Adobe has released a security advisory for Adobe Flash Player to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition or take control of the affected system. Adobe has released updates for the following versions: Adobe Flash Player 11.5.502.146 and earlier version for Windows and Macintosh Adobe Flash Player 11.2.202.261 and earlier versions for Linux Adobe Flash Player 11.1.115.36 and earlier versions for Android 4.x Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and 2.x US-CERT encourages users and administrators to review Adobe Security Bulletin APSB13-04 and apply any necessary updates to help mitigate the risk. This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Server Software, Office, and .NET Framework as part of the Microsoft Security Bulletin summary for February 2013. These vulnerabilities could allow remote code execution, allow elevation of privilege, or cause a denial-of-service condition. US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which update should be applied. This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft has published a Security Bulletin Advance Notification indicating that its February release will contain eleven bulletins. These bulletins will have the severity rating of critical and important, and will be for Microsoft Windows, Internet Explorer, Server Software, and .NET Framework. These bulletins are scheduled for release on February 12, 2013. US-CERT will provide additional information as it becomes available. This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft has published a Security Bulletin Advanced Notification indicating that its February release will contain eleven bulletins. These bulletins will have the severity rating of critical and important, and will be for Microsoft Windows, Internet Explorer, Server Software, and .NET Framework. These bulletins are scheduled for release on February 12, 2013. US-CERT will provide additional information as it becomes available. This product is provided subject to this Notification and this Privacy & Use policy.

Apple has released a security update for OS X Server v2.2.1 for OS X Mountain Lion v10.8 or later to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code. US-CERT encourages users and administrators to review Apple Support Article HT5644 and follow best-practice security policies to determine if their organization is affected and the appropriate response. This product is provided subject to this Notification and this Privacy & Use policy.

Oracle has released an out-of-band patch to address multiple vulnerabilities in the Java Runtime Environment (JRE) 7 Update 11 and earlier. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied. See Vulnerability Note VU#858729 for more information. This product is provided subject to this Notification and this Privacy & Use policy.

Apple has released iOS 6.1 for the iPhone 3 GS and later, iPod touch 4th generation and later, and iPad 2 and later to address multiple vulnerabilities. These vulnerabilities may allow an attacker to operate with elevated privileges or execute arbitrary code. US-CERT encourages users and administrators to review Apple Support Article HT5642 and follow best-practice security policies to determine which updates should be applied. This product is provided subject to this Notification and this Privacy & Use policy.

Multiple vulnerabilities have been announced in libupnp, the open source portable SDK for UPnP devices. Libupnp is employed by hundreds of vendors for UPnP-enabled devices. Information is also available in CERT Vulnerability Note VU#922681. US-CERT recommends that affected UPnP device vendors and developers obtain and employ libupnp version 1.6.18, which addresses these vulnerabilities. US-CERT recommends that users and administrators review CERT Vulnerability Note VU#922681, disable UPnP (if possible), and restrict access to SSDP (1900/udp) and Simple Object Access Protocol (SOAP) services from untrusted networks such as the Internet. This product is provided subject to this Notification and this Privacy & Use policy.

The Cisco Wireless LAN Controller (Cisco WLC) product family is affected by multiple vulnerabilities that could potentially cause a denial-of-service condition, allow unauthorized access, or allow an attacker to execute code remotely. Cisco has released software updates that address these vulnerabilities. US-CERT encourages users and administrators to review Cisco Security Advisory 20130123-wlc and follow best-practice security policies to determine if their organization is affected and, if so, the appropriate response. This product is provided subject to this Notification and this Privacy & Use policy.

Google has released Google Chrome 24.0.1312.56 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service. US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 24.0.1312.56. This product is provided subject to this Notification and this Privacy & Use policy.

Adobe has released a security hotfix to address multiple vulnerabilities in Adobe ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh, and UNIX. These vulnerabilities could allow an attacker to bypass authentication controls. US-CERT recommends that users and administrators review Adobe Security APSB13-03 and follow best-practice security policies to determine which updates should be applied. This product is provided subject to this Notification and this Privacy & Use policy.

Oracle has released its Critical Patch Update for January 2013 to address 86 vulnerabilities across multiple products. This update contains the following security fixes: 6 for Oracle Database Server 7 for Oracle Fusion Middleware 13 for Oracle Enterprise Manager Grid Control 9 for Oracle E-Business Suite 1 for Oracle Supply Chain Products Suite 12 for Oracle PeopleSoft Products 1 for Oracle JD Edwards Products 10 for Oracle Siebel CRM 8 for Oracle Sun Products Suite 1 for Oracle Visualization 18 for Oracle MySQL US-CERT encourages users and administrators to review the January 2013 Critical Patch Update and follow best-practice security policies to determine which updates should be applied. This product is provided subject to this Notification and this Privacy & Use policy.

Oracle has released an out-of-band patch to address the recently announced vulnerability in Java Runtime Environment (JRE) 7. US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied. This product is provided subject to this Notification and this Privacy & Use policy.

The CERT Program has released Vulnerability Note VU#625617 to address a vulnerability in Oracle Java Runtime Environment (JRE) 7 and earlier that is currently being exploited in the wild. This vulnerability may allow an attacker to execute arbitrary code on vulnerable systems. US-CERT encourages users and administrators to review CERT Vulnerability Note VU#625617 and US-CERT Alert TA13-010A. Due to the number and severity of this and prior Java vulnerabilities, it is recommended that Java be disabled temporarily in web browsers as described in the "Solution" section of the US-CERT Alert and in the Oracle Technical Note "Setting the Security Level of the Java Client." This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Developers Tools, Server Software, and .NET Framework as part of the Microsoft Security Bulletin summary for January 2013. These vulnerabilities could allow remote code execution, elevation of privilege, security features bypass, or cause denial-of-service conditions. US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied. This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft has released Security Advisory 2798897 in response to active attacks using fraudulent digital certificates published by TURKTRUST Inc. These fraudulent certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This vulnerability affects all supported releases of Microsoft Windows. This update revokes the trust of the fraudulent certificates and places them in the Microsoft Untrusted Certificate Store. US-CERT encourages users and administrators to review Microsoft Security Advisory 2798897 and follow best-practice security policies to determine if the update should be applied. This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft has released Security Advisory 2794220 to address a vulnerability in Microsoft Internet Explorer 6, 7, and 8. This vulnerability may allow an attacker to execute arbitrary code if a user accesses a specially crafted website. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in the wild. UPDATE: Microsoft has released Security Bulletin MS13-008 to resolve this vulnerability. The security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. US-CERT encourages users and administrators to review Microsoft Security Bulletin MS13-008 and follow best-practice security policies to determine if the update should be applied. See Vulnerability Note VU#154201 for more information. This product is provided subject to this Notification and this Privacy & Use policy.