Gladiator Research and Security

GSA Reference Number: AD111229-01

Simply Put: Microsoft has released a security bulletin for a privilege escalation vulnerability in its .NET Framework. This vulnerability affects Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7. An attacker who exploited this vulnerability could execute commands as a more privileged user or perform an unauthenticated denial of service (DoS) attack on servers that serve ASP.NET pages.  This vulnerability was publicly disclosed. Gladiator recommends that users apply the patch provided by Microsoft as soon as possible.

GSA Reference Number: AD111216-01

Simply Put: Adobe has released critical updates for its Reader, Acrobat, and Flash products.  High-risk vulnerabilities are present in these applications that could allow for remote code execution.  Gladiator recommends that institutions roll out these patches to all of their vulnerable workstations and servers as soon as possible.

Microsoft has announced thirteen new patches today, including ten that could allow remote code execution.  MS11-087, MS11-090, and MS11-092 are rated Critical and Gladiator recommends all users install these patches as soon as possible.  Despite the Important rating, Gladiator also recommends you apply patches MS11-089, MS11-091, MS11-093, MS11-094, MS11-095, MS11-096, and MS11-099 to remediate vulnerabilities that could lead to remote code execution.  All other patches can be applied during your normal patch window.  Detailed information regarding the patches can be found in Microsoft’s December Security Bulletin.