Gladiator Research and Security

Microsoft has announced seven new patches today, including three that could allow remote code execution.  MS12-004 is rated Critical by Microsoft and Gladiator recommends all institutions install this patch as soon as possible.  Additionally, Gladiator rates MS12-005 as critical and recommends all institutions apply this patch as soon as possible.  All other patches can be applied during your normal patch window.  Detailed information regarding the patches can be found in Microsoft’s January Security Bulletin. 

GSA Reference Number: AD111229-01

Simply Put: Microsoft has released a security bulletin for a privilege escalation vulnerability in its .NET Framework. This vulnerability affects Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7. An attacker who exploited this vulnerability could execute commands as a more privileged user or perform an unauthenticated denial of service (DoS) attack on servers that serve ASP.NET pages.  This vulnerability was publicly disclosed. Gladiator recommends that users apply the patch provided by Microsoft as soon as possible.

GSA Reference Number: AD111216-01

Simply Put: Adobe has released critical updates for its Reader, Acrobat, and Flash products.  High-risk vulnerabilities are present in these applications that could allow for remote code execution.  Gladiator recommends that institutions roll out these patches to all of their vulnerable workstations and servers as soon as possible.

Microsoft has announced thirteen new patches today, including ten that could allow remote code execution.  MS11-087, MS11-090, and MS11-092 are rated Critical and Gladiator recommends all users install these patches as soon as possible.  Despite the Important rating, Gladiator also recommends you apply patches MS11-089, MS11-091, MS11-093, MS11-094, MS11-095, MS11-096, and MS11-099 to remediate vulnerabilities that could lead to remote code execution.  All other patches can be applied during your normal patch window.  Detailed information regarding the patches can be found in Microsoft’s December Security Bulletin. 

Microsoft has announced four new patches today, including two that could allow remote code execution.  MS11-083 is rated Critical and Gladiator recommends all users install this patch as soon as possible.  MS11-085 is rated Important, but Gladiator recommends all users install this patch as soon as possible to patch a vulnerability that could lead to remote code execution.  Detailed information regarding the patches can be found in Microsoft’s November Security Bulletin.  Summary information is included below:

GSA Reference Number: AD111012-01

Simply Put: Cisco has released an advisory for multiple vulnerabilities with Cisco ASA 5500 devices.  This advisory identifies three new denial of service vulnerabilities and one new authentication bypass vulnerability.  An update from Cisco is available to address these issues and should be applied as soon as possible.  Gladiator will be testing this update for compatibility and stability and will then notify affected clients if an update is necessary.

Microsoft has announced eight new patches today, including six that could allow remote code execution.  Two patches are rated Critical by Microsoft and affect Microsoft Windows, Internet Explorer, the Microsoft .NET Framework, and Microsoft Silverlight.  Gladiator recommends you apply MS11-078 and MS11-081 due to the risk of remote code exploitation.  Detailed information regarding the patches can be found in Microsoft’s October Security Bulletin.