| Apr 09, 2010 |
VMware Releases Security Advisory VMSA-2010-2007 VMware has released security advisory VMSA-2010-0007 to address multiple vulnerabilities in VMware hosted products, vCENTER Server and ESX. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, obtain sensitive information, or cause a denial-of-service condition. US-CERT encourages users and administrators to review VMware security advisory VMSA-2010-0007 and apply any necessary updates to help mitigate the risks. |
| Apr 08, 2010 |
Microsoft Releases Advance Notification for April Security Bulletin Microsoft has issued a Security Bulletin Advance Notification, indicating that its April release cycle will contain 11 bulletins. Five of them will have the severity rating of critical and will be for Microsoft Windows. The remaining six bulletins will have the severity rating of important or moderate and will be for Microsoft Windows, Office, and Exchange. Release of these bulletins is scheduled for Tuesday, April 13, 2010. US-CERT will provide additional information as it becomes available. |
| Apr 07, 2010 |
Adobe Releases Guidance for Launch Functionality Mitigation in Acrobat and Reader Adobe has released a blog entry addressing a vulnerability in Acrobat and Reader. This vulnerability exists due to the way in which Adobe Acrobat and Adobe Reader handle launch actions embedded in PDFs. When users open a PDF that contains a launch action, they are presented with a dialog box warning the user that a file and its viewer application are set to be launched by the PDF file. The dialog box asks users if they want to continue opening the file and displays the name of the file to be opened. An attacker may be able to manipulate the content in the file name section of the dialog box in an attempt to convince users to open the file. By default, the dialog is set to select the option to continue opening the file. This default configuration and the option to disable the warning message for future launch actions makes it very easy for users to bypass this security mechanism. Opening a PDF containing malicious launch actions may result in arbitrary code execution. US-CERT encourages users and administrators to review the Adobe Reader blog entry related to this issue and apply the guidance provided in the entry to help mitigate some of the risks. US-CERT will provide additional information as it becomes available. |
| Apr 05, 2010 |
Foxit Reader 3.2.1.0401 Released The Foxit Corporation has released Foxit Reader 3.2.1.0401 to address a critical vulnerability. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Foxit notice regarding the release and upgrade to Foxit Reader 3.2.1.0401 to help mitigate the risks. Additional information regarding this vulnerability can be found in the Vulnerability Notes Database. |
| Apr 02, 2010 |
Mozilla Releases Firefox V3.6.3 The Mozilla Foundation has released Firefox V3.6.3 to address a critical vulnerability. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Mozilla Foundation Security Advisory mfsa2010-25 and upgrade to Firefox V3.6.3. |
| Apr 02, 2010 |
VMware Releases Security Advisory for ESX Service Console Updates VMware has released a security advisory to address vulnerabilities in the Samba and acpid packages of ESX Service Console. These vulnerabilities may allow an attacker to cause a denial-of-service condition, obtain sensitive information or bypass security restrictions. US-CERT encourages users and administrators to review VMware security bulletin VMSA-2010-0006 and apply any necessary updates to help mitigate the risks. |
| Mar 31, 2010 |
Oracle Releases Critical Patch Update for Java SE and Java for Business Oracle has released a critical patch update to address 27 vulnerabilities in Java SE and Java for Business. These vulnerabilities are in the following components: ImageIO, Java 2D, Java Runtime Environment, Java Web Start, Pack200, Sound, JSSE, and HotSpot Server. US-CERT encourages users and administrators to review the critical patch update and apply any necessary updates to help mitigate the risks. |
| Mar 30, 2010 |
Microsoft Releases Out-of-Band Security Bulletin Update Microsoft has released an update to its Security Bulletin Summary for March 2010 and has included the out-of-band bulletin MS10-018. This bulletin addresses ten vulnerabilities in Internet Explorer, including one previously announced in Microsoft Security Advisory 981374. The most severe of these vulnerabilities may allow an attacker to execute arbitrary code on the affected system. US-CERT encourages users and administrators to review Microsoft Security Bulletin MS10-018 and to follow best-practice security policies to determine which updates should be applied. |
| Mar 29, 2010 |
Microsoft Releases Advance Notification for Out-of-Band Security Bulletin Microsoft has issued a Security Bulletin Advance Notification indicating that it will be releasing an out-of-band security bulletin. This bulletin will address a vulnerability in Microsoft Internet Explorer 6 and Internet Explorer 7. The notification states that release of this bulletin is scheduled for March 30, 2010. Additional information can be found in Microsoft Security Advisory 981374 and in the Vulnerability Notes Database. US-CERT will provide additional information as it becomes available. |
| Mar 29, 2010 |
Apple Releases Security Update 2010-002 and Mac OS X v10.6.3 Apple has released Security Update 2010-002 and Mac OS X v10.6.3 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, bypass security restrictions, or operate with elevated privileges. US-CERT encourages users and administrators to review Apple Article HT4077 and apply any necessary updates to help mitigate the risks. |