Microsoft Releases Security Advisory for Vulnerability in TrueType Font Parsing

Microsoft has released Microsoft Security Advisory 2639658 to address a vulnerability in the Win32k TrueType font parsing engine. By convincing a user to open a malicious email attachment, an attacker may be able to exploit this vulnerability and execute arbitrary code. Microsoft has indicated th...

Microsoft Releases November Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows as part of the Microsoft Security Bulletin Summary for November 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges...

Apple Releases QuickTime 7.7.1

Apple has released QuickTime 7.7.1 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. US-CERT encourages users and administrators to review Apple Support Article HT5016 a...

Cisco Releases Multiple Security Advisories

Cisco has released four security advisories to address vulnerabilities affecting Cisco Unified Contact Center, Cisco WebEx Player, Cisco Security Agent, and Cisco Unified Communication Manager. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information...

Google Releases Chrome 15.0.874.102

Google has released Chrome 15.0.874.102 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...

Cisco Releases Two Security Advisories

Cisco has released two security advisories to address vulnerabilities affecting CiscoWorks Common Services and Cisco Show and Share. These vulnerabilities may allow an attacker to execute arbitrary code or bypass security restrictions. US-CERT encourages users and administrators to review Cisco...

Oracle Releases Critical Patch Update for October 2011

Oracle has released its Critical Patch Update and Java SE Critical Patch Update Advisory for October 2011 to address 77 vulnerabilities across multiple products. This update contains the following security fixes: 5 for Oracle Database Server 10 for Oracle Fusion Middleware 5 for Oracle E-Business...

Apple Releases Multiple Security Updates

Apple has released security updates for Apple iOS, Safari 5.1.1, OS X Lion v10.7.2, iWork 09, and Apple TV 4.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive...

Apple Releases iTunes 10.5

Apple has released iTunes 10.5 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4981 and apply any necessary updates to help...

Microsoft Releases October Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Silverlight, Forefront United Access Gateway, and Microsoft Host Integration Server as part of the Microsoft Security Bulletin Summary for October 2011. These vulnerabilities may all...

Apache HTTP Server Reverse Proxy Bypass

The Apache Foundation has issued a Security Advisory to address a vulnerability in Apache HTTP Server's reverse proxy mode. Exploitation of this vulnerability may allow a remote attacker to gain access to internal systems. US-CERT encourages users and administrators to review the Apache HTTP Serv...

Microsoft Releases Advance Notification for October Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its October release will contain eight bulletins. These bulletins will have the severity ratings of critical and important and will be for Microsoft .NET Framework, Microsoft Silverlight, Microsoft Windows, Internet...

Cisco Releases Multiple Security Advisories

Cisco has released three security advisories to address vulnerabilities affecting Cisco ASA 5500 Series Adaptive Security Appliances, Cisco Catalyst 6500 Series ASA Services Module, Cisco Firewall Services Module, and Cisco Network Admission Control Manager. These vulnerabilities may allow an...

Google Releases Chrome 14.0.835.202

Google has released Chrome 14.0.835.202 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...

Cisco Releases Security Advisory for Cisco IOS Software Smart Install

Cisco has released a security advisory to address a vulnerability in the Cisco IOS Software Install feature running on Cisco Catalyst Switches. Exploitation of this vulnerability may allow remote code execution by an unauthenticated attacker. US-CERT encourages administrators to review Cisco...

SSL/TLS Protocol Vulnerability

US-CERT is aware of a vulnerability affecting the Secure Socket Layer SSL and Transport Layer Security TLS protocols. Exploitation of this vulnerability may allow an attacker to decrypt encrypted SSL/TLS traffic and obtain sensitive information. Microsoft has released Security Advisory 2588513 to...

Adobe Releases Security Advisory for Adobe Flash Player

Adobe has released a security update for Adobe Flash Player to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, or perform a cross-site scripting attack. Adob...

Cisco Releases Security Advisory for Identity Services Engine

Cisco has released a security advisory to address a vulnerability in Cisco Identity Services Engine. Exploitation of this vulnerability may allow a remote attacker to gain complete administrative control of the device. US-CERT encourages users and administrators to review Cisco Security Advisory...

