Gladiator Research and Security

GSA Reference Number: AD090430-01

Simply Put: All versions of Adobe Reader and Adobe Acrobat, on all operating systems, are affected by a Critical JavaScript Vulnerability. Currently, Adobe has not released a patch for this issue. Gladiator recommends disabling JavaScript in Adobe Reader and Adobe Acrobat to help mitigate the issue.

Microsoft has announced eight new patches for its monthly release cycle.  There are five critical patches, two important and one moderate patch, affecting Microsoft Office, Windows, Internet Explorer, DirectX, ISA Server, Wordpad, SearchPath and HTTP Services.  Some of these patches are extremely critical and should be applied immediately.  Exploit code is publicly available for them and they are currently being exploited by malware authors.  These exploits can and do allow remote code execution on vulnerable systems. 

GSA Reference Number: AD090409-01

Simply Put: Cisco has announced a number of newly discovered vulnerabilities in both their Cisco ASA 5500 Series and Cisco PIX Security Appliances running 7.x and 8.x firmware versions.  These vulnerabilities cover SSL and IPSec VPN Connectivity, Access-List Restrictions, and Packet Inspection.  The vulnerabilities in this latest Cisco release are considered critical by Gladiator. We will be reviewing all CoreDefense monitored Cisco ASA and PIX devices for susceptibility.

GSA Reference Number: AD090330-01

Simply Put: A small media frenzy has been created as many security professionals and groups have released research which indicates that the Conficker worm will be changing the way it works on April 1st, 2009.  On April 1st, Conficker will be reconfiguring its updating functionality, making it easier for infected machines to receive updates.  While the code update is important news, researchers have found no indication of an attack beginning on April 1st.  These updates will be occurring to machines that are already infected.  However, the risk of a new Conficker infection is something that is always prevalent.  April 1st will certainly be an important date to monitor network traffic, but the Conficker worm will be just as dangerous before and after April 1st, as many of Conficker’s attack and propagation techniques have been very effective to date.

GSA Reference Number: AD090311-01

Replaces GSA Reference Number: AD090220-01

Simply Put: Adobe Acrobat 9 and Reader 9 and earlier versions contain a critical vulnerability that allows arbitrary code execution.  This issue is currently being exploited.  Adobe has released a patch for Acrobat 9 and Reader 9.  However, earlier versions of the product remain unpatched.  Gladiator recommends upgrading all Adobe installations to version 9.1 if possible.

GSA Reference Number: AD090220-01

Simply Put: Adobe Acrobat 9 and Reader 9 and earlier versions contain an unpatched critical vulnerability that allows arbitrary code execution.  Adobe has released an advisory on this issue, but a patch will not be released until March 11th.  A workaround has been published that will prevent code execution, but the application will still crash.

GSA Reference Number: AD090218-01

Simply Put: An Internet Explorer 7 vulnerability patched in the latest installment of Microsoft updates is now being exploited by malware authors.  The patch, designated MS09-002, fixed a memory corruption vulnerability, which can cause remote code execution.