US CERT Current Activity
Google Releases Security Updates for Chrome
Mar 29, 2017
Original release date: March 30, 2017 Google has released Chrome version 57.0.2987.137 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
VMware Releases Security Updates
Mar 28, 2017
Original release date: March 28, 2017 VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review VMware Security Advisory VMSA-2017-0006 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Apple Releases Security Update for iWork
Mar 27, 2017
Original release date: March 27, 2017 Apple has released a security update for macOS 10.12 (and later) and iOS 10.0 (and later) to address a vulnerability in iWork that may allow may allow a remote attacker to obtain sensitive information.US-CERT encourages users and administrators to review Apple's security update for the vulnerability and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
Apple Releases Security Update for iTunes
Mar 24, 2017
Original release date: March 24, 2017 Apple has released a security update for Apple iTunes to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.Users and administrators are encouraged to review information on iTunes 12.6 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
Aviation Phishing Scams
Mar 23, 2017
Original release date: March 23, 2017 US-CERT has received reports of email-based phishing campaigns targeting airline consumers. Systems infected through phishing campaigns act as an entry point for attackers to gain access to sensitive business or personal information.US-CERT encourages users and administrators to review an airline Security Advisory and US-CERT's Security Tip ST04-014 for more information on phishing attacks. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates
Mar 22, 2017
Original release date: March 22, 2017 Cisco has released security updates to address vulnerabilities in its IOS, IOS XE, and IOx Software. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system or cause a denial-of-service condition.Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:Cisco IOx Data in Motion Stack Overflow VulnerabilityCisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service VulnerabilityCisco IOS XE Software HTTP Command Injection VulnerabilityCisco IOS XE Software Web User Interface Denial of Service VulnerabilityCisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service VulnerabilityCisco IOS and IOS XE Software DHCP Client Denial of Service VulnerabilityCisco Application-Hosting Framework Arbitrary File Creation VulnerabilityCisco Application-Hosting Framework Directory Traversal Vulnerability This product is provided subject to this Notification and this Privacy & Use policy.
Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)
Mar 22, 2017
Original release date: March 22, 2017 The Network Time Foundation's NTP Project has has released version ntp-4.2.8p10 to address multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.US-CERT encourages users and administrators to review the NTP Security Notice Page for vulnerability and mitigation details. This product is provided subject to this Notification and this Privacy & Use policy.
Title: Cisco Releases Security Updates
Mar 21, 2017
Original release date: March 21, 2017 Cisco has released security updates to address vulnerabilities in its IOS and IOS XE Software. Exploitation of one of these vulnerabilities could allow a remote attacker to cause a denial of service condition.Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:IPv6 Denial of Service VulnerabilityAutonomic Networking Infrastructure Registrar Denial of Service Vulnerability This product is provided subject to this Notification and this Privacy & Use policy.
IRS Warns of Last-Minute Tax Scams
Mar 17, 2017
Original release date: March 17, 2017 The Internal Revenue Service (IRS) has released an alert warning of phishing email scams targeting last-minute tax filers. The alert describes common features of these cyber crimes and includes recommendations to protect against them: strengthen passwords, recognize phishing attempts, and forward suspicious emails to phishing@irs.gov.Tax payers and tax professionals are encouraged to review the IRS alert and US-CERT's advice on Avoiding Social Engineering and Phishing Attacks. This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Updates
Mar 17, 2017
Original release date: March 17, 2017 Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. Exploitation of this vulnerability may allow an attacker to take control of an affected system.US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox and Firefox ESR and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Ending Support for Windows Vista
Mar 16, 2017
Original release date: March 17, 2017 All software products have a lifecycle. After April 11, 2017, Microsoft is ending support for the Windows Vista operating system. After this date, this product will no longer receive:Security updatesNon-security hotfixesFree or paid assisted support optionsOnline technical content updates from MicrosoftComputers running the Windows Vista operating system will continue to work even after support ends. However, using unsupported software may increase the risks of viruses and other security threats.Users and administrators are encouraged to upgrade to a currently supported operating system. For more information, see Microsoft's Vista support and product lifecycle articles. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft SMBv1 Vulnerability
Mar 16, 2017
Original release date: March 16, 2017 Microsoft has released a security update to address a vulnerability in implementations of Server Message Block 1.0 (SMBv1). Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review Microsoft Security Bulletin MS17-010 and apply the update. For more information, see the Information Assurance Advisory and US-CERT's SMB Security Best Practices guidance. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates
Mar 15, 2017
Original release date: March 15, 2017 Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system.Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability cisco-sa-20170315-ap1800StarOS SSH Privilege Escalation Vulnerability cisco-sa-20170315-asrWorkload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read Vulnerability cisco-sa-20170315-tesMeshed Wireless LAN Controller Impersonation Vulnerability cisco-sa-20170315-wlc-mesh This product is provided subject to this Notification and this Privacy & Use policy.
Drupal Releases Security Update
Mar 15, 2017
Original release date: March 15, 2017 Drupal has released an advisory to address vulnerabilities in Drupal core 8.x versions prior to 8.2.7. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review Drupal's Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
VMware Releases Security Updates
Mar 14, 2017
Original release date: March 14, 2017 VMware has released security updates to address a vulnerability in Workstation and Fusion. A remote attacker could exploit this vulnerability and take control of an affected system.Users and administrators are encouraged to review VMware Security Advisory VMSA-2017-0005 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates
Mar 14, 2017
Original release date: March 14, 2017 Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Shockwave Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-07 and APSB17-08 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases March 2017 Security Bulletin
Mar 14, 2017
Original release date: March 14, 2017 Microsoft has released 17 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review Microsoft Security Bulletins MS17-006 through MS17-023 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
IRS Releases Tax-Time Guide
Mar 9, 2017
Original release date: March 09, 2017 The Internal Revenue Service (IRS) has released tax-time advice intended to help the public protect their personal and financial data and computers. Recommendations include using strong passwords, backing up files, and using robust security software to help block malware and viruses.Users and administrators are encouraged to review this week's IRS Tax-Time Guide and US-CERT Tip ST05-014, Real-World Warnings Keep You Safe Online, for additional information. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Update for Chrome
Mar 9, 2017
Original release date: March 09, 2017 Google has released Chrome version 57.0.2987.98 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
Apache Software Foundation Releases Security Updates
Mar 8, 2017
Original release date: March 08, 2017 The Apache Software Foundation has released security updates to address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system.Users and administrators are encouraged to review the Apache Security Bulletin and upgrade to Struts 2.3.32 or Struts 2.5.10.1. This product is provided subject to this Notification and this Privacy & Use policy.
