Subscribe: US-CERT Current Activity
http://www.us-cert.gov/current/index.atom
Preview: US-CERT Current Activity

US-CERT Current Activity



A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.



 



Drupal Releases Security Updates

Thu, 20 Apr 2017 00:17:53 +0000

Original release date: April 19, 2017

Drupal has released an advisory to address a vulnerability in Drupal core 8.x versions prior to 8.2.8 and 8.3.1. A remote attacker could exploit this vulnerability to obtain sensitive information.

US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 8.2.8 or 8.3.1.


This product is provided subject to this Notification and this Privacy & Use policy.





Cisco Releases Security Updates

Thu, 20 Apr 2017 00:14:27 +0000

Original release date: April 19, 2017

Cisco has released updates to address several high-impact vulnerabilities affecting multiple products. These and other lower-impact vulnerabilities are listed at Cisco Security Advisories and Alerts. A remote attacker could exploit one of the high-impact vulnerabilities to cause a denial-of-service condition.

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.





Mozilla Releases Security Updates

Thu, 20 Apr 2017 00:04:38 +0000

Original release date: April 19, 2017

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisories for Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





Google Releases Security Updates for Chrome

Thu, 20 Apr 2017 00:02:20 +0000

Original release date: April 19, 2017

Google has released Chrome version 58.0.3029.81 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker may exploit to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





VMware Releases Security Updates

Tue, 18 Apr 2017 20:34:18 +0000

Original release date: April 18, 2017

VMware has released security updates to address vulnerabilities in Unified Access Gateway, Horizon View, and Workstation. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2017-0008 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





Oracle Releases Security Bulletin

Tue, 18 Apr 2017 20:30:16 +0000

Original release date: April 18, 2017

Oracle has released its Critical Patch Update for April 2017 to address 299 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Oracle April 2017 Critical Patch Update and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





Microsoft Addresses Shadow Brokers Exploits

Sun, 16 Apr 2017 01:09:46 +0000

Original release date: April 15, 2017 | Last revised: April 17, 2017

The Microsoft Security Response Center (MSRC) has published information on several recently publicized exploit tools which affect various Microsoft products.

Users and administrators are reminded that software no longer supported by Microsoft (also known as end-of-life (EOL) software) is particularly at risk for exploitation. US-CERT recommends retiring EOL products. For more information on EOL Microsoft products, see US-CERT Alerts TA14-310A and TA14-069A, and the previous US-CERT Current Activity on Windows Vista.

US-CERT encourages users and administrators to review the MSRC post and apply any necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





VMware Releases Security Updates

Fri, 14 Apr 2017 22:13:52 +0000

Original release date: April 14, 2017

VMware has released security updates to address a vulnerability in vCenter Server. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review VMware Security Advisory VMSA-2017-0007 and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.





ISC Releases Security Updates for BIND

Thu, 13 Apr 2017 02:19:09 +0000

Original release date: April 12, 2017

The Internet Systems Consortium (ISC) has released updates that address multiple vulnerabilities in BIND. A remote attacker could exploit any of these vulnerabilities to cause a denial-of-service condition.

Available updates include:

  • BIND 9 version 9.9.9-P8
  • BIND 9 version 9.10.4-P8
  • BIND 9 version 9.11.0-P5
  • BIND 9 version 9.9.9-S10

US-CERT encourages users and administrators to review ISC Knowledge Base Articles AA-01465, AA-01466, and AA-01471 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





Apache Software Foundation Releases Security Updates

Wed, 12 Apr 2017 18:11:00 +0000

Original release date: April 12, 2017 | Last revised: April 18, 2017

The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat. Exploitation of one of these vulnerabilities may cause a remote attacker to obtain sensitive information.

Users and administrators are encouraged to review Apache.org CVE-2017-5648, CVE-2017-5650, and CVE-2017-5651 for more information and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.