Archive for category ThreatPost

Apache HTTP Server Reverse Proxy Bypass

current activity RSS feed current activity ATOM feed

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: November 3, 2011 13:54:08 EDT



Microsoft Releases Advance Notification for November Security Bulletin

added November 3, 2011 at 01:38 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that its November release will contain four bulletins. These bulletins will have the severity ratings of critical, important, and moderate and will be for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, November 8, 2011.

US-CERT will provide additional information as it becomes available.



Apple Releases QuickTime 7.7.1

added October 27, 2011 at 09:11 am

Apple has released QuickTime 7.7.1 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

US-CERT encourages users and administrators to review Apple Support Article HT5016 and apply any necessary updates to help mitigate the risks.



Cisco Releases Multiple Security Advisories

added October 26, 2011 at 02:16 pm

Cisco has released four security advisories to address vulnerabilities affecting Cisco Unified Contact Center, Cisco WebEx Player, Cisco Security Agent, and Cisco Unified Communication Manager. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information.

US-CERT encourages users and administrators to review Cisco security advisories cisco-sa-20111026-webex, cisco-sa-20111026-uccx, cisco-sa-20111026-csa, and cisco-sa-20111026-cucm and apply any necessary updates to help mitigate the risks.

Additional information regarding the vulnerability identified in Cisco Security Advisory cisco-sa-20111026-csa can be found in the US-CERT vulnerability note VU#520721.



Google Releases Chrome 15.0.874.102

added October 25, 2011 at 01:05 pm

Google has released Chrome 15.0.874.102 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 15.0.874.102.



Cisco Releases Two Security Advisories

added October 19, 2011 at 02:02 pm

Cisco has released two security advisories to address vulnerabilities affecting CiscoWorks Common Services and Cisco Show and Share. These vulnerabilities may allow an attacker to execute arbitrary code or bypass security restrictions.

US-CERT encourages users and administrators to review Cisco Security advisories cisco-sa-20111019-sns and cisco-sa-20111019-cs and apply any necessary updates to help mitigate the risks.



Oracle Releases Critical Patch Update for October 2011

added October 17, 2011 at 09:39 am | updated October 18, 2011 at 04:19 pm

Oracle has released its Critical Patch Update and Java SE Critical Patch Update Advisory for October 2011 to address 77 vulnerabilities across multiple products. This update contains the following security fixes:

  • 5 for Oracle Database Server
  • 10 for Oracle Fusion Middleware
  • 5 for Oracle E-Business Suite
  • 1 for Oracle Supply Chain Products Suite
  • 7 for Oracle PeopleSoft Products
  • 3 for Oracle Siebel CRM
  • 2 for Oracle Industry Applications
  • 22 for Oracle Sun Products Suite
  • 1 for Oracle Linux
  • 1 for Oracle Virtualization
  • 20 for Oracle Java SE

US-CERT encourages users and administrators to review the October 2011 Critical Patch Update and the Java SE Critical Patch Update Advisory and apply any necessary updates to help mitigate the risks.

Apple Releases Multiple Security Updates

added October 12, 2011 at 04:11 pm

Apple has released security updates for Apple iOS, Safari 5.1.1, OS X Lion v10.7.2, iWork 09, and Apple TV 4.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions.

US-CERT encourages users and administrators to review the following Apple Support Articles and apply any necessary updates to help mitigate the risks.

  • HT5004 – Numbers for iOS v1.5
  • HT5003 – Pages for iOS v1.5
  • HT5000 – Safari 5.1.1
  • HT5002 – OS X Lion v10.7.2 and Security Update 2011-006
  • HT5001 – Apple TV 4.4
  • HT4999 – iOS 5 Software Update


Apple Releases iTunes 10.5

added October 11, 2011 at 02:42 pm

Apple has released iTunes 10.5 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple article HT4981 and apply any necessary updates to help mitigate the risks.



Microsoft Releases October Security Bulletin

added October 11, 2011 at 01:54 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Silverlight, Forefront United Access Gateway, and Microsoft Host Integration Server as part of the Microsoft Security Bulletin Summary for October 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

Additional information regarding the vulnerability identified in Microsoft Security Bulletin MS11-077 can be found in US-CERT Vulnerability Note VU#619281.



Apache HTTP Server Reverse Proxy Bypass

added October 7, 2011 at 03:14 pm

The Apache Foundation has issued a Security Advisory to address a vulnerability in Apache HTTP Server’s reverse proxy mode. Exploitation of this vulnerability may allow a remote attacker to gain access to internal systems.

US-CERT encourages users and administrators to review the Apache HTTP Server Security Advisory mod_proxy reverse proxy exposure and apply any necessary updates or workarounds to help mitigate the risks.

Article source: http://www.us-cert.gov/current/index.html#apache_http_server_reverse_proxy

, ,

No Comments

Microsoft Releases October Security Bulletin

current activity RSS feed current activity ATOM feed

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: November 3, 2011 13:54:08 EDT



Microsoft Releases Advance Notification for November Security Bulletin

added November 3, 2011 at 01:38 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that its November release will contain four bulletins. These bulletins will have the severity ratings of critical, important, and moderate and will be for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, November 8, 2011.

US-CERT will provide additional information as it becomes available.



Apple Releases QuickTime 7.7.1

added October 27, 2011 at 09:11 am

Apple has released QuickTime 7.7.1 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

US-CERT encourages users and administrators to review Apple Support Article HT5016 and apply any necessary updates to help mitigate the risks.



Cisco Releases Multiple Security Advisories

added October 26, 2011 at 02:16 pm

Cisco has released four security advisories to address vulnerabilities affecting Cisco Unified Contact Center, Cisco WebEx Player, Cisco Security Agent, and Cisco Unified Communication Manager. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information.

US-CERT encourages users and administrators to review Cisco security advisories cisco-sa-20111026-webex, cisco-sa-20111026-uccx, cisco-sa-20111026-csa, and cisco-sa-20111026-cucm and apply any necessary updates to help mitigate the risks.

