Gladiator Research and Security

Microsoft has announced 15 new patches today to fix vulnerabilities that could allow remote code execution and elevation of privileges.  Nine patches are rated Critical by Microsoft and affect Microsoft Windows, Microsoft Office, Microsoft .NET, and Internet Explorer.  Six patches are rated Important by Microsoft and affect Microsoft Windows and Microsoft Office.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. Detailed information for the patches can be found in Microsoft’s August Security Bulletin. 

GSA Reference Number: AD100805-01

Simply Put: A new vulnerability has been found in Adobe Acrobat.  This vulnerability can result in remote code execution.  A patch is not available at this time; however, Adobe is working on a fix that should come out in the next few weeks.  Adobe Reader and Acrobat versions 9.3.3 and earlier are vulnerable to this issue.

GSA Reference Number: AD100802-01
Related GSA Reference Number: AD100719-01

Simply Put: Microsoft has released an advisory for a code execution vulnerability in Microsoft Windows Shell.  This vulnerability affects Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7.  This vulnerability can be exploited if a user opens a USB device or network share with a malicious-crafted shortcut file (.lnk).  Microsoft has also been alerted to attacks using this exploit code.  Gladiator recommends that users apply the patch provided by Microsoft as soon as possible.