Oracle Releases Security Alert for Oracle HTTP Server Products

Oracle has released a security alert to address a vulnerability in Apache HTTPD. This vulnerability affects: Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0 Oracle Application Server 10g Release 3, version 10.1.3.5.0 Oracle Application Server 10g Release 2,...

Google Releases Chrome 14.0.835.163

Google has released Chrome 14.0.835.163 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...

Cisco Releases Multiple Security Advisories

Cisco has released two security advisories to address vulnerabilities affecting the CiscoWorks LAN Management Solution, the Cisco Unified Service Monitor, and the Cisco Unified Operations Manager. These vulnerabilities may allow an unauthenticated attacker to execute arbitrary code. US-CERT...

Adobe Releases Security Advisory for Adobe Reader and Acrobat

Adobe has released a security advisory to address multiple vulnerabilities in Adobe Reader and Acrobat. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or operate with escalated privileges. US-CERT encourages users and administrators to review Adobe security...

Microsoft Releases September Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Server Software as part of the Microsoft Security Bulletin Summary for September 2011. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated...

Fraudulent DigiNotar SSL Certificate

US-CERT is aware of public reports of the existence of fraudulent SSL certificates issued by DigiNotar. These fraudulent SSL certificates could be used by an attacker to masquerade as legitimate sites. Mozilla has released Firefox 3.6.22 and Firefox 6.0.2 to address this issue. Additional...

Potential Hurricane Irene Phishing Scams

In the past, US-CERT has received reports of phishing scams and malware campaigns related to topics that are of high-interest to the U.S. Government or news media, such as Hurricane Irene. Users' systems have been compromised by receiving and accessing phishing emails with subject lines that seem...

Cisco Releases Security Advisories

Cisco has released three security advisories to address vulnerabilities affecting the Cisco Unified Communications Manager, the Cisco Unified Presence Server, and the Cisco Intercompany Media Engine. These vulnerabilities may allow an attacker to disclose sensitive information or cause a...

Google Releases Chrome 13.0.782.215

Google has released Chrome 13.0.782.215 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...

Mozilla Releases Firefox 6 and 3.6.20

The Mozilla Foundation has released Firefox 6 and Firefox 3.6.20 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, or obtain sensitive information. US-CERT encourages users and administrators to review th...

Adobe Releases Security Bulletins for Multiple Products

Adobe has released security bulletins to alert users of critical and important vulnerabilities in multiple products. The following products are affected: Adobe Shockwave Player 11.6.0.626 and earlier versions on the Windows and Macintosh operating systems Adobe Flash Player 10.3.181.36 and earlie...

RIM Releases Security Advisory for BlackBerry Enterprise Server

RIM has released a security advisory to address a vulnerability in the BlackBerry MDS Connection Service and BlackBerry Messaging Agent for the BlackBerry Enterprise Server. The vulnerability may allow an attacker to execute arbitrary code or gain unauthorized access to the BlackBerry Enterprise...

Microsoft Releases August Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Office, Microsoft .NET Framework, and Microsoft Developer Tools as part of the Microsoft Security Bulletin Summary for August 2011. These vulnerabilities may allow an attacker to execute...

Apple Releases QuickTime 7.7

Apple has released QuickTime 7.7 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple Support Article HT4826 and apply any necessary updates to...

Google Releases Chrome 13.0.782.107

Google has released Chrome 13.0.782.107 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to perform a cross-site scripting attack, or to execute arbitrary code. US-CERT encourages users and administrators to review the Goog...

WordPress Themes Vulnerability

TimThumb, a PHP script that is reused in many popular themes for the WordPress blog software, contains a vulnerability that allows a remote attacker to upload arbitrary PHP code to an affected site. US-CERT encourages users and administrators to: determine if any hosted blogs use TimThumb by...

Cisco Releases Security Advisory and Applied Mitigation Bulletin

Cisco has released a security advisory and an applied mitigation bulletin to address vulnerabilities in Cisco TelePresence Recording Server Software Release 1.7.2.0. Successful exploitation of these vulnerabilities may allow an attacker to bypass security restrictions or take control of the...

