The Internet Systems Consortium (ISC) has released updates that address three vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.
Available updates include:
BIND 9 version 9.9.8-P4
BIND 9 version 9.10.3-P4
BIND 9 version 9.9.8-S6
US-CERT encourages users and administrators to review ISC Knowledge Base Articles AA-01351, AA-01352, and AA-01353 and apply the necessary updates.
Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected device.
Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:
Google has released Chrome version 49.0.2623.87 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.
Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Available updates include:
Firefox 45
Firefox ESR 38.7
Users and administrators are encouraged to review the Mozilla Security Advisories for Firefox and Firefox ESR and apply the necessary updates.
Microsoft has released 13 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review Microsoft Security Bulletins MS16-023 through MS16-035 and apply the necessary updates.
Adobe has released security updates to address multiple vulnerabilities in Acrobat, Reader, and Digital Editions. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review Adobe Security Bulletins APSB16-09 and APSB16-06 and apply the necessary updates.
Internet Systems Consortium (ISC) has released security updates to address a vulnerability in versions of ISC Dynamic Host Configuration Protocol (DHCP) server. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.
Updated versions of ISC DHCP (4.1-ESV-R13 and 4.3.4) will be available soon, and current workarounds are described in ISC Knowledge Base Article AA-01354. US-CERT encourages users and administrators to review this article and apply the necessary updates when available.
Google has released Chrome version 49.0.2623.75 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review the Chrome Releases page and apply the necessary update.
The Internal Revenue Service (IRS) has issued a news release addressing a new spear phishing scheme targeting payroll and human resource professionals. In this scheme, cybercriminals pose as company executives requesting personal information on employees.
US-CERT encourages users and administrators to review the IRS news release for details and refer to US-CERT Security Tip ST15-001 for information on tax-themed phishing attacks.
Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected device.
Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates: