Gladiator Research and Security

Microsoft has announced 17 new patches today to fix 64 vulnerabilities across Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, .NET Framework, and GDI+.  Nine patches are rated Critical by Microsoft and affect Microsoft Windows, Office, and Internet Explorer.  The eight other patches are rated Important by Microsoft and affect Microsoft Windows, Microsoft Office, and Microsoft Developer Tools and Software.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. Detailed information regarding the patches can be found in Microsoft’s April Security Bulletin.

GSA Reference Number: AD110412-01

Simply Put: Adobe has released a new security advisory regarding a critical vulnerability in Adobe Flash Player, Reader, and Acrobat.  The vulnerability could cause the programs to crash and possibly allow remote code execution.  These vulnerabilities are reportedly being exploited by malware authors at this time.  The attacks are being delivered in Word documents as email attachments.  No patch is available at this time.  Gladiator recommends that institutions inform their users of this threat and tell them not to open any Word document attachments without checking with their information security officer.

Microsoft has published a great security update guide that I think would benefit financial institutions.  It discusses 6 great steps for network administrators on Windows networks:

• Get to know the security update release process
• Learn how to evaluate risk
• See how to migrate security risks
• Understand how quickly you need to apply updates
• Assess your update
• Get ongoing security

You can find the guide here.