Gladiator Research and Security

GSA Reference Number: AD100719-01

Simply Put: Microsoft has released an advisory for a code execution vulnerability in Microsoft Windows Shell.  This vulnerability affects Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7.  This vulnerability can be exploited if a user opens a USB device or network share with a malicious-crafted shortcut file (.lnk).  Microsoft has also been alerted to attacks using this exploit code.  Gladiator recommends that users apply workarounds recommended by Microsoft as soon as possible.  No patch has been released as of yet.

Microsoft has announced 4 new patches today to fix vulnerabilities that could allow remote code execution, elevation of privileges and tampering.  Three patches are rated Critical by Microsoft and affects Microsoft Windows and Microsoft Office.  One patch is rated Important by Microsoft and affects Microsoft Outlook.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. Detailed information for the patches can be found in Microsoft’s July Security Bulletin.  Summary information is included below:

GSA Reference Number: AD100630-01
Related GSA Reference Number: AD100607-01

Simply Put: Adobe has released a patch for the previously reported critical remote-code-execution vulnerability in Adobe Reader and Acrobat.  This patch addresses additional issues as well.  Adobe Reader and Acrobat versions 9.3.2 and earlier should upgrade.

GSA Reference Number: AD100616-01

Simply Put: Microsoft has released an advisory for a remote code execution vulnerability in Microsoft Windows Help and Support Center.  This vulnerability affects Windows XP and Windows Server 2003.  This vulnerability can be exploited if a user visits a malicious website or clicks a specially-crafted link in an email.  Microsoft has also been alerted to targeted attacks using this exploit code.  Gladiator recommends that users apply workarounds recommended by Microsoft as soon as possible.  No patch has been released as of yet.

Microsoft has announced 10 new patches today to fix vulnerabilities that could allow remote code execution, elevation of privileges and tampering.  Three patches are rated Critical by Microsoft and affect Microsoft Windows and Internet Explorer.  Seven patches are rated Important by Microsoft and affect Microsoft Windows, Office, and the .NET Framework.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. Other patches can be applied during your normal patch roll outs.  Detailed information for the patches can be found in Microsoft’s June Security Bulletin. 

GSA Reference Number: AD100607-01

Simply Put: Adobe has released an advisory for a critical vulnerability in Adobe Flash.  Adobe Reader and Acrobat are also exploitable through the authplay.dll component included with Adobe Reader and Acrobat 9.x.  This vulnerability can lead to remote code execution and are already the target of malware authors.  No patch is available at this time.  However, Adobe has provided workarounds in its advisory.

Microsoft has announced two new patches today to fix vulnerabilities that could allow remote code execution.  Both patches are rated Critical by Microsoft and affect Microsoft Windows and Microsoft Office.  Gladiator recommends that users with impacted systems apply both Critical patches. Detailed information for the patches can be found in Microsoft’s May Security Bulletin.