Cisco patches critical security vulnerability in Secure Desktop
If your organization uses Cisco's Secure Desktop, which is a component of the Cisco SSL VPN solution, you need to be aware of a critical security vulnerability that, if exploited, could result in a complete compromise of the affected system. The problem is a Cisco-signed ActiveX control that could be invoked by malicious code on a web page to download an malicious executable.
Cisco has issued a patch for the vulnerability, which affects versions prior to 3.5.841. Here's the advisory with instructions on how to get the update: