toolkit Plugin and ActiveX Control Vulnerability The Sun Java Development Toolkit plugin and ActiveX control contain a vulnerability. This vulnerability is due to insufficient argument validation. By convincing a user to visit a specially crafted HTML document, an attacker may be able to exploit this vulnerability and execute an arbitrary JAR file on the affected system. US-CERT encourages users and administrators to review US-CERT Vulnerability Note VU#886582 and implement any necessary workarounds to help mitigate the risk until a fix is available from the product vendor. US-CERT will provide additional information as it becomes available. |