Microsoft Releases October Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, SQL Server, Server Software, Office, and Lync as part of the Microsoft Security Bulletin summary for October 2012. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service...

Adobe Releases Security Bulletin About Code Signing Certificate

Adobe has released a security bulletin to address an issue with a current Adobe code signing certificate. The certificate to be revoked has been used to sign malicious code. The certificate will be revoked on October 4, 2012 for all software code signed after July 10, 2012. Adobe is issuing a new...

Increased Exploitation in Web Content Management Systems

US-CERT is aware of recent increases in the exploitation of known vulnerabilities in web content management systems CMSs such as Wordpress and Joomla. Compromised CMS installations can be used to host malicious content. US-CERT recommends that users and administrators ensure that their CMS...

Microsoft Releases Security Advisory for Internet Explorer

Microsoft has released Security Advisory 2757760 to address a vulnerability in Microsoft Internet Explorer 6, 7 , 8, and 9. This vulnerability may allow an attacker to execute arbitrary code if a user accesses specially crafted HTML documents e.g., a web page or an HTML email message or attachmen...

Microsoft Releases September Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Development Tools and Server Software as part of the Microsoft Security Bulletin summary for September 2012. These vulnerabilities may allow an attacker to operate with elevated privileges. US-CERT encourages users and...

Malware Campaigns Impersonating U.S. Government Agencies

US-CERT is aware of multiple malware campaigns impersonating multiple U.S. government agencies, including the United States Cyber Command USCYBERCOM and the Federal Bureau of Investigation FBI. Once installed on a system, the malware displays a screen claiming that a Federal Government agency has...

US-CERT Releases Oracle Java JRE 1.7 Security Advisory

US-CERT has released Vulnerability Note VU636312 to address a vulnerability in Oracle Java Runtime Environment JRE 1.7. This vulnerability may allow an attacker to execute arbitrary code on a vulnerable system. US-CERT encourages users and administrators to review Vulnerability Note VU636312. Thi...

Microsoft Releases August Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SQL Server, Server Software, Developer Tools, and Exchange Server as part of the Microsoft Security Bulletin summary for August 2012. These vulnerabilities may allow an attacker to execute...

Mozilla Releases Multiple Updates

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities: Firefox 14 Firefox ESR 10.0.6 Thunderbird 14 Thunderbird ESR 10.0.6 SeaMonkey 2.11 These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition...

Oracle Releases Critical Patch Update for July 2012

Oracle has released its Critical Patch Update for July 2012 to address 87 vulnerabilities across multiple products. This update contains the following security fixes: 4 for Oracle Database Server 1 for Oracle Application Express Listener 2 for Oracle Secure Backup 22 for Oracle Fusion Middleware ...

Google Releases Google Chrome 20.0.1132.57

Google has released Google Chrome 20.0.1132.57 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the...

Microsoft Releases a Security Advisory for Microsoft Digital Certificates

Microsoft has released security advisory 2728973 to replace a number of certificates that did not meet Microsoft's high standard of Public-Key Infrastructure PKI management. This update places the intermediate certificate authority CA certificates in the Untrusted Certificate Store and replaces...

Microsoft Releases a Security Advisory for Windows Sidebar and Gadgets

Microsoft has released security advisory 2719662 to address a vulnerability in Microsoft Windows Sidebar and Gadgets. This vulnerability may allow an attacker to execute arbitrary code, take control of an affected system, or disclose sensitive information. US-CERT encourages users and...

Cisco Releases Multiple Security Advisories for TelePresence

Cisco has released security advisories to address multiple vulnerabilities affecting the following products: Cisco TelePresence Manager Cisco TelePresence Recoding Server Cisco TelePresence Multipoint Switch Cisco TelePresence Immersive Endpoint System These vulnerabilities may allow an attacker ...

Microsoft Releases July Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, Developer Tools, and Server Software as part of the Microsoft Security Bulletin summary for July 2012. These vulnerabilities may allow an attack to execute arbitrary code, operate with...

Cisco Releases Security Advisory for WebEx Player

Cisco has released a security advisory to address vulnerabilities affecting the following products: Cisco WebEx Recording Format WRF Cisco Advanced Recording Format ARF These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages...

