US-CERT Current Activity
Intel Firmware Vulnerability
Original release date: November 21, 2017

Intel has released recommendations to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution Engine. An attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Intel links below and refer to their original equipment manufacturers (OEMs) for mitigation strategies and updated firmware.

 


This product is provided subject to this Notification and this Privacy & Use policy.


21-11-2017
Symantec Releases Security Update
Original release date: November 21, 2017

Symantec has released an update to address a vulnerability in the Symantec Management Console. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review the Symantec Security Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


21-11-2017
Windows ASLR Vulnerability
Original release date: November 20, 2017

The CERT Coordination Center (CERT/CC) has released information on a vulnerability in Windows Address Space Layout Randomization (ASLR) that affects Windows 8, Windows 8.1, and Windows 10. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review CERT/CC VU #817544 and apply the necessary workaround until a patch is released.


This product is provided subject to this Notification and this Privacy & Use policy.


20-11-2017
Holiday Scams and Malware Campaigns
Original release date: November 16, 2017 | Last revised: November 17, 2017

US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Emails and ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver attachments infected with malware. Spoofed email messages and phony posts on social networking sites may request support for fraudulent causes.

To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:

If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:


This product is provided subject to this Notification and this Privacy & Use policy.


16-11-2017
Oracle Releases Security Alert
Original release date: November 16, 2017

Oracle has released a security alert to address multiple vulnerabilities in Oracle Tuxedo. A remote attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Oracle Security Alert Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


16-11-2017
Cisco Releases Security Update
Original release date: November 15, 2017

Cisco has released a security update to address a vulnerability in its Voice Operating System software platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


15-11-2017
Mozilla Releases Security Updates
Original release date: November 14, 2017

Mozilla has released security updates to address multiple vulnerabilities in Firefox 57 and ESR 52.5. An attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 57 and ESR 52.5 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


14-11-2017
Microsoft Releases November 2017 Security Updates
Original release date: November 14, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft's November 2017 Security Update Summary and Deployment Information and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


14-11-2017
Adobe Releases Security Updates
Original release date: November 14, 2017

Adobe has released security updates to address vulnerabilities in Flash Player, Photoshop CC, Adobe Connect, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-33, APSB17-34, APSB17-35, APSB17-37, APSB17-38, APSB17-39, APSB17-40, and APSB17-41, and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


14-11-2017
Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)
Original release date: November 09, 2017

Microsoft has released an advisory that provides guidance on securing Dynamic Data Exchange (DDE) fields in Microsoft Office applications. Exploitation of this protocol may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Microsoft Security Advisory for more information and US-CERT's Tip on Using Caution with Email Attachments.


This product is provided subject to this Notification and this Privacy & Use policy.


09-11-2017