Additional information regarding the vulnerability identified in Cisco Security Advisory cisco-sa-20111026-csa can be found in the US-CERT vulnerability note VU#520721.



Google Releases Chrome 15.0.874.102

added October 25, 2011 at 01:05 pm

Google has released Chrome 15.0.874.102 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 15.0.874.102.



Cisco Releases Two Security Advisories

added October 19, 2011 at 02:02 pm

Cisco has released two security advisories to address vulnerabilities affecting CiscoWorks Common Services and Cisco Show and Share. These vulnerabilities may allow an attacker to execute arbitrary code or bypass security restrictions.

US-CERT encourages users and administrators to review Cisco Security advisories cisco-sa-20111019-sns and cisco-sa-20111019-cs and apply any necessary updates to help mitigate the risks.



Oracle Releases Critical Patch Update for October 2011

added October 17, 2011 at 09:39 am | updated October 18, 2011 at 04:19 pm

Oracle has released its Critical Patch Update and Java SE Critical Patch Update Advisory for October 2011 to address 77 vulnerabilities across multiple products. This update contains the following security fixes:

  • 5 for Oracle Database Server
  • 10 for Oracle Fusion Middleware
  • 5 for Oracle E-Business Suite
  • 1 for Oracle Supply Chain Products Suite
  • 7 for Oracle PeopleSoft Products
  • 3 for Oracle Siebel CRM
  • 2 for Oracle Industry Applications
  • 22 for Oracle Sun Products Suite
  • 1 for Oracle Linux
  • 1 for Oracle Virtualization
  • 20 for Oracle Java SE

US-CERT encourages users and administrators to review the October 2011 Critical Patch Update and the Java SE Critical Patch Update Advisory and apply any necessary updates to help mitigate the risks.

Apple Releases Multiple Security Updates

added October 12, 2011 at 04:11 pm

Apple has released security updates for Apple iOS, Safari 5.1.1, OS X Lion v10.7.2, iWork 09, and Apple TV 4.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions.

US-CERT encourages users and administrators to review the following Apple Support Articles and apply any necessary updates to help mitigate the risks.

  • HT5004 – Numbers for iOS v1.5
  • HT5003 – Pages for iOS v1.5
  • HT5000 – Safari 5.1.1
  • HT5002 – OS X Lion v10.7.2 and Security Update 2011-006
  • HT5001 – Apple TV 4.4
  • HT4999 – iOS 5 Software Update


Apple Releases iTunes 10.5

added October 11, 2011 at 02:42 pm

Apple has released iTunes 10.5 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple article HT4981 and apply any necessary updates to help mitigate the risks.



Microsoft Releases October Security Bulletin

added October 11, 2011 at 01:54 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Silverlight, Forefront United Access Gateway, and Microsoft Host Integration Server as part of the Microsoft Security Bulletin Summary for October 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

Additional information regarding the vulnerability identified in Microsoft Security Bulletin MS11-077 can be found in US-CERT Vulnerability Note VU#619281.



Apache HTTP Server Reverse Proxy Bypass

added October 7, 2011 at 03:14 pm

The Apache Foundation has issued a Security Advisory to address a vulnerability in Apache HTTP Server’s reverse proxy mode. Exploitation of this vulnerability may allow a remote attacker to gain access to internal systems.

US-CERT encourages users and administrators to review the Apache HTTP Server Security Advisory mod_proxy reverse proxy exposure and apply any necessary updates or workarounds to help mitigate the risks.

Article source: http://www.us-cert.gov/current/index.html#microsoft_releases_october_security_bulletin3

, ,

No Comments

Apple Releases iTunes 10.5

current activity RSS feed current activity ATOM feed

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: November 3, 2011 13:54:08 EDT



Microsoft Releases Advance Notification for November Security Bulletin

added November 3, 2011 at 01:38 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that its November release will contain four bulletins. These bulletins will have the severity ratings of critical, important, and moderate and will be for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, November 8, 2011.

US-CERT will provide additional information as it becomes available.



Apple Releases QuickTime 7.7.1

added October 27, 2011 at 09:11 am

Apple has released QuickTime 7.7.1 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

US-CERT encourages users and administrators to review Apple Support Article HT5016 and apply any necessary updates to help mitigate the risks.



Cisco Releases Multiple Security Advisories

added October 26, 2011 at 02:16 pm

Cisco has released four security advisories to address vulnerabilities affecting Cisco Unified Contact Center, Cisco WebEx Player, Cisco Security Agent, and Cisco Unified Communication Manager. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information.

US-CERT encourages users and administrators to review Cisco security advisories cisco-sa-20111026-webex, cisco-sa-20111026-uccx, cisco-sa-20111026-csa, and cisco-sa-20111026-cucm and apply any necessary updates to help mitigate the risks.

Additional information regarding the vulnerability identified in Cisco Security Advisory cisco-sa-20111026-csa can be found in the US-CERT vulnerability note VU#520721.



Google Releases Chrome 15.0.874.102

added October 25, 2011 at 01:05 pm

Google has released Chrome 15.0.874.102 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 15.0.874.102.



Cisco Releases Two Security Advisories

added October 19, 2011 at 02:02 pm

Cisco has released two security advisories to address vulnerabilities affecting CiscoWorks Common Services and Cisco Show and Share. These vulnerabilities may allow an attacker to execute arbitrary code or bypass security restrictions.

US-CERT encourages users and administrators to review Cisco Security advisories cisco-sa-20111019-sns and cisco-sa-20111019-cs and apply any necessary updates to help mitigate the risks.



Oracle Releases Critical Patch Update for October 2011

added October 17, 2011 at 09:39 am | updated October 18, 2011 at 04:19 pm

Oracle has released its Critical Patch Update and Java SE Critical Patch Update Advisory for October 2011 to address 77 vulnerabilities across multiple products. This update contains the following security fixes:

  • 5 for Oracle Database Server
  • 10 for Oracle Fusion Middleware
  • 5 for Oracle E-Business Suite
  • 1 for Oracle Supply Chain Products Suite
  • 7 for Oracle PeopleSoft Products
  • 3 for Oracle Siebel CRM
  • 2 for Oracle Industry Applications
  • 22 for Oracle Sun Products Suite
  • 1 for Oracle Linux
  • 1 for Oracle Virtualization
  • 20 for Oracle Java SE

US-CERT encourages users and administrators to review the October 2011 Critical Patch Update and the Java SE Critical Patch Update Advisory and apply any necessary updates to help mitigate the risks.

Apple Releases Multiple Security Updates

added October 12, 2011 at 04:11 pm

Apple has released security updates for Apple iOS, Safari 5.1.1, OS X Lion v10.7.2, iWork 09, and Apple TV 4.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions.

US-CERT encourages users and administrators to review the following Apple Support Articles and apply any necessary updates to help mitigate the risks.

  • HT5004 – Numbers for iOS v1.5
  • HT5003 – Pages for iOS v1.5
  • HT5000 – Safari 5.1.1
  • HT5002 – OS X Lion v10.7.2 and Security Update 2011-006
  • HT5001 – Apple TV 4.4
  • HT4999 – iOS 5 Software Update


Apple Releases iTunes 10.5

added October 11, 2011 at 02:42 pm

Apple has released iTunes 10.5 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple article HT4981 and apply any necessary updates to help mitigate the risks.



Microsoft Releases October Security Bulletin

added October 11, 2011 at 01:54 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Silverlight, Forefront United Access Gateway, and Microsoft Host Integration Server as part of the Microsoft Security Bulletin Summary for October 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

Additional information regarding the vulnerability identified in Microsoft Security Bulletin MS11-077 can be found in US-CERT Vulnerability Note VU#619281.



Apache HTTP Server Reverse Proxy Bypass

added October 7, 2011 at 03:14 pm

The Apache Foundation has issued a Security Advisory to address a vulnerability in Apache HTTP Server’s reverse proxy mode. Exploitation of this vulnerability may allow a remote attacker to gain access to internal systems.

US-CERT encourages users and administrators to review the Apache HTTP Server Security Advisory mod_proxy reverse proxy exposure and apply any necessary updates or workarounds to help mitigate the risks.

Article source: http://www.us-cert.gov/current/index.html#apple_releases_itunes_10_5

, ,

No Comments

Apple Releases Multiple Security Updates

current activity RSS feed current activity ATOM feed

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: November 3, 2011 13:54:08 EDT



Microsoft Releases Advance Notification for November Security Bulletin

added November 3, 2011 at 01:38 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that its November release will contain four bulletins. These bulletins will have the severity ratings of critical, important, and moderate and will be for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, November 8, 2011.

US-CERT will provide additional information as it becomes available.



Apple Releases QuickTime 7.7.1

added October 27, 2011 at 09:11 am

Apple has released QuickTime 7.7.1 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

US-CERT encourages users and administrators to review Apple Support Article HT5016 and apply any necessary updates to help mitigate the risks.



Cisco Releases Multiple Security Advisories

added October 26, 2011 at 02:16 pm

Cisco has released four security advisories to address vulnerabilities affecting Cisco Unified Contact Center, Cisco WebEx Player, Cisco Security Agent, and Cisco Unified Communication Manager. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information.

US-CERT encourages users and administrators to review Cisco security advisories cisco-sa-20111026-webex, cisco-sa-20111026-uccx, cisco-sa-20111026-csa, and cisco-sa-20111026-cucm and apply any necessary updates to help mitigate the risks.

Additional information regarding the vulnerability identified in Cisco Security Advisory cisco-sa-20111026-csa can be found in the US-CERT vulnerability note VU#520721.



Google Releases Chrome 15.0.874.102

added October 25, 2011 at 01:05 pm

Google has released Chrome 15.0.874.102 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 15.0.874.102.



Cisco Releases Two Security Advisories

added October 19, 2011 at 02:02 pm

Cisco has released two security advisories to address vulnerabilities affecting CiscoWorks Common Services and Cisco Show and Share. These vulnerabilities may allow an attacker to execute arbitrary code or bypass security restrictions.

US-CERT encourages users and administrators to review Cisco Security advisories cisco-sa-20111019-sns and cisco-sa-20111019-cs and apply any necessary updates to help mitigate the risks.



Oracle Releases Critical Patch Update for October 2011

added October 17, 2011 at 09:39 am | updated October 18, 2011 at 04:19 pm

Oracle has released its Critical Patch Update and Java SE Critical Patch Update Advisory for October 2011 to address 77 vulnerabilities across multiple products. This update contains the following security fixes:

  • 5 for Oracle Database Server
  • 10 for Oracle Fusion Middleware
  • 5 for Oracle E-Business Suite
  • 1 for Oracle Supply Chain Products Suite
  • 7 for Oracle PeopleSoft Products
  • 3 for Oracle Siebel CRM
  • 2 for Oracle Industry Applications
  • 22 for Oracle Sun Products Suite
  • 1 for Oracle Linux
  • 1 for Oracle Virtualization
  • 20 for Oracle Java SE

US-CERT encourages users and administrators to review the October 2011 Critical Patch Update and the Java SE Critical Patch Update Advisory and apply any necessary updates to help mitigate the risks.

Apple Releases Multiple Security Updates

added October 12, 2011 at 04:11 pm

Apple has released security updates for Apple iOS, Safari 5.1.1, OS X Lion v10.7.2, iWork 09, and Apple TV 4.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions.

US-CERT encourages users and administrators to review the following Apple Support Articles and apply any necessary updates to help mitigate the risks.

  • HT5004 – Numbers for iOS v1.5
  • HT5003 – Pages for iOS v1.5
  • HT5000 – Safari 5.1.1
  • HT5002 – OS X Lion v10.7.2 and Security Update 2011-006
  • HT5001 – Apple TV 4.4
  • HT4999 – iOS 5 Software Update


Apple Releases iTunes 10.5

added October 11, 2011 at 02:42 pm

Apple has released iTunes 10.5 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple article HT4981 and apply any necessary updates to help mitigate the risks.