Apple Releases iOS 4.3.5 and iOS 4.2.10

Apple has released iOS 4.3.5 for the iPhone GSM model, iPod touch, and iPad, and iOS 4.2.10 for the iPhone CDMA model to address a vulnerability. This vulnerability may allow an attacker with a privileged network position to capture or modify data in SSL/TLS sessions. US-CERT encourages users and...

Foxit Releases Foxit Reader 5.0.2

The Foxit Corporation has released Foxit Reader 5.0.2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the security release notes for Foxit Reader 5.0.2 and apply any necessary updates...

Apple Releases Safari 5.1 and 5.0.6

Apple has released Safari 5.1 and 5.0.6 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, perform a cross-site scripting attack, or disclose sensitive information. US-CERT encourages users and administrators to review Apple Support Article...

Apple Releases iOS 4.3.4 and iOS 4.2.9

Apple has released iOS 4.3.4 for the iPhone GSM model, iPod touch, and iPad, and iOS 4.2.9 for the iPhone CDMA model to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or operate with escalated privileges. US-CERT encourages users and...

RIM Releases Security Advisory for BlackBerry Enterprise Server

RIM has released a security advisory to address a vulnerability in the BlackBerry Administration API included in the BlackBerry Enterprise Server. The vulnerability may allow an attacker with user permissions granted to the BlackBerry Administration API to disclose sensitive information or cause ...

Oracle Releases Critical Patch Update for July 2011

Oracle has released its Critical Patch Update for July 2011 to address 78 vulnerabilities across multiple products. This update contains the following security fixes: 13 for Oracle Database Server 3 for Oracle Secure Backup 7 for Oracle Fusion Middleware 18 for Oracle Enterprise Manager 1 for...

VideoLAN Releases VLC Media Player Security Advisories

VideoLAN has released Security Advisory 1105 and Security Advisory 1106 for VLC Media Player 1.1.10 and older to address two vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to do the following to help mitigate the...

Mozilla Releases Firefox 5.0.1

The Mozilla Foundation has released Firefox 5.0.1 to address an issue with Mac OS X 10.7 and Java for Mac OS X 10.6 Update 5. These issues could cause Firefox to crash. US-CERT encourages users and administrators to review the Mozilla Foundation Firefox 5.0.1 Release Notes and apply any necessary...

Microsoft Releases July Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office as part of the Microsoft Security Bulletin Summary for July 2011. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges. US-CERT encourages users...

Internet System Consortium releases BIND Patches

The Internet System Consortium has released updates for BIND to address multiple vulnerabilities. CVE-2011-2464 affects the following versions: 9.6.3; 9.6-ESV-R4 and later; 9.7.0 and later; 9.7.1 and later; 9.7.2 and later; 9.7.3 and later; 9.7.4b1; 9.8.0 and later; and 9.8.1b1. CVE-2011-2465...

WordPress Releases Version 3.1.4

WordPress has released WordPress 3.1.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to operate with elevated privileges. US-CERT encourages users and administrators to review the WordPress Codex document for version 3.1.4 and apply any necessary...

Apple Releases Java Updates for Mac OS X 10.5 and OS X 10.6

Apple has released Java for Mac OS X 10.5 Update 10 and Java for Mac OS X 10.6 Update 5 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Apple articles HT4739 and HT4738 and apply any...

Google Releases Chrome 12.0.742.112

Google released Chrome 12.0.742.112 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. This update also contains an updated version of Adobe Flash. US-CERT encourages users and...

Apple Releases Security Updates to Address Multiple Vulnerabilities

Apple has released Mac OS X 10.6.8 and Security Update 2011-004 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, disclose sensitive information, or cause a denial-of-service condition. US-CERT encourages users and administrators to review...

Mozilla Releases Firefox 5 and 3.6.18

The Mozilla Foundation has released Firefox 5 and Firefox 3.6.18 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, violate the same origin policy, or perform a cross-site scripting attack. US-CERT encourages users and administrators to...