RIM Releases Security Advisory for BlackBerry Enterprise Server

RIM has released a security advisory to address a vulnerability in the PDF distiller of the BlackBerry attachment service for the BlackBerry Enterprise Server. The vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and...

Google Releases Chrome 8.0.552.224

Google has released Chrome 8.0.552.224 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any...

Microsoft Releases December Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SharePoint, and Exchange as part of the Microsoft Security Bulletin Summary for December 2010. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated...

RealNetworks Releases Security Update for RealPlayer

RealNetworks, Inc. has released an update for RealPlayer to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the RealNetworks notice released on December 10, 2010 and appl...

Mozilla Releases Firefox 3.6.13

The Mozilla Foundation has released Firefox 3.6.13 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, spoof the location bar, or operate with elevated privileges. The Mozilla foundation has also released...

Microsoft Releases Advance Notification for December Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its December release will contain 17 bulletins. Two of these bulletins will have a severity rating of critical and will be for Microsoft Windows and Internet Explorer. Fourteen of the bulletins will have a severity rati...

WordPress Releases Version 3.0.3

WordPress has released WordPress 3.0.3 to address a vulnerability. Execution of this vulnerability may allow an attacker to operate with elevated privileges. US-CERT encourages users and administrators to review the WordPress Codex document for version 3.0.3 and apply any necessary updates to hel...

Apple Releases QuickTime 7.6.9

Apple has released QuickTime 7.6.9 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. US-CERT encourages users and administrators to review Apple article...

VMware Releases Security Advisory VMSA-2010-0018

VMware has released security advisory VMSA-2010-0018 to address multiple vulnerabilities affecting VMware Workstation, Player, Fusion, ESXi, and ESX. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges. US-CERT encourages users...

Google Releases Chrome 8.0.552.215

Google has released Chrome 8.0.552.215 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information or bypass security restrictions. US-CERT encourages users and administrators to revi...

Internet Systems Consortium BIND Vulnerabilities

The Internet Systems Consortium ISC has released three advisories to address multiple vulnerabilities affecting BIND. The first advisory, CVE-2010-3613, addresses a vulnerability in BIND versions 9.6.2 to 9.6.2-P2, 9.6-ESV to 9.6-ESV-R2, and 9.70 to 9.7.2-P2. This vulnerability exists when cache...

WordPress Releases WordPress 3.0.2

WordPress has released WordPress 3.0.2 to address a vulnerability that may allow a malicious Author-level user to gain further access to the site, to fix multiple software bugs, and to provide additional security enhancements. US-CERT encourages users and administrators to review the WordPress bl...

Potential WikiLeaks Phishing Scams

In the past, US-CERT has received reports of phishing scams and malware campaigns related to topics that are of high-interest to the U.S. Government or news media, such as the WikiLeaks website. Users' systems have been compromised by receiving and accessing phishing emails with subject lines tha...

VMware Releases Security Patch for ESX

VMware has released a security patch for ESX to address a vulnerability. Exploitation of this vulnerability may allow a local user to gain additional privileges on the affected system. US-CERT encourages users and administrators to review VMware knowledgebase article 1029397 and apply any necessa...

Apple Releases iOS 4.2

Apple has released iOS 4.2 for the iPhone, iPod Touch, and iPad to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, initiate a call, cause a denial-of-service condition, gain system privileges, or obtain sensitive information...

Apple Releases Safari 5.0.3 and 4.1.3

Apple has released Safari 5.0.3 and 4.1.3 to address multiple vulnerabilities in the Safari and WebKit packages. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4455...

Holiday Season Phishing Scams and Malware Campaigns

As the winter holidays are quickly approaching, US-CERT is republishing this entry to increase awareness. In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the winter holiday and holiday shopping season. US-CERT reminds...

OpenSSL Releases OpenSSL 1.0.0b

OpenSSL has released OpenSSL 1.0.0b to address a vulnerability that may allow an attacker to execute arbitrary code. US-CERT recommends that users and administrators of this product update to OpenSSL version 1.0.0b or apply the workaround provided in the OpenSSL security advisory. Because OpenSSL...

Adobe Releases Security Updates for Reader and Acrobat

Adobe has released security updates for Reader and Acrobat for Windows and Macintosh. These updates address multiple vulnerabilities including those described in security advisory APSA10-05, a recent Adobe PSIRT blog entry, and security bulletin APSB10-26. Exploitation of these vulnerabilities ma...

Apple Releases Mac OS X v10.6.5 and Security Update 2010-007

Apple has released Mac OS X v10.6.5 and Security Update 2010-007 to address multiple vulnerabilities affecting a number of packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, conduct cross-site scripting attacks, cause a...

Adobe Releases Security Update for Flash Media Server

Adobe has released Flash Media Server 4.0.1, 3.5.5, and 3.0.7 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Adobe security bulletin APSB10-27 and apply appropriate updates to help...

Microsoft Releases November Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Office and Forefront United Access Gateway as part of the Microsoft Security Bulletin Summary for November 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges. US-CER...

Insecure Loading of Dynamic Link Libraries in Windows Applications

US-CERT is aware of a class of vulnerabilities related to how some Windows applications may load external dynamic link libraries DLLs. When an application loads a DLL without specifying a fully qualified path name, Windows will attempt to locate the DLL by searching a defined set of directories. ...

Cisco Releases Vulnerability Alert for Intelligent Contact Manager

Cisco has released a vulnerability alert to inform users of a vulnerability affecting the Intelligent Contact Manager Setup Manager. This vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the vulnerability alert and consider...

Adobe Releases Security Update for Flash Player

Adobe has released Flash Player 10.1.102.64 for Windows, Macintosh, Linux, and Solaris to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or bypass cross-domain policy file restrictions. The Adobe securi...

Google Releases Chrome 7.0.517.44

Google has released Chrome 7.0.517.41 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates...

Microsoft Releases Advance Notification for November Security Bulletin

Microsoft has issued an Security Bulletin Advance Notification indicating that its November release will contain three bulletins. One of these bulletins will have the severity rating of critical and will be for Microsoft Office. The remaining two bulletins will have the severity rating of importa...

Microsoft Releases Security Advisory for Internet Explorer

Microsoft has released Microsoft security advisory 2458511 to alert users of a vulnerability affecting all supported versions of Internet Explorer. This vulnerability may allow an attacker to execute arbitrary code. Update: Microsoft has released two Fix it tools in Microsoft Support article...

Removable Media Security Practices

US-CERT is aware of recent reports indicating that some newly purchased removable media devices are infected with malicious code. This malicious code is a worm that attempts to propagate itself via multiple methods. If a Windows user connects an affected removable media device to a system that ha...

Adobe Releases Security Update for Shockwave Player

Adobe has released a security update for Shockwave Player to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Adobe security bulletin APSB10-25 and apply any necessary updates to help...

Adobe Releases Security Bulletin for Flash Player, Reader, and Acrobat

Adobe has released a security advisory to alert users of a vulnerability affecting the following applications: Adobe Flash Player 10.1.85.3 and earlier for Windows, Macintosh, Linux, and Solaris Adobe Flash Player 10.1.95.2 and earlier for Android Adobe Reader 9.4 and earlier 9.x versions for...

Cisco Releases Security Advisory for CiscoWorks Common Services

Cisco has released a security advisory to address a vulnerability affecting CiscoWorks Common Services for Oracle Solaris and Microsoft Windows. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code with administrative privileges or cause a denial-of-service...

Firefox 3.5 and 3.6 Vulnerability

Mozilla has released a blog entry indicating that it is aware of a critical vulnerability affecting Firefox 3.5 and Firefox 3.6. This vulnerability may allow an attacker to execute arbitrary code. The blog entry indicates that active exploitation of this vulnerability has been detected. Update: T...

Fraud Advisory for Businesses Released: Corporate Account Take Over

As part of a joint effort, the United States Secret Service, the Federal Bureau of Investigation, the Internet Crime Complaint Center IC3 and the Financial Services Information Sharing and Analysis Center FS-ISAC have released Fraud Advisory for Businesses: Corporate Account Take Over PDF. The...

