Gladiator Research and Security

Microsoft has announced 6 new patches for its monthly patch release cycle.  These patches fix multiple Microsoft products, including Windows, Publisher, ISA Server, and Virtual PC.   Three patches are rated Critical, and allow for remote code execution on vulnerable systems.   The other three patches are rated Important, leading to elevation of privileges and a remote code exploit for Publisher.  Gladiator recommends that users immediately apply all Critical patches to their systems.

GSA Reference Number: AD090625-01

Simply Put: Adobe Shockwave Player, which is used by browsers to play Shockwave media, has a remote code execution vulnerability in version 11.5.0.596 and earlier versions.  Adobe has released a new player to address this vulnerability.  Unfortunately, the current Shockwave Player must be uninstalled before upgrading.  The uninstall requires a reboot.

GSA Reference Number: AD090610-01

Simply Put: Adobe has released a patch for multiple critical vulnerabilities affecting its Acrobat products.  This patch fixes multiple vulnerabilities regarding the Adobe products for both Windows and Mac operating systems.  The patch is available through the software update tool or by visiting the Adobe Security Bulletin linked below.  This is Adobe’s first patch release using its new quarterly release cycle.

Microsoft has announced 10 new patches for its monthly patch release cycle.  These patches fix multiple Microsoft products, including Windows, Internet Explorer, and Microsoft Office.   Six patches are rated Critical, and affect all of the previously listed products, thereby allowing for remote code execution on vulnerable systems.  Gladiator recommends that users  immediately apply all Critical patches to their systems.

GSA Reference Number: AD090602-01

Simply Put: SonicWALL has released a patch for an internal memory disclosure vulnerability in its SSL-VPN products.  Note, this is not a vulnerability with its firewall or unified threat management products, just the stand-alone SSL VPN devices.  The vulnerability allows an unauthenticated attacker to manipulate the portal login page to read parts of internal memory.  This vulnerability could lead to information disclosure.

GSA Reference Number: AD090513-01

Simply Put: Adobe has released a patch for the critical vulnerability affecting its Acrobat products.  This vulnerability was previously discussed in Gladiator Advisory AD090430-01 on April 30th, stating that all versions of Adobe Reader and Adobe Acrobat, on all operating systems, are affected by a Critical JavaScript Vulnerability.

Microsoft has announced one new patch for its monthly release cycle.  Although it doesn’t sound like a lot, this patch fixes a critical vulnerability in PowerPoint that is already being exploited by malicious entities.  The patch is rated critical, and affects Microsoft PowerPoint 2000 through 2007.   This exploit allows remote code execution on vulnerable systems.  Gladiator recommends that users  immediately patch all systems with Microsoft Office installed.