Gladiator Research and Security

GSA Reference Number: AD090430-01

Simply Put: All versions of Adobe Reader and Adobe Acrobat, on all operating systems, are affected by a Critical JavaScript Vulnerability. Currently, Adobe has not released a patch for this issue. Gladiator recommends disabling JavaScript in Adobe Reader and Adobe Acrobat to help mitigate the issue.

We’ve all noticed the trends lately which suggest that new malware is being written at an ever-increasing pace.  It seems like each day a new threat is discovered by security professionals.  However, anti-malware products seem unable to keep up with the pace set by the malware programmers.  So, what can be done to combat this discrepancy?  Have you heard of software “sandboxes”?  Read on and we’ll discuss some options available to help you fight in the war against malware.

Microsoft has announced eight new patches for its monthly release cycle.  There are five critical patches, two important and one moderate patch, affecting Microsoft Office, Windows, Internet Explorer, DirectX, ISA Server, Wordpad, SearchPath and HTTP Services.  Some of these patches are extremely critical and should be applied immediately.  Exploit code is publicly available for them and they are currently being exploited by malware authors.  These exploits can and do allow remote code execution on vulnerable systems. 

GSA Reference Number: AD090409-01

Simply Put: Cisco has announced a number of newly discovered vulnerabilities in both their Cisco ASA 5500 Series and Cisco PIX Security Appliances running 7.x and 8.x firmware versions.  These vulnerabilities cover SSL and IPSec VPN Connectivity, Access-List Restrictions, and Packet Inspection.  The vulnerabilities in this latest Cisco release are considered critical by Gladiator. We will be reviewing all CoreDefense monitored Cisco ASA and PIX devices for susceptibility.