Linux Root Access Vulnerabilities

US-CERT is aware of public reports of multiple vulnerabilities affecting Linux. Exploitation of these vulnerabilities may allow an attacker to access the system with root or "superuser" privileges. The first of these vulnerabilities is due to a flaw in the implementation of the Reliable Datagram...

Fraud Advisory for Consumers Released: Involvement in Criminal Activity Through Work from Home Scams

As part of a joint effort, the United States Secret Service, the Federal Bureau of Investigation, the Internet Crime Complaint Center IC3 and the Financial Services Information Sharing and Analysis Center FS-ISAC have released Fraud Advisory for Consumers: Involvement in Criminal Activity through...

Adobe Releases Security Advisory for Shockwave Player

Adobe has released a security advisory to alert users of a vulnerability affecting Adobe Shockwave Player. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Adobe security advisory...

Apple Releases Java for Mac OS X 10.5 Update 8 and Java for Mac OS X 10.6 Update 3

Apple has released Java for Mac OS X 10.5 update 8 and Java for Mac OS X 10.6 update 3 to address multiple vulnerabilities affecting the Java package. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages...

Mozilla Releases Firefox 3.6.11

The Mozilla Foundation has released Firefox 3.6.11 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, or cause a denial-of-service condition. The Mozilla Foundation has also released Firefox 3.5.14 to address...

Google Releases Chrome 7.0.517.41

Google has released Chrome 7.0.517.41 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct URL spoofing, or bypass security restrictions. US-CERT encourages users and...

RealNetworks Releases Security Update for RealPlayer Vulnerabilities

RealNetworks has issued a Security Update to address multiple vulnerabilities affecting RealPlayer. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the RealNetworks security advisory and apply any necessa...

RIM Releases Security Advisory for BlackBerry Enterprise Server

RIM has released a security advisory to address a vulnerability in the PDF distiller of the BlackBerry attachment service for the BlackBerry Enterprise Server. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and...

Oracle Releases Critical Patch for October 2010

Oracle has released its Critical Patch Update for October 2010 to address 85 vulnerabilities across multiple products. This update contains the following security fixes: 7 for Oracle Database Server 8 for Oracle Fusion Middleware 1 for Oracle Enterprise Manager Grid Control 6 for Oracle E-Busines...

Microsoft Releases October Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, .NET Framework, Server Software, Office, and Internet Explorer as part of the Microsoft Security Bulletin Summary for October 2010. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensiti...

Oracle Releases Pre-Release Announcement for October 2010

Oracle has issued a critical patch update pre-release announcement indicating that its October release will contain 81 new vulnerability fixes. Release of the critical patch update is scheduled for Tuesday, October 12, 2010. US-CERT encourages users and administrators to review the pre-release...

Microsoft Releases Advance Notification for October Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its October release will contain sixteen bulletins. Four bulletins will have the severity rating of critical and will be for Microsoft Windows and Internet Explorer. Ten bulletins will have the severity rating of...

Foxit Releases Foxit Reader 4.2

Foxit has released Foxit Reader 4.2 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, compromise the digital signature of PDF signatures or cause a denial-of-service condition. US-CERT encourages users and administrators to...

Adobe Releases Security Updates for Reader and Acrobat

Adobe has released updates for Adobe Reader and Acrobat for Windows, Macintosh, and UNIX. These updates address multiple vulnerabilities including those described in Adobe security advisory APSA10-02 and Flash Player security bulletin APSB10-22. Exploitation of these vulnerabilities may allow an...

Microsoft Releases Security Bulletin MS10-070

Microsoft has released Microsoft Security Bulletin MS10-070 to address a vulnerability affecting ASP.NET. Exploitation of this vulnerability may allow an attacker to obtain sensitive information or tamper with data. US-CERT encourages users and administrators to review Microsoft Security Bulletin...

Microsoft Releases Advance Notification for Out-of-Band Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that it will be releasing an out-of-band security bulletin to address a vulnerability affecting Windows. The Microsoft SharePoint Team blog indicates that this bulletin will address the recently reported vulnerability in...