Microsoft Releases October Security Bulletin

added October 11, 2011 at 01:54 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Silverlight, Forefront United Access Gateway, and Microsoft Host Integration Server as part of the Microsoft Security Bulletin Summary for October 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

Additional information regarding the vulnerability identified in Microsoft Security Bulletin MS11-077 can be found in US-CERT Vulnerability Note VU#619281.



Apache HTTP Server Reverse Proxy Bypass

added October 7, 2011 at 03:14 pm

The Apache Foundation has issued a Security Advisory to address a vulnerability in Apache HTTP Server’s reverse proxy mode. Exploitation of this vulnerability may allow a remote attacker to gain access to internal systems.

US-CERT encourages users and administrators to review the Apache HTTP Server Security Advisory mod_proxy reverse proxy exposure and apply any necessary updates or workarounds to help mitigate the risks.

Article source: http://www.us-cert.gov/current/index.html#apple_releases_multiple_security_updates

, ,

No Comments

Oracle Releases Critical Patch Update for October 2011

current activity RSS feed current activity ATOM feed

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: November 3, 2011 13:54:08 EDT



Microsoft Releases Advance Notification for November Security Bulletin

added November 3, 2011 at 01:38 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that its November release will contain four bulletins. These bulletins will have the severity ratings of critical, important, and moderate and will be for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, November 8, 2011.

US-CERT will provide additional information as it becomes available.



Apple Releases QuickTime 7.7.1

added October 27, 2011 at 09:11 am

Apple has released QuickTime 7.7.1 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

US-CERT encourages users and administrators to review Apple Support Article HT5016 and apply any necessary updates to help mitigate the risks.



Cisco Releases Multiple Security Advisories

added October 26, 2011 at 02:16 pm

Cisco has released four security advisories to address vulnerabilities affecting Cisco Unified Contact Center, Cisco WebEx Player, Cisco Security Agent, and Cisco Unified Communication Manager. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information.

US-CERT encourages users and administrators to review Cisco security advisories cisco-sa-20111026-webex, cisco-sa-20111026-uccx, cisco-sa-20111026-csa, and cisco-sa-20111026-cucm and apply any necessary updates to help mitigate the risks.

Additional information regarding the vulnerability identified in Cisco Security Advisory cisco-sa-20111026-csa can be found in the US-CERT vulnerability note VU#520721.



Google Releases Chrome 15.0.874.102

added October 25, 2011 at 01:05 pm

Google has released Chrome 15.0.874.102 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 15.0.874.102.



Cisco Releases Two Security Advisories

added October 19, 2011 at 02:02 pm

Cisco has released two security advisories to address vulnerabilities affecting CiscoWorks Common Services and Cisco Show and Share. These vulnerabilities may allow an attacker to execute arbitrary code or bypass security restrictions.

US-CERT encourages users and administrators to review Cisco Security advisories cisco-sa-20111019-sns and cisco-sa-20111019-cs and apply any necessary updates to help mitigate the risks.



Oracle Releases Critical Patch Update for October 2011

added October 17, 2011 at 09:39 am | updated October 18, 2011 at 04:19 pm

Oracle has released its Critical Patch Update and Java SE Critical Patch Update Advisory for October 2011 to address 77 vulnerabilities across multiple products. This update contains the following security fixes:

  • 5 for Oracle Database Server
  • 10 for Oracle Fusion Middleware
  • 5 for Oracle E-Business Suite
  • 1 for Oracle Supply Chain Products Suite
  • 7 for Oracle PeopleSoft Products
  • 3 for Oracle Siebel CRM
  • 2 for Oracle Industry Applications
  • 22 for Oracle Sun Products Suite
  • 1 for Oracle Linux
  • 1 for Oracle Virtualization
  • 20 for Oracle Java SE

US-CERT encourages users and administrators to review the October 2011 Critical Patch Update and the Java SE Critical Patch Update Advisory and apply any necessary updates to help mitigate the risks.

Apple Releases Multiple Security Updates

added October 12, 2011 at 04:11 pm

Apple has released security updates for Apple iOS, Safari 5.1.1, OS X Lion v10.7.2, iWork 09, and Apple TV 4.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions.

US-CERT encourages users and administrators to review the following Apple Support Articles and apply any necessary updates to help mitigate the risks.

  • HT5004 – Numbers for iOS v1.5
  • HT5003 – Pages for iOS v1.5
  • HT5000 – Safari 5.1.1
  • HT5002 – OS X Lion v10.7.2 and Security Update 2011-006
  • HT5001 – Apple TV 4.4
  • HT4999 – iOS 5 Software Update


Apple Releases iTunes 10.5

added October 11, 2011 at 02:42 pm

Apple has released iTunes 10.5 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple article HT4981 and apply any necessary updates to help mitigate the risks.



Microsoft Releases October Security Bulletin

added October 11, 2011 at 01:54 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Silverlight, Forefront United Access Gateway, and Microsoft Host Integration Server as part of the Microsoft Security Bulletin Summary for October 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

Additional information regarding the vulnerability identified in Microsoft Security Bulletin MS11-077 can be found in US-CERT Vulnerability Note VU#619281.



Apache HTTP Server Reverse Proxy Bypass

added October 7, 2011 at 03:14 pm

The Apache Foundation has issued a Security Advisory to address a vulnerability in Apache HTTP Server’s reverse proxy mode. Exploitation of this vulnerability may allow a remote attacker to gain access to internal systems.

US-CERT encourages users and administrators to review the Apache HTTP Server Security Advisory mod_proxy reverse proxy exposure and apply any necessary updates or workarounds to help mitigate the risks.

