Gladiator Research and Security

GSA Reference Number: AD100429-01

Simply Put: A new attack has been detected that attempts to spread data-stealing malicious code via an email with the subject “setting for your mailbox are changed.”  Users should not open this email or the attachment. The email includes an infected PDF attachment called “doc.pdf,” which, when opened, runs a set of scripts and executables on the recipient’s computer that infect or spoof various Windows programs and services.  The methods used do not require JavaScript in order to execute.  Once infected, the machine will then periodically contact malicious Web locations to download and update itself with any of the latest malicious and data-stealing viruses.

GSA Reference Number: AD100414-01

Simply Put: Adobe has released a patch for critical vulnerabilities in the Adobe Reader and Acrobat products.  Adobe Reader and Acrobat 9.3.1 and earlier versions are confirmed as vulnerable.  Many of the vulnerabilities can lead to remote code execution and are likely to become a target of malware authors.  Adobe Reader and Acrobat should be patched as quickly as possible on all workstations and servers.

Microsoft has announced 11 new patches today to fix vulnerabilities that could allow remote code execution, denial of service, elevation of privileges, and spoofing.  Five patches are rated Critical by Microsoft and affect Microsoft Windows.  Five patches are rated Important by Microsoft and affect Microsoft Windows and Microsoft Office.  One patch is rated Moderate and affects Microsoft Windows.  Gladiator recommends that users immediately apply the Critical patches. Detailed information for the patches can be found in Microsoft’s April Security Bulletin. 

GSA Reference Number: AD100331-01

Microsoft has a released a security update that patches 10 reported vulnerabilities in Internet Explorer.  The reported vulnerabilities could potentially allow attackers to execute remote code by tricking users into viewing specially-crafted web pages.  This security update is rated Critical for all releases of Internet Explorer and it is highly recommended that all users apply the patch immediately.  The Microsoft bulletin can be found here, and the update can be applied through Windows Update.

Microsoft has announced two new patches today to fix vulnerabilities that could allow remote code execution.  Both patches are rated Important by Microsoft and affect Microsoft Windows and Microsoft Office.  Gladiator recommends that users immediately apply the Microsoft Office Excel patch. Detailed information for the patches can be found in Microsoft’s March Security Bulletin. 

GSA Reference Number: AD100302-01

Simply Put: A new Internet Explorer remote code execution exploit has been released.  This vulnerability affects Internet Explorer 6, 7, and 8 running on Windows 2000, Windows XP, and Windows Server 2003.  This vulnerability uses VBScript and Windows Help files to force a victim machine to run remote code.  In order to trigger this vulnerability, a user would have to hit the F1 key while visiting a malicious website.

GSA Reference Number: AD100217-01

Simply Put: Cisco has released an advisory for multiple vulnerabilities with Cisco ASA 5500 devices.  This advisory identifies six new denial of service vulnerabilities and one new authentication bypass vulnerability.  An update from Cisco is available to address these issues and should be applied as soon as possible.  Gladiator will be testing this update for compatibility and stability and will then notify affected clients if an update is necessary.