Original release date: May 16, 2013

Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities. These vulnerabilities could cause a denial-of-service condition and potentially allow an attacker to execute arbitrary code and take control of an affected system.

The following versions of Adobe Flash Player are affected:

• Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh
• Adobe Flash Player 11.2.202.280 and earlier versions for Linux
• Adobe Flash Player 11.1.115.54 and earlier versions for Android 4.x devices
• Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x
• Adobe AIR 3.7.0.1530 and earlier versions for Windows and Macintosh
• Adobe AIR 3.7.0.1660 and earlier versions for Android
• Adobe AIR 3.7.0.1530 SDK & Compiler and earlier versions

US-CERT encourages users and administrators to review Adobe Security Bulletin APSB13-14 and follow best-practice security policies to determine which updates should be applied.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: May 16, 2013

Adobe has released security updates for Adobe Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities could cause a crash and potentially allow an attacker to take control of an affected system.

The following versions of Adobe Reader and Acrobat are affected:

• Adobe Reader XI (11.0.02) and earlier 11.x versions for Windows and Macintosh
• Adobe Reader X (10.1.6) and earlier 10.x versions for Windows and Macintosh
• Adobe Reader 9.5.4 and earlier 9.x versions for Windows and Macintosh
• Adobe Reader 9.5.4 and earlier 9.x versions for Linux
• Adobe Acrobat XI (11.0.02) and earlier 11.x versions for Windows and Macintosh
• Adobe Acrobat X (10.1.6) and earlier 10.x versions for Windows and Macintosh
• Adobe Acrobat 9.5.4 and earlier 9.x versions for Windows and Macintosh

US-CERT encourages users and administrators to review Adobe Security Bulletin APSB13-15 and follow best-practice security policies to determine which updates should be applied.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: May 16, 2013

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities.

• Firefox 21.0
• Firefox ESR 17.0.6
• Thunderbird 17.0.6
• Thunderbird ESR 17.0.6

These vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or operate with elevated privileges.

US-CERT encourages users and administrators to review the Mozilla Foundation Advisory for Firefox 21.0, Firefox ESR 17.0.6, Thunderbird 17.0.6, and Thunderbird ESR 17.0.6 and apply any necessary updates to help mitigate the risk.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: May 09, 2013 | Last revised: May 14, 2013

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Lync, Office, and Windows Essentials as part of the Microsoft Security Bulletin Summary for May 2013. These vulnerabilities could allow remote code execution, denial of service, spoofing, information disclosure, or elevation of privilege.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: May 09, 2013 | Last revised: May 14, 2013

Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1, and 9.0 for Windows, Macintosh, and UNIX. This hotfix addresses a vulnerability (CVE-2013-1389) that could allow a remote attacker to execute arbitrary code and a vulnerability (CVE-2013-3336) that could permit an unauthorized user to remotely retrieve files stored on the server. There are reports that this vulnerability is being exploited in the wild.

US-CERT recommends that users and administrators review Adobe Security Advisory APSA13-03 and Adobe Security Bulletin APSB13-13 and follow best-practice security policies to determine if their organization is affected and the appropriate response.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: May 07, 2013

Microsoft is investigating public reports of a remote code execution vulnerability in Internet Explorer 8 and is aware of attacks that attempt to exploit this vulnerability. This vulnerability may allow an attacker to execute arbitrary code if a user accesses a specially crafted website. Microsoft is actively working with partners to monitor the threat landscape and take action against these malicious sites that attempt to exploit this vulnerability.

US-CERT encourages users and administrators to review Microsoft Security Advisory 2847140. Please note that the advisory indicates that the workaround does not correct the vulnerability, but it may help mitigate risk against known attack vectors.

US-CERT will provide additional information as it becomes available.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: April 25, 2013

Cisco has released three security advisories to address vulnerabilities affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco Unified Computing System. These vulnerabilities may allow an attacker to bypass authentication controls, execute arbitrary code, obtain sensitive information, or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the following Cisco security advisories and apply any necessary updates to help mitigate the risks.

• Multiple Vulnerabilities in Cisco NX-OS-Based Products
• Cisco Device Manager Command Execution Vulnerability
• Multiple Vulnerabilities in Cisco Unified Computing System

This product is provided subject to this Notification and this Privacy & Use policy.