Alerts and information from US-CERT

US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.

 

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Microsoft Releases June 2016 Security Bulletin

Microsoft has released 16 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the following Microsoft Security Bulletins MS16-063 through MS16-082 (link is external) and apply the necessary updates.

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in DNG Software Development Kit (SDK), Brackets, Creative Cloud Desktop Application and Cold Fusion. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletins APSB16-19 (link is external), APSB16-20 (link is external), APSB16-21 (link is external) and APSB16-22 (link is external) and apply the necessary updates.

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in NSX, vCNS and vRealize Log Insight. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review VMware Security Advisories VMSA-2016-0007 (link is external) and VMSA-2016-0008 (link is external) and apply the necessary updates.

Increased Risks from Macro-Based Malware

Microsoft Office applications use macros to automate routine tasks. However, macros can contain malicious code that can be used to exploit vulnerable systems. Recently, there has been a resurgence of malware that is spread via macros. Individuals and organizations should proactively secure systems against macro-based malware.

Users and administrators are encouraged to review CERT’s article (link is external) on the resurgence of macro exploitation and apply recommendations outlined in CERT Australia’s report on macro security.

Symantec Releases Security Updates

Symantec has released security updates to address vulnerabilities in multiple products. Exploitation of some of these vulnerabilities may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review Symantec Security Advisory SYM16-009 (link is external) and apply the necessary updates.

Mozilla Releases Security Updates

The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Network Security Services (NSS). Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • Firefox 47
  • Firefox ESR 45.2
  • NSS 3.23

Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR, and NSS 2016-62 and apply the necessary updates.

Grow some Good in the World!
Share