Adobe Releases Update for Adobe Reader and Adobe Acrobat

Adobe has released an update for Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities affect the following versions: Adobe Reader 9.3.2 and earlier versions for Windows, Macintosh, and UNIX Adobe Acrobat 9.3.2 and earlier versions for Windows and Macintosh Exploitation of...

Google Releases Chrome 5.0.375.86

Google has released Chrome 5.0.375.86 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or conduct cross-site scripting attacks. US-CERT encourages users and administrators to review the Google Chrome Releases bl...

Apple Releases iOS 4

Apple has released iOS 4 for iPhone 3G and later, and iPod touch 2nd generation and later, to address multiple vulnerabilities across several packages. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, disclose sensitive information, bypas...

Mozilla Releases Firefox 3.6.4

The Mozilla Foundation has released Firefox 3.6.4 and Firefox 3.5.10 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or conduct cross-site scripting attacks. Some of thes...

Apple Releases iTunes 9.2

Apple has released iTunes 9.2 for Windows systems to address multiple vulnerabilities affecting the ColorSync, ImageIO, and WebKit packages. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to...

Apple Releases Security Update 2010-004 and Mac OS X v10.6.4

Apple has released Security Update 2010-004 and Mac OS X v10.6.4 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, operate with elevated privileges, conduct...

Adobe Releases Flash 10.1

Adobe has released a Security Bulletin to address vulnerabilities in Adobe Flash Player 10.0.45.2 and earlier versions and in Adobe AIR 1.5.3.9130 and earlier versions. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition...

Microsoft Windows Help and Support Center Vulnerability

US-CERT is aware of a vulnerability affecting the Mircosoft Windows Help and Support Center. This vulnerability is due to improper sanitization of hcp:// URIs. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands. US-CERT encourages users a...

Google Releases Chrome 5.0.375.70

Google has released Chrome 5.0.375.70 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site scripting attacks, bypass security restrictions, or obtain sensitive information. US-CERT encourages use...

Apple Releases Safari 5.0 and Safari 4.1

Apple has released Safari 5.0 and Safari 4.1 for Windows and Mac OS X to address multiple vulnerabilities in ColorSync, Safari, and WebKit. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or conduct cross-si...

Microsoft Releases June Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SharePoint, and .NET Framework as part of the Microsoft Security Bulletin Summary for June 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevate...

Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat

Adobe has released a security advisory to notify users of a vulnerability in Adobe Flash Player, Reader, and Acrobat. Exploitation of this vulnerability may allow an attacker to execute arbitrary code and take control of the affected system. The advisory indicates that Adobe is aware of active...

Microsoft Releases Advance Notification for June Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification, indicating that its June release will contain ten bulletins. Three of these bulletins will have the severity rating of critical and will be for Microsoft Windows and Internet Explorer. The remaining bulletins will have the severity...

Cisco Network Building Manager Vulnerabilities

Cisco has released a security advisory to address multiple vulnerabilities in Network Building Manager. The advisory indicates that the legacy Richards-Zeta Mediator products are also affected by these vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to operate with...

Google Releases Chrome 5.0.375.55

Google has released Chrome 5.0.375.55 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to bypass security restrictions, execute script in an unsafe context, or mislead users. US-CERT encourages users and administrators to review the Goog...

Apple Releases Updates for Java Mac OS X 10.5 and 10.6

Apple has released Java for Mac OS X 10.5 Update 7 and Java for Mac OS X 10.6 Update 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple...

Cisco Releases Updates for PGW Softswitch

Cisco has released updates to address multiple vulnerabilities in Cisco PGW Softswitch. These vulnerabilities may allow an attacker to cause a denial-of-service condition. US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20100512-pgw and apply any necessary...

Adobe Releases Update for Shockwave Player

Adobe has released a security update to address multiple vulnerabilities in Adobe Shockwave Player 11.5.6.606 and earlier versions for both Windows and Macintosh operating systems. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and...

Microsoft Releases May Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, and Visual Basic for Applications as part of the Microsoft Security Bulletin Summary for May 2010. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and...

