McAfee DAT 5958 Issues

US-CERT is aware of public reports indicating that McAfee DAT release 5958 is incorrectly identifying the valid system file, C:\Windows\system32\svchost.exe, as containing malicious code. Reports indicate that a false positive detection occurs on Windows XP Service Pack 3 systems. Symptoms includ...

Adobe Releases Security Updates for Adobe Reader and Acrobat

Adobe has released security updates to address multiple vulnerabilities that affect the following: Adobe Reader 9.3.1 and earlier Adobe Acrobat 9.3.1 and earlier Adobe Reader 8.2.1 and earlier Adobe Acrobat 8.2.1 and earlier These vulnerabilities may allow an attacker to execute arbitrary code or...

Sun Java Deployment Toolkit Plugin and ActiveX Control Vulnerability

The Sun Java Development Toolkit plugin and ActiveX control contain a vulnerability. This vulnerability is due to insufficient argument validation. By convincing a user to visit a specially crafted HTML document, an attacker may be able to exploit this vulnerability and execute an arbitrary JAR...

Microsoft Releases April Security Bulletin

Microsoft has released an update to address vulnerabilities in Microsoft Windows, Office, and Exchange as part of the Microsoft Security Bulletin Summary for April 2010. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, cause a...

Oracle Releases Critical Patch Update for April 2010

Oracle has released its Critical Patch Update for April 2010 to address 47 vulnerabilities across several products. This update contains the following security fixes: 7 for Oracle Database Server 5 for Oracle Fusion Middleware 1 for Oracle Collaboration Suite 8 for Oracle Application Suite 4 for...

VMware Releases Security Advisory VMSA-2010-0007

VMware has released security advisory VMSA-2010-0007 to address multiple vulnerabilities in VMware hosted products, vCENTER Server and ESX. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, obtain sensitive information, or cau...

Adobe Releases Guidance for Launch Functionality Mitigation in Acrobat and Reader

Adobe has released a blog entry addressing a vulnerability in Acrobat and Reader. This vulnerability exists due to the way in which Adobe Acrobat and Adobe Reader handle launch actions embedded in PDFs. When users open a PDF that contains a launch action, they are presented with a dialog box...

Foxit Reader 3.2.1.0401 Released

The Foxit Corporation has released Foxit Reader 3.2.1.0401 to address a critical vulnerability. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Foxit notice regarding the release a...

VMware Releases Security Advisory for ESX Service Console Updates

VMware has released a security advisory to address vulnerabilities in the Samba and acpid packages of ESX Service Console. These vulnerabilities may allow an attacker to cause a denial-of-service condition, obtain sensitive information or bypass security restrictions. US-CERT encourages users and...

Mozilla Releases Firefox V3.6.3

The Mozilla Foundation has released Firefox V3.6.3 to address a critical vulnerability. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Mozilla Foundation Security Advisory mfsa2010-25 and upgrade to Firefox...

17 Million Do Not Have Antivirus in China

The percentage of Internet users in China with no security software was 4.4% last year,a up from 3.9% the previous year, according to recent survey results by the China Internet Network Information Center CNNIC and China’s National Computer Network Emergency Response Technical Team CNCERT. Read t...

Oracle Releases Critical Patch Update for Java SE and Java for Business

Oracle has released a critical patch update to address 27 vulnerabilities in Java SE and Java for Business. These vulnerabilities are in the following components: ImageIO, Java 2D, Java Runtime Environment, Java Web Start, Pack200, Sound, JSSE, and HotSpot Server. US-CERT encourages users and...

Microsoft Releases Out-of-Band Security Bulletin Update

Microsoft has released an update to its Security Bulletin Summary for March 2010 and has included the out-of-band bulletin MS10-018. This bulletin addresses ten vulnerabilities in Internet Explorer, including one previously announced in Microsoft Security Advisory 981374. The most severe of these...

Microsoft Releases Advance Notification for Out-of-Band Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that it will be releasing an out-of-band security bulletin. This bulletin will address a vulnerability in Microsoft Internet Explorer 6 and Internet Explorer 7. The notification states that release of this bulletin is...

Apple Releases Security Update 2010-002 and Mac OS X v10.6.3

Apple has released Security Update 2010-002 and Mac OS X v10.6.3 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, bypass security...

US Tax Season Phishing Scams and Malware Campaigns

In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the United States tax season. Due to the upcoming tax deadline, US-CERT reminds users to remain cautious when receiving unsolicited email that could be part of a potenti...

Mozilla Releases Firefox 3.6.2

The Mozilla Foundation has released Firefox 3.6.2 to address multiple security issues, including a critical vulnerability that may allow a remote attacker to execute arbitrary code. US-CERT encourages users and administrators to do the following to help mitigate the risks: Review the Firefox 3.6....

CA Releases Updates for ARCserve Backup

CA has released updates to address vulnerabilities in the version of Java JRE bundled with ARCserve Backup. These vulnerabilities in Java JRE may allow an attacker to execute arbitrary code, bypass security restrictions, cause a denial-of-service condition, or obtain sensitive information. US-CER...

Zeus Trojan Campaign Warning

US-CERT is aware of public reports of malicious code circulating via spam email messages impersonating the Department of Homeland Security DHS. The attacks arrive via unsolicited email messages that may contain subject lines related to DHS or other government activity. These messages may contain ...

Apple Releases Safari 4.0.5

Apple has released Safari 4.0.5 to address multiple vulnerabilities in ColorSync, ImageIO, PubSub, Safari, and WebKit. These vulnerabilities may allow a remote attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or bypass security restrictions...