Article source: http://www.us-cert.gov/current/index.html#oracle_pre_release_announcements_for

, ,

No Comments

Cisco Releases Two Security Advisories

current activity RSS feed current activity ATOM feed

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: November 3, 2011 13:54:08 EDT



Microsoft Releases Advance Notification for November Security Bulletin

added November 3, 2011 at 01:38 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that its November release will contain four bulletins. These bulletins will have the severity ratings of critical, important, and moderate and will be for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, November 8, 2011.

US-CERT will provide additional information as it becomes available.



Apple Releases QuickTime 7.7.1

added October 27, 2011 at 09:11 am

Apple has released QuickTime 7.7.1 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

US-CERT encourages users and administrators to review Apple Support Article HT5016 and apply any necessary updates to help mitigate the risks.



Cisco Releases Multiple Security Advisories

added October 26, 2011 at 02:16 pm

Cisco has released four security advisories to address vulnerabilities affecting Cisco Unified Contact Center, Cisco WebEx Player, Cisco Security Agent, and Cisco Unified Communication Manager. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information.

US-CERT encourages users and administrators to review Cisco security advisories cisco-sa-20111026-webex, cisco-sa-20111026-uccx, cisco-sa-20111026-csa, and cisco-sa-20111026-cucm and apply any necessary updates to help mitigate the risks.

Additional information regarding the vulnerability identified in Cisco Security Advisory cisco-sa-20111026-csa can be found in the US-CERT vulnerability note VU#520721.



Google Releases Chrome 15.0.874.102

added October 25, 2011 at 01:05 pm

Google has released Chrome 15.0.874.102 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 15.0.874.102.



Cisco Releases Two Security Advisories

added October 19, 2011 at 02:02 pm

Cisco has released two security advisories to address vulnerabilities affecting CiscoWorks Common Services and Cisco Show and Share. These vulnerabilities may allow an attacker to execute arbitrary code or bypass security restrictions.

US-CERT encourages users and administrators to review Cisco Security advisories cisco-sa-20111019-sns and cisco-sa-20111019-cs and apply any necessary updates to help mitigate the risks.



Oracle Releases Critical Patch Update for October 2011

added October 17, 2011 at 09:39 am | updated October 18, 2011 at 04:19 pm

Oracle has released its Critical Patch Update and Java SE Critical Patch Update Advisory for October 2011 to address 77 vulnerabilities across multiple products. This update contains the following security fixes:

  • 5 for Oracle Database Server
  • 10 for Oracle Fusion Middleware
  • 5 for Oracle E-Business Suite
  • 1 for Oracle Supply Chain Products Suite
  • 7 for Oracle PeopleSoft Products
  • 3 for Oracle Siebel CRM
  • 2 for Oracle Industry Applications
  • 22 for Oracle Sun Products Suite
  • 1 for Oracle Linux
  • 1 for Oracle Virtualization
  • 20 for Oracle Java SE

US-CERT encourages users and administrators to review the October 2011 Critical Patch Update and the Java SE Critical Patch Update Advisory and apply any necessary updates to help mitigate the risks.

Apple Releases Multiple Security Updates

added October 12, 2011 at 04:11 pm

Apple has released security updates for Apple iOS, Safari 5.1.1, OS X Lion v10.7.2, iWork 09, and Apple TV 4.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions.

US-CERT encourages users and administrators to review the following Apple Support Articles and apply any necessary updates to help mitigate the risks.

  • HT5004 – Numbers for iOS v1.5
  • HT5003 – Pages for iOS v1.5
  • HT5000 – Safari 5.1.1
  • HT5002 – OS X Lion v10.7.2 and Security Update 2011-006
  • HT5001 – Apple TV 4.4
  • HT4999 – iOS 5 Software Update


Apple Releases iTunes 10.5

added October 11, 2011 at 02:42 pm

Apple has released iTunes 10.5 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple article HT4981 and apply any necessary updates to help mitigate the risks.



Microsoft Releases October Security Bulletin

added October 11, 2011 at 01:54 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Silverlight, Forefront United Access Gateway, and Microsoft Host Integration Server as part of the Microsoft Security Bulletin Summary for October 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

Additional information regarding the vulnerability identified in Microsoft Security Bulletin MS11-077 can be found in US-CERT Vulnerability Note VU#619281.



Apache HTTP Server Reverse Proxy Bypass

added October 7, 2011 at 03:14 pm

The Apache Foundation has issued a Security Advisory to address a vulnerability in Apache HTTP Server’s reverse proxy mode. Exploitation of this vulnerability may allow a remote attacker to gain access to internal systems.

US-CERT encourages users and administrators to review the Apache HTTP Server Security Advisory mod_proxy reverse proxy exposure and apply any necessary updates or workarounds to help mitigate the risks.

Article source: http://www.us-cert.gov/current/index.html#cisco_releases_two_security_advisories

, ,

No Comments

Google Releases Chrome 15.0.874.102

current activity RSS feed current activity ATOM feed

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: November 3, 2011 13:54:08 EDT



Microsoft Releases Advance Notification for November Security Bulletin

added November 3, 2011 at 01:38 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that its November release will contain four bulletins. These bulletins will have the severity ratings of critical, important, and moderate and will be for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, November 8, 2011.

US-CERT will provide additional information as it becomes available.



Apple Releases QuickTime 7.7.1

added October 27, 2011 at 09:11 am

Apple has released QuickTime 7.7.1 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

US-CERT encourages users and administrators to review Apple Support Article HT5016 and apply any necessary updates to help mitigate the risks.



Cisco Releases Multiple Security Advisories

added October 26, 2011 at 02:16 pm

Cisco has released four security advisories to address vulnerabilities affecting Cisco Unified Contact Center, Cisco WebEx Player, Cisco Security Agent, and Cisco Unified Communication Manager. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information.

US-CERT encourages users and administrators to review Cisco security advisories cisco-sa-20111026-webex, cisco-sa-20111026-uccx, cisco-sa-20111026-csa, and cisco-sa-20111026-cucm and apply any necessary updates to help mitigate the risks.

