US-CERT Warns Security Vulnerabilities in Popular Applications from MicroSoft, Adobe and Google

April 28, Washington, D.C., — United States Computer Emergency Readiness Team (US-CERT) issues multiple warnings about security vulnerabilities in popular software applications from major companies. Please review these warnings below and follow the suggestions to fix the vulnerabilities to ensure your computer and personal information are protected.
2014_NPR_Internet_Security



Microsoft Internet Explorer

US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could allow unauthorized remote code execution.

US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft’s recommendations, such as Windows XP users, may consider employing an alternate browser.

Adobe Flash Player

US-CERT is aware of active exploitation of a vulnerability in versions of Flash Player which could potentially allow an attacker to take control of an affected system. Adobe has released security updates to address these vulnerabilities.

The following updates are available:

  • Flash Player 13.0.0.206 for Windows, Macintosh, and Linux
  • Flash Player 11.7.700.279 for Windows and Macintosh
  • Flash Player 11.2.202.356 for Linux

Users and administrators are encouraged to review Adobe Security Bulletin APSB14-13 and apply the necessary updates.

Google Chrome

Google has released security updates to address multiple vulnerabilities in Chrome. Some of these vulnerabilities may lead to memory corruption or arbitrary code execution.

Updates available include:

  • Chrome 34.0.1847.131 for Windows and Mac.
  • Chrome 34.0.1847.132 for Linux.
  • Chrome 34.0.1847.134 for Chrome OS devices, except HP Chromebook Pavillion.

Users and administrators are encouraged to review the Google Chrome release blog entries and apply the necessary updates.

US-CERT is part of DHS’ National Cybersecurity and Communications Integration Center (NCCIC).

The Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) leads efforts to improve the nation’s cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks to the Nation while protecting the constitutional rights of Americans. US-CERT strives to be a trusted global leader in cybersecurity – collaborative, agile, and responsive in a dynamic and complex environment.