Google Releases Chrome 15.0.874.121

Posted on November 17, 2011 by James Campbell

Google Releases Chrome 15.0.874.121

Original release date: November 17, 2011 at 2:23 pm
Last revised: November 17, 2011 at 2:23 pm

Google has released Chrome 15.0.874.121 for Linux, Mac, Windows, and
Chrome Frame to address a vulnerability. This vulnerability allows an
attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google
Chrome Releases blog entry and update to Chrome 15.0.874.121.

Relevant Url(s):

====
This entry is available at

http://www.us-cert.gov/current/index.html#google_releases_chrome_15_02

Posted in CyberSecurity, PSA | Leave a comment

Internet Systems Consortium Releases BIND-P1 Patches

Posted on November 17, 2011 by James Campbell

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

US-CERT Current Activity

Internet Systems Consortium Releases BIND-P1 Patches

Original release date: November 17, 2011 at 11:27 am
Last revised: November 17, 2011 at 11:27 am

The Internet Systems Consortium has released updates for BIND to
address a vulnerability. This vulnerability may allow an attacker to
cause a denial-of-service condition. Please refer to the Internet
Systems Consortium advisory for additional information.

US-CERT recommends that administrators of this product apply the
respective patches for BIND 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, and
9.4-ESV-R5-P1 or check with their software vendors for updated
versions.

Relevant Url(s):

====
This entry is available at

http://www.us-cert.gov/current/index.html#internet_system_consotium_releases_bind

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTsU2pT/GkGVXE7GMAQI/oAgAnvfJqiYrA/d01Wf+Bd28IsPLruxN6/ES
ZLNPc0000mhEBCBr9qgWkv2NsfpBnzh7mNKlgcj3eXNyw0goSGiN47xZgBZvLJM/
Yo9Ed+m1qUNblIznh++xGYScWp4M9SC5eDJW8pUnSZ9IKDwrJrL0jIzs7qK0t7Be
FM7lw8UvX7PshAw2XWy7Hji14Wh5FQZGfw+jASWL3hLYwSG+/IpUzhEBIaygiTIo
FLQF1c/Xu2HvKiUP7ShMYYrvd7KAlPsyj/QfjG61rpbBdj3tcOzQ7eoGr5f643L+
27beOqH5+iT2/vE1JrQ/ZDssolbLVPOPV8+gW5ytV6x2S9ShuFsAHA==
=y1aL
—–END PGP SIGNATURE—–

Posted in CyberSecurity, PSA | Leave a comment

Apple Releases iTunes 10.5.1

Posted on November 15, 2011 by James Campbell

Apple Releases iTunes 10.5.1

Original release date: November 15, 2011 at 9:25 am
Last revised: November 15, 2011 at 9:25 am

Apple has released iTunes 10.5.1 to address a vulnerability.
This vulnerability may allow an attacker to conduct a
man-in-the-middle attack that could lead a user to click on a forged
link believed to have originated from Apple.

US-CERT encourages users and administrators to review Apple article
HT5030 and apply any necessary updates to help mitigate the risks.

Relevant Url(s):

====
This entry is available at
http://www.us-cert.gov/current/index.html#apple_releases_itunes_10_51

Posted in Apple, CyberSecurity, PSA, Technology | Leave a comment

Adobe Releases Security Advisory for Adobe Flash Player and Adobe AIR

Posted on November 11, 2011 by James Campbell

Adobe Releases Security Advisory for Adobe Flash Player and Adobe AIR

Original release date: November 11, 2011 at 9:30 am
Last revised: November 11, 2011 at 9:30 am

Adobe has released a security advisory to alert users of
vulnerabilities affecting Adobe Flash Player and Adobe AIR. These
vulnerabilities affect Adobe Flash Player 11.0.1.152 and earlier
versions for Windows, Macintosh, Linux, Solaris, Adobe Flash Player
11.0.1.153 for Android, and Adobe AIR 3.0 for Windows, Macintosh, and
Android. Exploitation of these vulnerabilities may allow an attacker
to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review the Adobe
Security Bulletin and apply any necessary updates to help mitigate the
risk.

Relevant Url(s):

====
This entry is available at

http://www.us-cert.gov/current/index.html#adobe_releases_security_advisory_for8

Posted in CyberSecurity, PSA | 1 Comment

Google Releases Chrome 15.0.874.120

Posted on November 10, 2011 by James Campbell

Google Releases Chrome 15.0.874.120

Original release date: November 10, 2011 at 3:23 pm
Last revised: November 10, 2011 at 3:23 pm

Google has released Chrome 15.0.874.120 for Linux, Mac, Windows, and
Chrome Frame to address multiple vulnerabilities. These
vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google
Chrome Releases blog entry and update to Chrome 15.0.874.120.

Relevant Url(s):

====
This entry is available at

http://www.us-cert.gov/current/index.html#google_releases_chrome_15_01

Posted in Chrome, CyberSecurity, Google, PSA | Leave a comment

Apple Releases iOS 5.0.1

Posted on November 10, 2011 by James Campbell

Apple Releases iOS 5.0.1

Original release date: November 10, 2011 at 4:16 pm
Last revised: November 10, 2011 at 4:16 pm

Apple has released iOS 5.0.1 for the iPhone 3GS, iPhone 4, iPhone 4S,
iPod 3rd generation or later, iPad, and iPad 2 to address multiple
vulnerabilities. These vulnerabilities may allow an attacker execute
arbitrary code or obtain sensitive information.
US-CERT encourages users and administrators to review Apple Support
Article HT5052 and apply any necessary updates to help mitigate the
risk.

Relevant Url(s):

====
This entry is available at

http://www.us-cert.gov/current/index.html#apple_released_ios_5_0

Posted in Apple, iOS, PSA | 1 Comment

Fraudulent Digital Certificates Could Allow Spoofing

Posted on November 10, 2011 by James Campbell

Fraudulent Digital Certificates Could Allow Spoofing

Original release date: November 10, 2011 at 4:25 pm
Last revised: November 10, 2011 at 4:25 pm

US-CERT is aware of public reports that DigiCert Sdn. Bhd has issued
22 certificates with weak encryption keys. This could allow an
attacker to use these certificates to impersonate legitimate site
owners. DigiCert Sdn. Bhd has revoked all the weak certificates that
they issued. Entrust, the parent Certificate Authority to DigiCert
Sdn. Bhd, has released a statement containing more information.

Mozilla has released Firefox 8 and Firefox 3.6.24 to address this
issue. Additional information can be found in the Mozilla Security
Blog.

Microsoft has provided an update for all supported versions of
Microsoft Windows to address this issue. Additional information can be
found in Microsoft Security Advisory 2641690.

US-CERT encourages users and administrators to apply any necessary
updates to help mitigate the risks. US-CERT will provide additional
information as it becomes available.

Relevant Url(s):

====
This entry is available at

http://www.us-cert.gov/current/index.html#fraudulent_digital_certificates_could_allow

Posted in CyberSecurity, PSA | Leave a comment

Mozilla Releases Firefox 8 and 3.6.24

Posted on November 9, 2011 by James Campbell

Mozilla Releases Firefox 8 and 3.6.24

Original release date: November 9, 2011 at 9:29 am
Last revised: November 9, 2011 at 9:29 am

The Mozilla Foundation has released Firefox 8 and Firefox 3.6.24 to
address multiple vulnerabilities. These vulnerabilities may allow an
attacker to execute arbitrary code, operate with escalated privileges,
cause a denial-of-services condition, obtain sensitive information, or
perform a cross-site scripting attack.

US-CERT encourages users and administrators to review the Mozilla
Foundation Security Advisories for Firefox 8 and Firefox 3.6.24 and
apply any necessary updates to help mitigate the risk.

Relevant Url(s):

====
This entry is available at

http://www.us-cert.gov/current/index.html#mozilla_releases_firefox_8_and

Posted in CyberSecurity, PSA | Leave a comment

Microsoft Updates for Multiple Vulnerabilities

Posted on November 8, 2011 by James Campbell

National Cyber Alert System

Cyber Security Alert SA11-312A

Microsoft Updates for Multiple Vulnerabilities

Original release date: November 08, 2011
Last revised: –
Source: US-CERT

Systems Affected

* Microsoft Windows

Overview

There are multiple vulnerabilities in Microsoft Windows. Microsoft
has released updates to address these vulnerabilities.

Solution

Install updates

The updates to address these vulnerabilities are available on the
Microsoft Update site (requires Internet Explorer). We recommend
enabling Automatic Updates.

Description

The Microsoft Security Bulletin Summary for November 2011 describes
multiple vulnerabilities in Microsoft Windows. Microsoft has
released updates to address the vulnerabilities.

References

* Microsoft Security Bulletin Summary for November 2011 -

* Microsoft Update -

* Microsoft Update Overview -

* Managing Automatic Updates -

____________________________________________________________________

The most recent version of this document can be found at:

____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to with “SA11-312A Feedback VU#124254″ in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit .
____________________________________________________________________

Produced 2011 by US-CERT, a government organization.

Terms of use:

____________________________________________________________________

Revision History

November 08, 2011: Initial release

Posted in CyberSecurity, Microsoft, PSA | Leave a comment

Microsoft Updates for Multiple Vulnerabilities

Posted on November 8, 2011 by James Campbell

National Cyber Alert System

Technical Cyber Security Alert TA11-312A

Microsoft Updates for Multiple Vulnerabilities

Original release date: November 08, 2011
Last revised: –
Source: US-CERT

Systems Affected

* Microsoft Windows

Overview

There are multiple vulnerabilities in Microsoft Windows. Microsoft
has released updates to address these vulnerabilities.

I. Description

The Microsoft Security Bulletin Summary for November 2011 describes
multiple vulnerabilities in Microsoft Windows. Microsoft has
released updates to address the vulnerabilities. Additional details
for MS11-084 can be found in US-CERT vulnerability note VU#675073.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code,
cause a denial of service, or gain unauthorized access to your
files or system.

III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for November 2011. That
bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any
potentially adverse effects. In addition, administrators should
consider using an automated update distribution system such as
Windows Server Update Services (WSUS).

IV. References

* Microsoft Security Bulletin Summary for November 2011 -

* Microsoft Windows Server Update Services -

* US-CERT Vulnerability Note VU#675073 -

____________________________________________________________________

The most recent version of this document can be found at:

____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to with “TA11-312A Feedback VU#124254″ in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit .
____________________________________________________________________

Produced 2011 by US-CERT, a government organization.

Terms of use:

____________________________________________________________________

Revision History

November 08, 2011: Initial release

Posted in CyberSecurity, Microsoft, PSA | 1 Comment