The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Microsoft has issued an Security Bulletin Advance Notification indicating that its November release will contain three bulletins. One of these bulletins will have the severity rating of critical and will be for Microsoft Office. The remaining two bulletins will have the severity rating of important and will be for Microsoft Office and Forefront Unified Access Gateway. Release of these bulletins is scheduled for Tuesday, November 9, 2010
Google has released Chrome 7.0.517.41 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.
Microsoft has released Microsoft security advisory 2458511 to alert users of a vulnerability affecting all supported versions of Internet Explorer. This vulnerability may allow an attacker to execute arbitrary code.
Update: Microsoft has released two Fix it tools in Microsoft Support article 2458511 to help mitigate the risks until a security update is available.
US-CERT is aware of recent reports indicating that some newly purchased removable media devices are infected with malicious code. This malicious code is a worm that attempts to propagate itself via multiple methods. If a Windows user connects an affected removable media device to a system that has autorun enabled, the system may become infected with this malware with no additional interaction from the user. Autorun is enabled by default.
Adobe has released a security update for Shockwave Player to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.
Adobe has released a security advisory to alert users of a vulnerability affecting the following applications: