Gladiator Research and Security

Microsoft has announced 13 new patches for its monthly patch release cycle.  These patches fix multiple Microsoft products, including Windows, Internet Explorer, Microsoft Office, and Microsoft .NET Framework.   Eight patches are rated Critical, and affect all of the previously listed products, thereby allowing for remote code execution on vulnerable systems.  Gladiator recommends that users  immediately apply all Critical patches to their systems. Detailed information for the patches can be found in Microsoft’s October Security Bulletin. 

GSA Reference Number: AD090925-01

Simply Put: Cisco has announced eleven new vulnerabilities in multiple Cisco products.  Nine of the vulnerabilities affect Cisco’s IOS – the operating system for many Cisco devices.  Cisco IOS is present on Cisco routers and switches.  Two more vulnerabilities affect Unified Communications Manager.  The vulnerabilities cover denial of service and authentication bypass on IOS, as well as denial of service and remote code execution on Unified Communications Manager.   Many of these vulnerabilities are considered Critical by Gladiator, since a denial of service on a router would result in loss of Internet access.  Note: Cisco Firewalls do not run Cisco IOS and are not vulnerable to these issues.

GSA Reference Number: AD090909-01

Simply Put: Cisco has announced a new vulnerability in multiple Cisco products, including Cisco ASA and PIX appliances and routers.  The vulnerability covers a resource exhaustion issue with TCP connections, which causes a denial of service.  Some devices may need to be rebooted to fully recover.  This vulnerability is considered Critical by Gladiator. We will be reviewing all CoreDEFENSE-monitored Cisco ASA and PIX devices for susceptibility.

Microsoft has announced five new patches for its monthly patch release cycle.  These patches fix multiple vulnerabilities in Microsoft Windows.   All five patches are rated Critical, allowing for remote code execution on vulnerable systems.   Gladiator recommends that users immediately apply all Critical patches to their systems. Detailed information for the patches can be found in Microsoft’s September Security Bulletin. 

Microsoft has announced nine new patches for its monthly patch release cycle.  These patches fix multiple Microsoft products, including Windows, Remote Desktop, Office, Telnet, and more.   Five patches are rated Critical, allowing for remote code execution on vulnerable systems.   The other four patches are rated Important, leading to elevation of privileges, denial of service, and a remote code exploit for Telnet.  Gladiator recommends that users immediately apply all Critical patches to their systems. Detailed information for the patches can be found in Microsoft’s August Security Bulletin. 

Microsoft has announced two out-of-band patches that are currently available.  (Out-of-band patches are released outside of Microsoft’s normal Patch Tuesday release cycle and usually fix vulnerabilities that are currently attacking Windows systems. ) These patches apply to two Microsoft products, Visual Studio and Internet Explorer.   These patches are rated Critical, and allow for remote code execution on vulnerable systems.   Gladiator recommends that users immediately apply all Critical patches to their systems.

GSA Reference Number: AD090722-01

Simply Put: Adobe Acrobat, Reader, and Flash have a remote code execution vulnerability currently being exploited on the Internet.  Adobe does not have a patch available at this time.  This vulnerability can be exploited by a malicious website to load arbitrary code or take control of a victim’s PC.