Additional information regarding the vulnerability identified in Cisco Security Advisory cisco-sa-20111026-csa can be found in the US-CERT vulnerability note VU#520721.



Google Releases Chrome 15.0.874.102

added October 25, 2011 at 01:05 pm

Google has released Chrome 15.0.874.102 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 15.0.874.102.



Cisco Releases Two Security Advisories

added October 19, 2011 at 02:02 pm

Cisco has released two security advisories to address vulnerabilities affecting CiscoWorks Common Services and Cisco Show and Share. These vulnerabilities may allow an attacker to execute arbitrary code or bypass security restrictions.

US-CERT encourages users and administrators to review Cisco Security advisories cisco-sa-20111019-sns and cisco-sa-20111019-cs and apply any necessary updates to help mitigate the risks.



Oracle Releases Critical Patch Update for October 2011

added October 17, 2011 at 09:39 am | updated October 18, 2011 at 04:19 pm

Oracle has released its Critical Patch Update and Java SE Critical Patch Update Advisory for October 2011 to address 77 vulnerabilities across multiple products. This update contains the following security fixes:

  • 5 for Oracle Database Server
  • 10 for Oracle Fusion Middleware
  • 5 for Oracle E-Business Suite
  • 1 for Oracle Supply Chain Products Suite
  • 7 for Oracle PeopleSoft Products
  • 3 for Oracle Siebel CRM
  • 2 for Oracle Industry Applications
  • 22 for Oracle Sun Products Suite
  • 1 for Oracle Linux
  • 1 for Oracle Virtualization
  • 20 for Oracle Java SE

US-CERT encourages users and administrators to review the October 2011 Critical Patch Update and the Java SE Critical Patch Update Advisory and apply any necessary updates to help mitigate the risks.

Apple Releases Multiple Security Updates

added October 12, 2011 at 04:11 pm

Apple has released security updates for Apple iOS, Safari 5.1.1, OS X Lion v10.7.2, iWork 09, and Apple TV 4.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions.

US-CERT encourages users and administrators to review the following Apple Support Articles and apply any necessary updates to help mitigate the risks.

  • HT5004 – Numbers for iOS v1.5
  • HT5003 – Pages for iOS v1.5
  • HT5000 – Safari 5.1.1
  • HT5002 – OS X Lion v10.7.2 and Security Update 2011-006
  • HT5001 – Apple TV 4.4
  • HT4999 – iOS 5 Software Update


Apple Releases iTunes 10.5

added October 11, 2011 at 02:42 pm

Apple has released iTunes 10.5 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple article HT4981 and apply any necessary updates to help mitigate the risks.



Microsoft Releases October Security Bulletin

added October 11, 2011 at 01:54 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Silverlight, Forefront United Access Gateway, and Microsoft Host Integration Server as part of the Microsoft Security Bulletin Summary for October 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

Additional information regarding the vulnerability identified in Microsoft Security Bulletin MS11-077 can be found in US-CERT Vulnerability Note VU#619281.



Apache HTTP Server Reverse Proxy Bypass

added October 7, 2011 at 03:14 pm

The Apache Foundation has issued a Security Advisory to address a vulnerability in Apache HTTP Server’s reverse proxy mode. Exploitation of this vulnerability may allow a remote attacker to gain access to internal systems.

US-CERT encourages users and administrators to review the Apache HTTP Server Security Advisory mod_proxy reverse proxy exposure and apply any necessary updates or workarounds to help mitigate the risks.

Article source: http://www.us-cert.gov/current/index.html#google_releases_chrome_15_0

, ,

No Comments

Cisco Releases Multiple Security Advisories

current activity RSS feed current activity ATOM feed

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: November 3, 2011 13:54:08 EDT



Microsoft Releases Advance Notification for November Security Bulletin

added November 3, 2011 at 01:38 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that its November release will contain four bulletins. These bulletins will have the severity ratings of critical, important, and moderate and will be for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, November 8, 2011.

US-CERT will provide additional information as it becomes available.



Apple Releases QuickTime 7.7.1

added October 27, 2011 at 09:11 am

Apple has released QuickTime 7.7.1 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

US-CERT encourages users and administrators to review Apple Support Article HT5016 and apply any necessary updates to help mitigate the risks.



Cisco Releases Multiple Security Advisories

added October 26, 2011 at 02:16 pm

Cisco has released four security advisories to address vulnerabilities affecting Cisco Unified Contact Center, Cisco WebEx Player, Cisco Security Agent, and Cisco Unified Communication Manager. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information.

US-CERT encourages users and administrators to review Cisco security advisories cisco-sa-20111026-webex, cisco-sa-20111026-uccx, cisco-sa-20111026-csa, and cisco-sa-20111026-cucm and apply any necessary updates to help mitigate the risks.

Additional information regarding the vulnerability identified in Cisco Security Advisory cisco-sa-20111026-csa can be found in the US-CERT vulnerability note VU#520721.



Google Releases Chrome 15.0.874.102

added October 25, 2011 at 01:05 pm

Google has released Chrome 15.0.874.102 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 15.0.874.102.



Cisco Releases Two Security Advisories

added October 19, 2011 at 02:02 pm

Cisco has released two security advisories to address vulnerabilities affecting CiscoWorks Common Services and Cisco Show and Share. These vulnerabilities may allow an attacker to execute arbitrary code or bypass security restrictions.

US-CERT encourages users and administrators to review Cisco Security advisories cisco-sa-20111019-sns and cisco-sa-20111019-cs and apply any necessary updates to help mitigate the risks.



