Site Archives Advisory
Trojan Malware Sent via PDF Attachment
GSA Reference Number: AD100429-01
Simply Put: A new attack has been detected that attempts to spread data-stealing malicious code via an email with the subject “setting for your mailbox are changed.” Users should not open this email or the attachment. The email includes an infected PDF attachment called “doc.pdf,” which, when opened, runs a set of scripts and executables on the recipient’s computer that infect or spoof various Windows programs and services. The methods used do not require JavaScript in order to execute. Once infected, the machine will then periodically contact malicious Web locations to download and update itself with any of the latest malicious and data-stealing viruses.
April Adobe Patch Release
GSA Reference Number: AD100414-01
Simply Put: Adobe has released a patch for critical vulnerabilities in the Adobe Reader and Acrobat products. Adobe Reader and Acrobat 9.3.1 and earlier versions are confirmed as vulnerable. Many of the vulnerabilities can lead to remote code execution and are likely to become a target of malware authors. Adobe Reader and Acrobat should be patched as quickly as possible on all workstations and servers.
April Microsoft Patch Tuesday
Microsoft has announced 11 new patches today to fix vulnerabilities that could allow remote code execution, denial of service, elevation of privileges, and spoofing. Five patches are rated Critical by Microsoft and affect Microsoft Windows. Five patches are rated Important by Microsoft and affect Microsoft Windows and Microsoft Office. One patch is rated Moderate and affects Microsoft Windows. Gladiator recommends that users immediately apply the Critical patches. Detailed information for the patches can be found in Microsoft’s April Security Bulletin. 
Internet Explorer Out-of-Band Patch Released
GSA Reference Number: AD100331-01
Microsoft has a released a security update that patches 10 reported vulnerabilities in Internet Explorer. The reported vulnerabilities could potentially allow attackers to execute remote code by tricking users into viewing specially-crafted web pages. This security update is rated Critical for all releases of Internet Explorer and it is highly recommended that all users apply the patch immediately. The Microsoft bulletin can be found here, and the update can be applied through Windows Update.
March Microsoft Patch Tuesday
Microsoft has announced two new patches today to fix vulnerabilities that could allow remote code execution. Both patches are rated Important by Microsoft and affect Microsoft Windows and Microsoft Office. Gladiator recommends that users immediately apply the Microsoft Office Excel patch. Detailed information for the patches can be found in Microsoft’s March Security Bulletin.
New Internet Explorer Remote Code Execution Vulnerability
GSA Reference Number: AD100302-01
Simply Put: A new Internet Explorer remote code execution exploit has been released. This vulnerability affects Internet Explorer 6, 7, and 8 running on Windows 2000, Windows XP, and Windows Server 2003. This vulnerability uses VBScript and Windows Help files to force a victim machine to run remote code. In order to trigger this vulnerability, a user would have to hit the F1 key while visiting a malicious website.
7 New Cisco Vulnerabilities in ASA 5500 Devices
GSA Reference Number: AD100217-01
Simply Put: Cisco has released an advisory for multiple vulnerabilities with Cisco ASA 5500 devices. This advisory identifies six new denial of service vulnerabilities and one new authentication bypass vulnerability. An update from Cisco is available to address these issues and should be applied as soon as possible. Gladiator will be testing this update for compatibility and stability and will then notify affected clients if an update is necessary.
Find It Quickly
Find what you're looking for quickly by using our keyword search. Can't find it? Try our links below.
Monthly Archives
Find posts by the month they were written.
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- July 2008
- May 2008
- April 2008
- March 2008
- January 2008
- December 2007
- November 2007