The Cisco Wireless LAN Controller (Cisco WLC) product family is affected by multiple vulnerabilities that could potentially cause a denial-of-service condition, allow unauthorized access, or allow an attacker to execute code remotely. Cisco has released software updates that address these vulnerabilities. US-CERT encourages users and administrators to review Cisco Security Advisory 20130123-wlc and follow best-practice security policies to determine if their organization is affected and, if so, the appropriate response. This product is provided subject to this Notification and this Privacy & Use policy.

Google has released Google Chrome 24.0.1312.56 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service. US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 24.0.1312.56. This product is provided subject to this Notification and this Privacy & Use policy.

Adobe has released a security hotfix to address multiple vulnerabilities in Adobe ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh, and UNIX. These vulnerabilities could allow an attacker to bypass authentication controls. US-CERT recommends that users and administrators review Adobe Security APSB13-03 and follow best-practice security policies to determine which updates should be applied. This product is provided subject to this Notification and this Privacy & Use policy.

Oracle has released its Critical Patch Update for January 2013 to address 86 vulnerabilities across multiple products. This update contains the following security fixes: 6 for Oracle Database Server 7 for Oracle Fusion Middleware 13 for Oracle Enterprise Manager Grid Control 9 for Oracle E-Business Suite 1 for Oracle Supply Chain Products Suite 12 for Oracle PeopleSoft Products 1 for Oracle JD Edwards Products 10 for Oracle Siebel CRM 8 for Oracle Sun Products Suite 1 for Oracle Visualization 18 for Oracle MySQL US-CERT encourages users and administrators to review the January 2013 Critical Patch Update and follow best-practice security policies to determine which updates should be applied. This product is provided subject to this Notification and this Privacy & Use policy.

Oracle has released an out-of-band patch to address the recently announced vulnerability in Java Runtime Environment (JRE) 7. US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied. This product is provided subject to this Notification and this Privacy & Use policy.

The CERT Program has released Vulnerability Note VU#625617 to address a vulnerability in Oracle Java Runtime Environment (JRE) 7 and earlier that is currently being exploited in the wild. This vulnerability may allow an attacker to execute arbitrary code on vulnerable systems. US-CERT encourages users and administrators to review CERT Vulnerability Note VU#625617 and US-CERT Alert TA13-010A. Due to the number and severity of this and prior Java vulnerabilities, it is recommended that Java be disabled temporarily in web browsers as described in the "Solution" section of the US-CERT Alert and in the Oracle Technical Note "Setting the Security Level of the Java Client." This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Developers Tools, Server Software, and .NET Framework as part of the Microsoft Security Bulletin summary for January 2013. These vulnerabilities could allow remote code execution, elevation of privilege, security features bypass, or cause denial-of-service conditions. US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied. This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft has released Security Advisory 2798897 in response to active attacks using fraudulent digital certificates published by TURKTRUST Inc. These fraudulent certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This vulnerability affects all supported releases of Microsoft Windows. This update revokes the trust of the fraudulent certificates and places them in the Microsoft Untrusted Certificate Store. US-CERT encourages users and administrators to review Microsoft Security Advisory 2798897 and follow best-practice security policies to determine if the update should be applied. This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft has released Security Advisory 2794220 to address a vulnerability in Microsoft Internet Explorer 6, 7, and 8. This vulnerability may allow an attacker to execute arbitrary code if a user accesses a specially crafted website. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in the wild. UPDATE: Microsoft has released Security Bulletin MS13-008 to resolve this vulnerability. The security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. US-CERT encourages users and administrators to review Microsoft Security Bulletin MS13-008 and follow best-practice security policies to determine if the update should be applied. See Vulnerability Note VU#154201 for more information. This product is provided subject to this Notification and this Privacy & Use policy.