Oracle Releases Critical Patch Update for October 2011

added October 17, 2011 at 09:39 am | updated October 18, 2011 at 04:19 pm

Oracle has released its Critical Patch Update and Java SE Critical Patch Update Advisory for October 2011 to address 77 vulnerabilities across multiple products. This update contains the following security fixes:

  • 5 for Oracle Database Server
  • 10 for Oracle Fusion Middleware
  • 5 for Oracle E-Business Suite
  • 1 for Oracle Supply Chain Products Suite
  • 7 for Oracle PeopleSoft Products
  • 3 for Oracle Siebel CRM
  • 2 for Oracle Industry Applications
  • 22 for Oracle Sun Products Suite
  • 1 for Oracle Linux
  • 1 for Oracle Virtualization
  • 20 for Oracle Java SE

US-CERT encourages users and administrators to review the October 2011 Critical Patch Update and the Java SE Critical Patch Update Advisory and apply any necessary updates to help mitigate the risks.

Apple Releases Multiple Security Updates

added October 12, 2011 at 04:11 pm

Apple has released security updates for Apple iOS, Safari 5.1.1, OS X Lion v10.7.2, iWork 09, and Apple TV 4.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions.

US-CERT encourages users and administrators to review the following Apple Support Articles and apply any necessary updates to help mitigate the risks.

  • HT5004 – Numbers for iOS v1.5
  • HT5003 – Pages for iOS v1.5
  • HT5000 – Safari 5.1.1
  • HT5002 – OS X Lion v10.7.2 and Security Update 2011-006
  • HT5001 – Apple TV 4.4
  • HT4999 – iOS 5 Software Update


Apple Releases iTunes 10.5

added October 11, 2011 at 02:42 pm

Apple has released iTunes 10.5 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple article HT4981 and apply any necessary updates to help mitigate the risks.



Microsoft Releases October Security Bulletin

added October 11, 2011 at 01:54 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Silverlight, Forefront United Access Gateway, and Microsoft Host Integration Server as part of the Microsoft Security Bulletin Summary for October 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

Additional information regarding the vulnerability identified in Microsoft Security Bulletin MS11-077 can be found in US-CERT Vulnerability Note VU#619281.



Apache HTTP Server Reverse Proxy Bypass

added October 7, 2011 at 03:14 pm

The Apache Foundation has issued a Security Advisory to address a vulnerability in Apache HTTP Server’s reverse proxy mode. Exploitation of this vulnerability may allow a remote attacker to gain access to internal systems.

US-CERT encourages users and administrators to review the Apache HTTP Server Security Advisory mod_proxy reverse proxy exposure and apply any necessary updates or workarounds to help mitigate the risks.

Article source: http://www.us-cert.gov/current/index.html#cisco_releases_multiple_security_advisories4

, ,

No Comments

Apple Releases QuickTime 7.7.1

current activity RSS feed current activity ATOM feed

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: November 3, 2011 13:54:08 EDT



Microsoft Releases Advance Notification for November Security Bulletin

added November 3, 2011 at 01:38 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that its November release will contain four bulletins. These bulletins will have the severity ratings of critical, important, and moderate and will be for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, November 8, 2011.

US-CERT will provide additional information as it becomes available.



Apple Releases QuickTime 7.7.1

added October 27, 2011 at 09:11 am

Apple has released QuickTime 7.7.1 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

US-CERT encourages users and administrators to review Apple Support Article HT5016 and apply any necessary updates to help mitigate the risks.



Cisco Releases Multiple Security Advisories

added October 26, 2011 at 02:16 pm

Cisco has released four security advisories to address vulnerabilities affecting Cisco Unified Contact Center, Cisco WebEx Player, Cisco Security Agent, and Cisco Unified Communication Manager. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information.

US-CERT encourages users and administrators to review Cisco security advisories cisco-sa-20111026-webex, cisco-sa-20111026-uccx, cisco-sa-20111026-csa, and cisco-sa-20111026-cucm and apply any necessary updates to help mitigate the risks.

Additional information regarding the vulnerability identified in Cisco Security Advisory cisco-sa-20111026-csa can be found in the US-CERT vulnerability note VU#520721.



Google Releases Chrome 15.0.874.102

added October 25, 2011 at 01:05 pm

Google has released Chrome 15.0.874.102 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 15.0.874.102.



Cisco Releases Two Security Advisories

added October 19, 2011 at 02:02 pm

Cisco has released two security advisories to address vulnerabilities affecting CiscoWorks Common Services and Cisco Show and Share. These vulnerabilities may allow an attacker to execute arbitrary code or bypass security restrictions.

US-CERT encourages users and administrators to review Cisco Security advisories cisco-sa-20111019-sns and cisco-sa-20111019-cs and apply any necessary updates to help mitigate the risks.



Oracle Releases Critical Patch Update for October 2011

added October 17, 2011 at 09:39 am | updated October 18, 2011 at 04:19 pm

Oracle has released its Critical Patch Update and Java SE Critical Patch Update Advisory for October 2011 to address 77 vulnerabilities across multiple products. This update contains the following security fixes:

  • 5 for Oracle Database Server
  • 10 for Oracle Fusion Middleware
  • 5 for Oracle E-Business Suite
  • 1 for Oracle Supply Chain Products Suite
  • 7 for Oracle PeopleSoft Products
  • 3 for Oracle Siebel CRM
  • 2 for Oracle Industry Applications
  • 22 for Oracle Sun Products Suite
  • 1 for Oracle Linux
  • 1 for Oracle Virtualization
  • 20 for Oracle Java SE

US-CERT encourages users and administrators to review the October 2011 Critical Patch Update and the Java SE Critical Patch Update Advisory and apply any necessary updates to help mitigate the risks.

Apple Releases Multiple Security Updates

added October 12, 2011 at 04:11 pm

Apple has released security updates for Apple iOS, Safari 5.1.1, OS X Lion v10.7.2, iWork 09, and Apple TV 4.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions.

US-CERT encourages users and administrators to review the following Apple Support Articles and apply any necessary updates to help mitigate the risks.

  • HT5004 – Numbers for iOS v1.5
  • HT5003 – Pages for iOS v1.5
  • HT5000 – Safari 5.1.1
  • HT5002 – OS X Lion v10.7.2 and Security Update 2011-006
  • HT5001 – Apple TV 4.4
  • HT4999 – iOS 5 Software Update


Apple Releases iTunes 10.5

added October 11, 2011 at 02:42 pm

Apple has released iTunes 10.5 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple article HT4981 and apply any necessary updates to help mitigate the risks.