Apple Safari Vulnerability

US-CERT is aware of a vulnerability affecting Apple Safari. By convincing a user to open a specially crafted web page, an attacker may be able to execute arbitrary code. Exploit code for this vulnerability is publicly available. US-CERT encourages users and administrators to disable JavaScript as...

Microsoft Releases Advance Notification for May Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification, indicating that its May release cycle will contain two bulletins. Both of these bulletins will have the severity rating of critical and will be for Microsoft Windows, Office, and Visual Basic for Applications. Release of these bulleti...

Foxit Releases Foxit Reader 3.3

The Foxit Corporation has released Foxit Reader 3.3 for Windows. This release of Foxit Reader contains a component called Trust Manager. Foxit Reader release notes indicate that the Trust Manager enables users to allow or deny unauthorized actions and data transmission, including URL connection,...

Opera Software Releases Opera 10.53

Opera Software has released Opera 10.53 to address a vulnerability. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Opera Software security advisory related to this vulnerability and upgrade to Opera 10....

Microsoft Releases Security Advisory 983438

Microsoft has released security advisory 983438 to notify users of a vulnerability in Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007. The advisory states that Microsoft is investigating public reports of exploitation of the vulnerability that may allow the...

Google Releases Chrome 4.1.249.1064

Google has released Chrome 4.1.249.1064 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or bypass the same origin policy in the browser. US-CERT encourages users and administrators to review the Google Chrome Releases blog ent...

Microsoft Re-Releases Security Update for MS10-025

Microsoft has re-released the security update related to Microsoft security bulletin MS10-025. This vulnerability affects Windows Media Services running on Windows 2000 Server. The original release of this update had been revoked last week because it did not effectively correct the underlying...

Microsoft Revokes Security Update

The Microsoft Security Response Center has posted a blog entry indicating that it has revoked the update related to Microsoft security bulletin MS10-025 because it does not effectively correct the underlying vulnerability. This vulnerability affects Windows Media Services running on Windows 2000...

VideoLAN Releases Security Advisory for VLC Media Player

VideoLAN has released a security advisory to address multiple vulnerabilities in VLC Media Player. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review VideoLAN security advisory...

Cisco Releases Security Advisory for Small Business Video Surveillance Cameras and 4-Port Gigabit Security Routers

Cisco has released a security advisory to address a vulnerability that affects Cisco Small Business Video Surveillance Cameras and Cisco RVS4000 4-Port Gigabit Security Routers. This vulnerability may allow an unprivileged user to gain full administrative access on the device or obtain sensitive...

Google Releases Chrome 4.1.249.1059

Google has released Chrome 4.1.249.1059 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site scripting attacks, or conduct cross-site request forgery attacks. US-CERT encourages users and administrators to revie...

McAfee DAT 5958 Issues

US-CERT is aware of public reports indicating that McAfee DAT release 5958 is incorrectly identifying the valid system file, C:\Windows\system32\svchost.exe, as containing malicious code. Reports indicate that a false positive detection occurs on Windows XP Service Pack 3 systems. Symptoms includ...

Oracle Releases Sun Java SE 1.6.0_20

Oracle has released Sun Java SE 1.6.020 to address several vulnerabilities. The release notes for this version of Java SE indicate that these vulnerabilities are in Java Deployment Toolkit and the new Java Plug-in. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker...

Apple Releases Security Update 2010-003

Apple has released security update 2010-003 to address a vulnerability in the ATS package. This vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Apple article HT4131 and apply any necessary updates to help mitigate the risks. Thi...

Cisco Releases Security Advisory

Cisco has released a security advisory to address a vulnerability in Cisco Secure Desktop. Cisco Secure Desktop contains a vulnerable ActiveX control that may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Cisco security advisory...

Adobe Releases Security Updates for Adobe Reader and Acrobat

Adobe has released security updates to address multiple vulnerabilities that affect the following: Adobe Reader 9.3.1 and earlier Adobe Acrobat 9.3.1 and earlier Adobe Reader 8.2.1 and earlier Adobe Acrobat 8.2.1 and earlier These vulnerabilities may allow an attacker to execute arbitrary code or...

Oracle Releases Critical Patch Update for April 2010

Oracle has released its Critical Patch Update for April 2010 to address 47 vulnerabilities across several products. This update contains the following security fixes: 7 for Oracle Database Server 5 for Oracle Fusion Middleware 1 for Oracle Collaboration Suite 8 for Oracle Application Suite 4 for...

Microsoft Releases April Security Bulletin

Microsoft has released an update to address vulnerabilities in Microsoft Windows, Office, and Exchange as part of the Microsoft Security Bulletin Summary for April 2010. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, cause a...

Sun Java Deployment Toolkit Plugin and ActiveX Control Vulnerability

The Sun Java Development Toolkit plugin and ActiveX control contain a vulnerability. This vulnerability is due to insufficient argument validation. By convincing a user to visit a specially crafted HTML document, an attacker may be able to exploit this vulnerability and execute an arbitrary JAR...

VMware Releases Security Advisory VMSA-2010-0007

VMware has released security advisory VMSA-2010-0007 to address multiple vulnerabilities in VMware hosted products, vCENTER Server and ESX. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, obtain sensitive information, or cau...

Microsoft Releases Advance Notification for April Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification, indicating that its April release cycle will contain 11 bulletins. Five of them will have the severity rating of critical and will be for Microsoft Windows. The remaining six bulletins will have the severity rating of important or...

Adobe Releases Guidance for Launch Functionality Mitigation in Acrobat and Reader

Adobe has released a blog entry addressing a vulnerability in Acrobat and Reader. This vulnerability exists due to the way in which Adobe Acrobat and Adobe Reader handle launch actions embedded in PDFs. When users open a PDF that contains a launch action, they are presented with a dialog box...

Foxit Reader 3.2.1.0401 Released

The Foxit Corporation has released Foxit Reader 3.2.1.0401 to address a critical vulnerability. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Foxit notice regarding the release a...

Mozilla Releases Firefox V3.6.3

The Mozilla Foundation has released Firefox V3.6.3 to address a critical vulnerability. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Mozilla Foundation Security Advisory mfsa2010-25 and upgrade to Firefox...

VMware Releases Security Advisory for ESX Service Console Updates

VMware has released a security advisory to address vulnerabilities in the Samba and acpid packages of ESX Service Console. These vulnerabilities may allow an attacker to cause a denial-of-service condition, obtain sensitive information or bypass security restrictions. US-CERT encourages users and...

Oracle Releases Critical Patch Update for Java SE and Java for Business

Oracle has released a critical patch update to address 27 vulnerabilities in Java SE and Java for Business. These vulnerabilities are in the following components: ImageIO, Java 2D, Java Runtime Environment, Java Web Start, Pack200, Sound, JSSE, and HotSpot Server. US-CERT encourages users and...

Microsoft Releases Out-of-Band Security Bulletin Update

Microsoft has released an update to its Security Bulletin Summary for March 2010 and has included the out-of-band bulletin MS10-018. This bulletin addresses ten vulnerabilities in Internet Explorer, including one previously announced in Microsoft Security Advisory 981374. The most severe of these...

Microsoft Releases Advance Notification for Out-of-Band Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that it will be releasing an out-of-band security bulletin. This bulletin will address a vulnerability in Microsoft Internet Explorer 6 and Internet Explorer 7. The notification states that release of this bulletin is...

Apple Releases Security Update 2010-002 and Mac OS X v10.6.3

Apple has released Security Update 2010-002 and Mac OS X v10.6.3 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, bypass security...

US Tax Season Phishing Scams and Malware Campaigns

In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the United States tax season. Due to the upcoming tax deadline, US-CERT reminds users to remain cautious when receiving unsolicited email that could be part of a potenti...

Copyright Infringement Lawsuit Email Scam

US-CERT is aware of public reports of an active email scam. These emails, which appear to come from seemingly legitimate law firms, indicate that someone has filed a copyright lawsuit against the message recipient. The messages may contain malicious attachments or web links. If a user opens the...