The ThreatCon is currently at Level 2: Elevated.

On September 12, 2017, Microsoft released its scheduled patch update for September 2017. This month's update covers vulnerabilities in Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, Adobe Flash Player, Skype for Business and Lync, .NET Framework, and Microsoft Exchange Server.

On September 12, 2017, Adobe released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address two critical memory corruption vulnerabilities that could lead to code execution.

Adobe also released a security update for RoboHelp for Windows. This update resolves an important input validation vulnerability that could be used in a cross-site scripting attack, as well as an unvalidated URL redirect vulnerability rated moderate that could be used in phishing campaigns.

Adobe has additionally released security updates for ColdFusion version 11 and the 2016 release. These updates address a critical XML parsing vulnerability, an important cross-site scripting vulnerability that could lead to information disclosure and a mitigation for unsafe Java deserialization that could result in remote code execution.

Customers are advised to apply all patches as soon as possible.

Microsoft September 2017 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/5984735e-f651-e711-80dd-000d3a32fc99

Adobe Security Bulletin APSB17-25
https://helpx.adobe.com/security/products/robohelp/apsb17-25.html

Adobe Security Bulletin APSB17-28
https://helpx.adobe.com/security/products/flash-player/apsb17-28.html

Adobe Security Bulletin APSB17-30
https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html

Threatcon Level 1
ThreatCon Level 1
Low : Basic network posture
This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal network threats, is warranted. Automated systems and alerting mechanisms should be used.
Threatcon Level 1
ThreatCon Level 2
Medium : Increased alertness
This condition applies when knowledge or the expectation of attack activity is present, without specific events occurring or when malicious code reaches a moderate risk rating. Under this condition, a careful examination of vulnerable and exposed systems is appropriate, security applications should be updated with new signatures and/or rules as soon as they become available and careful monitoring of logs is recommended. Changes to the security infrastructure are not required.
Threatcon Level 1
ThreatCon Level 3
High : Known threat
This condition applies when an isolated threat to the computing infrastructure is currently underway or when malicious code reaches a severe risk rating. Under this condition, increased monitoring is necessary, security applications should be updated with new signatures and/or rules as soon as they become available and redeployment and reconfiguration of security systems is recommended. People should be able to maintain this posture for a few weeks at a time, as threats come and go.
Threatcon Level 1
ThreatCon Level 4
Extreme : Full alert
This condition applies when extreme global network incident activity is in progress. Implementation of measures in this Threat Condition for more than a short period probably will create hardship and affect the normal operations of network infrastructure.