Microsoft Releases October Security Bulletin

added October 11, 2011 at 01:54 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Silverlight, Forefront United Access Gateway, and Microsoft Host Integration Server as part of the Microsoft Security Bulletin Summary for October 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

Additional information regarding the vulnerability identified in Microsoft Security Bulletin MS11-077 can be found in US-CERT Vulnerability Note VU#619281.



Apache HTTP Server Reverse Proxy Bypass

added October 7, 2011 at 03:14 pm

The Apache Foundation has issued a Security Advisory to address a vulnerability in Apache HTTP Server’s reverse proxy mode. Exploitation of this vulnerability may allow a remote attacker to gain access to internal systems.

US-CERT encourages users and administrators to review the Apache HTTP Server Security Advisory mod_proxy reverse proxy exposure and apply any necessary updates or workarounds to help mitigate the risks.

Article source: http://www.us-cert.gov/current/index.html#apple_release_quicktime_7_7

, ,

No Comments

Microsoft Releases Advance Notification for November Security Bulletin

current activity RSS feed current activity ATOM feed

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: November 3, 2011 13:54:08 EDT



Microsoft Releases Advance Notification for November Security Bulletin

added November 3, 2011 at 01:38 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that its November release will contain four bulletins. These bulletins will have the severity ratings of critical, important, and moderate and will be for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, November 8, 2011.

US-CERT will provide additional information as it becomes available.



Apple Releases QuickTime 7.7.1

added October 27, 2011 at 09:11 am

Apple has released QuickTime 7.7.1 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

US-CERT encourages users and administrators to review Apple Support Article HT5016 and apply any necessary updates to help mitigate the risks.



Cisco Releases Multiple Security Advisories

added October 26, 2011 at 02:16 pm

Cisco has released four security advisories to address vulnerabilities affecting Cisco Unified Contact Center, Cisco WebEx Player, Cisco Security Agent, and Cisco Unified Communication Manager. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information.

US-CERT encourages users and administrators to review Cisco security advisories cisco-sa-20111026-webex, cisco-sa-20111026-uccx, cisco-sa-20111026-csa, and cisco-sa-20111026-cucm and apply any necessary updates to help mitigate the risks.

Additional information regarding the vulnerability identified in Cisco Security Advisory cisco-sa-20111026-csa can be found in the US-CERT vulnerability note VU#520721.



Google Releases Chrome 15.0.874.102

added October 25, 2011 at 01:05 pm

Google has released Chrome 15.0.874.102 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 15.0.874.102.



Cisco Releases Two Security Advisories

added October 19, 2011 at 02:02 pm

Cisco has released two security advisories to address vulnerabilities affecting CiscoWorks Common Services and Cisco Show and Share. These vulnerabilities may allow an attacker to execute arbitrary code or bypass security restrictions.

US-CERT encourages users and administrators to review Cisco Security advisories cisco-sa-20111019-sns and cisco-sa-20111019-cs and apply any necessary updates to help mitigate the risks.



Oracle Releases Critical Patch Update for October 2011

added October 17, 2011 at 09:39 am | updated October 18, 2011 at 04:19 pm

Oracle has released its Critical Patch Update and Java SE Critical Patch Update Advisory for October 2011 to address 77 vulnerabilities across multiple products. This update contains the following security fixes:

  • 5 for Oracle Database Server
  • 10 for Oracle Fusion Middleware
  • 5 for Oracle E-Business Suite
  • 1 for Oracle Supply Chain Products Suite
  • 7 for Oracle PeopleSoft Products
  • 3 for Oracle Siebel CRM
  • 2 for Oracle Industry Applications
  • 22 for Oracle Sun Products Suite
  • 1 for Oracle Linux
  • 1 for Oracle Virtualization
  • 20 for Oracle Java SE

US-CERT encourages users and administrators to review the October 2011 Critical Patch Update and the Java SE Critical Patch Update Advisory and apply any necessary updates to help mitigate the risks.

Apple Releases Multiple Security Updates

added October 12, 2011 at 04:11 pm

Apple has released security updates for Apple iOS, Safari 5.1.1, OS X Lion v10.7.2, iWork 09, and Apple TV 4.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions.

US-CERT encourages users and administrators to review the following Apple Support Articles and apply any necessary updates to help mitigate the risks.

  • HT5004 – Numbers for iOS v1.5
  • HT5003 – Pages for iOS v1.5
  • HT5000 – Safari 5.1.1
  • HT5002 – OS X Lion v10.7.2 and Security Update 2011-006
  • HT5001 – Apple TV 4.4
  • HT4999 – iOS 5 Software Update


Apple Releases iTunes 10.5

added October 11, 2011 at 02:42 pm

Apple has released iTunes 10.5 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple article HT4981 and apply any necessary updates to help mitigate the risks.



Microsoft Releases October Security Bulletin

added October 11, 2011 at 01:54 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Silverlight, Forefront United Access Gateway, and Microsoft Host Integration Server as part of the Microsoft Security Bulletin Summary for October 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

Additional information regarding the vulnerability identified in Microsoft Security Bulletin MS11-077 can be found in US-CERT Vulnerability Note VU#619281.



Apache HTTP Server Reverse Proxy Bypass

added October 7, 2011 at 03:14 pm

The Apache Foundation has issued a Security Advisory to address a vulnerability in Apache HTTP Server’s reverse proxy mode. Exploitation of this vulnerability may allow a remote attacker to gain access to internal systems.

US-CERT encourages users and administrators to review the Apache HTTP Server Security Advisory mod_proxy reverse proxy exposure and apply any necessary updates or workarounds to help mitigate the risks.

Article source: http://www.us-cert.gov/current/index.html#microsoft_releases_advance_notification_for53

, ,

No Comments