Google Releases Google Chrome 20.0.1132.43

Google has released Google Chrome 20.0.1132.43 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the...

Cisco Releases Multiple Security Advisories

Cisco has released three security advisories to address vulnerabilities affecting the following products: Cisco ASA 5500 Series Adaptive Security Appliances Cisco ASA Cisco Catalyst 6500 Series ASA Service Module Cisco ASASM Cisco AnyConnect Secure Mobility Client Cisco Application Control Engine...

Apple Releases Java Update for OS X Lion and Mac OS X

Apple has released a Java update to address multiple vulnerabilities for the following products: Mac OS X v10.6.8 Mac OS X Server v10.6.8 OS X Lion v10.7.4 OS X Lion Server v10.7.4 These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CER...

Microsoft Releases Security Advisory for Microsoft XML Core Services

Microsoft has released Security Advisory 2719615 to address a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. This vulnerability may allow an attacker to execute arbitrary code if a user accesses specially crafted web pages using Internet Explorer. According to the advisory,...

Oracle Releases Critical Patch Update for June 2012

Oracle released its Critical Patch Update for June 2012 containing 14 security fixes for the following products: JDK and JRE 7 Updates 4 and earlier JDK and JRE 6 Update 32 and earlier JDK and JRE 5.0 Update 35 and earlier SDK and JRE 1.4.237 and earlier JavaFX 2.1 and earlier US-CERT encourages...

Apple Releases iTunes 10.6.3

Apple has released iTunes 10.6.3 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple Support Article HT5318 and apply any necessary updates to...

Adobe Releases Security Bulletin for Adobe Flash Player

Adobe has released a Security Bulletin for Adobe Flash Player to address vulnerabilities affecting the following software versions: Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh, and Linux Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x Adobe Flash...

Microsoft Releases June Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Lync, and Dynamics AX as part of the Microsoft Security Bulletin Summary for June 2012. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated...

Mozilla Releases Multiple Updates

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities: Firefox 13.0 Firefox ESR 10.0.5 Thunderbird 13.0 Thunderbird ESR 10.0.5 SeaMonkey 2.10 These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service...

Adobe Releases Security Bulletins for Multiple Products

Adobe has released security bulletins to address multiple vulnerabilities for the following products: Adobe Illustrator CS5 15.0.x for Windows and Macintosh Adobe Illustrator CS5.5 15.1 for Windows and Macintosh Adobe Photoshop CS5 12.0 for Windows and Macintosh Adobe Photoshop CS5.1 12.1 for...

Unauthorized Microsoft Digital Certificates

Microsoft has released a security advisory to address the revocation of a number of unauthorized digital certificates. Maintaining these certificates within your certificate store may allow an attacker to spoof content, perform a phishing attack, or perform a man-in-the-middle attack. The followi...

Google Releases Google Chrome 19.0.1084.52

Google has released Google Chrome 19.0.1084.52 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the...

Apple Releases QuickTime 7.7.2

Apple has released QuickTime 7.7.2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple Support Article HT5261 and apply any necessary updates ...

Google Releases Google Chrome 19

Google has released Google Chrome 19 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome...

Apple Releases Multiple Security Updates

Apple has released security updates for Apple OS X and Safari to address multiple vulnerabilities for the following products: Safari 5.1.7 for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion Server v10.7.4, OS X Lion v10.7.4, Windows 7, Vista, XP SP2 or later OS X Lion v10.7.4 and Security...

Adobe Releases Security Bulletins for Multiple Products

Adobe has released security bulletins to alert users of critical vulnerabilities in multiple products. The following products are affected: Adobe Illustrator CS 5.5 and earlier versions for Windows and Macintosh Adobe Photoshop CS 5.5 and earlier versions for Windows and Macintosh Adobe Flash...

Microsoft Releases May Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, .NET Framework, and Silverlight as part of the Microsoft Security Bulletin Summary for May 2012. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges. US-CE...

Apple Releases iOS 5.1.1

Apple has released iOS 5.1.1 for iPhone, iPod, iPad, and iPad 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, perform a cross-site-scripting attack, or spoof a website address. US-CERT encourages users and administrators to review Appl...

Adobe Releases Security Advisory for Adobe Flash Player

Adobe has released a Security Advisory for Adobe Flash Player to address a vulnerability affecting the following software versions: Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh, and Linux operating systems Adobe Flash Player 11.1.115.7 and earlier versions for Andro...

Microsoft Releases Advanced Notification for May Security Bulletin

Microsoft has issued a Security Bulletin Advanced Notification indicating that its May release will contain seven bulletins. These bulletins will have the severity rating of critical and important and will be for Microsoft Windows, Office, .NET Framework, and Silverlight. Releases of these...

Google Releases Chrome 18.0.1025.168

Google has released Chrome 18.0.1025.168 for Linux, Macintosh, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review...

DNSChanger Malware

US-CERT encourages users and administrators to ensure their systems are not infected with the DNSChanger malware by utilizing tools and resources available at the DNS Changer Working Group DCWG website. Computers testing positive for infection of DNSChanger malware will need to be cleaned of the...

RuggedCom Rugged Operating System Vulnerability

RuggedCom Rugged Operating System ROS, used in RuggedCom network infrastructure devices, contains a hard-coded user account with a predictable password. This user account cannot be manually disabled. An attacker who successfully guesses the password may be able to gain complete administrative...

Oracle Releases Critical Patch Update for April 2012

Oracle has released its Critical Patch Update for April 2012 to address 88 vulnerabilities across multiple products. This updates contains the following security fixes: 6 for Oracle Database Server 11 for Oracle Fusion Middleware 6 for Oracle Enterprise Manager Grid Control 4 for Oracle E-Busines...

Apple Releases Flashback Malware Security Updates

Apple has released security updates to address Flashback malware in the following products: OS X Lion v10.7.3 OS X Lion Server v10.7.3 Mac OS X v10.6.8 Mac OS X Server v10.6.8 Apple has released a malware removal tool for the most common variant of the Flashback malware. If the malware is...

HP ProCurve 5400 zl Switches Security Bulletin

Hewlett-Packard HP has released a security bulletin to address a security vulnerability affecting HP 5400 zl series switches purchased after April 30, 2011. These switches contain a compact flash card that may be infected with malware. US-CERT encourages users and administrators to review HP...

Samba Releases Updates for 3.0.x - 3.6.3

Samba has released an update to address a vulnerability in Samba versions 3.6.3 and all previous versions. Exploitation of this vulnerability may allow a remote attacker to use anonymous connections to execute arbitrary code with root privileges. US-CERT encourages users and administrators to...

Adobe Releases Security Bulletin for Adobe Reader and Acrobat

Adobe has released a security bulletin to address multiple vulnerabilities in Adobe Reader X 10.1.2 and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier versions for Linux, and Adobe Acrobat X 10.1.2 and earlier versions for Windows and Macintosh. Exploitation of these...

Google Releases Google Chrome 18.0.1025.151

Google has released Chrome 18.0.1025.151 for Linux, Macintosh, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the...

Microsoft Releases April Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, Server Software, Developer Tools, and Forefront United Access Gateway as part of the Microsoft Security Bulletin Summary for April 2012. These vulnerabilities may...

Cisco Releases Security Advisory for WebEx Player

Cisco has released a security advisory to address multiple vulnerabilities in the Cisco WebEx Player. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Cisco Security Advisory...

Apple Update for Java for OS X Lion and Mac OS X

Apple has released a Java update for the following products to address multiple vulnerabilities: OS X v10.6.8 OS X server v10.6.8 OS X Lion v10.7.3 Lion Server v10.7.3 These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or disclose sensitive...

Google Releases Google Chrome 18.0.1025.142

Google has released Chrome 18.0.1025.142 for Linux, Macintosh, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or perform a cross-site scripting attack. US-CERT encourages...

Adobe Releases Security Advisory for Adobe Flash Player

Adobe has released a Security Advisory for Adobe Flash Player to address multiple vulnerabilities affecting the following software versions: Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux, and Solaris operating systems Adobe Flash Player 11.1.111.7 and earlier...