Gladiator Research and Security

Microsoft has announced 13 new patches for its February release. One vulnerability causing an elevation of privileges, fixed by MS10-015 and rated Important by Microsoft, already has exploit code available.  Five patches are rated Critical, seven are rated Important, and one is rated Moderate.  Gladiator recommends that users immediately apply all critical updates. Detailed information for these patches can be found in Microsoft’s February Security Bulletin. 

GSA Reference Number: AD100205-01

Simply Put: Gladiator has been alerted to an increased number of phishing scams trying to trick users into installing Zeus Trojans.  These emails are sent using spoofed sender addresses, generally pretending to be from government sources such as the NSA or Pentagon.  The emails also contain text that could  reasonably appear to be from the supposed sender, such as a government advisory or alert.

GSA Reference Number: AD100203-01

Simply Put: A new Internet Explorer (IE) information disclosure vulnerability has been announced by Microsoft.  This vulnerability could allow an attacker to access files in known locations on the victim’s system. For now, no widespread worms or exploit packs are currently using this vulnerability, and Microsoft has stated that they do not know of any attacks currently taking advantage of this vulnerability.  This vulnerability does not affect Internet Explorer running in Protected Mode, which is the default setting on Windows Vista, Windows Server 2008, or Windows 7.  This mode is not available in Windows XP.  A patch has not yet been released by Microsoft.

GSA Reference Number: AD100201-01

Simply Put: A fraudulent email is currently circulating that appears to be from Google in response to a job application.  The email scam informs recipients that their application has been received and that it is attached in a zip file.  The zip file contains a malicious executable that is identified as a Trojan downloader.

GSA Reference Number: AD100121-01

Previous GSA Reference Number: AD100119-01

Simply Put: Microsoft has released an out-of-band patch for the Internet Explorer remote code execution exploit referenced above as well as for other security vulnerabilities.  There is evidence that this exploit is being used in limited, targeted attacks on the Internet.  For now, no widespread worms or exploit packs are currently using this vulnerability.  The Microsoft bulletin can be found here, and the update can be downloaded through Windows Update.

GSA Reference Number: AD100119-01

Simply Put: A new Internet Explorer remote code execution exploit has been released.  There is evidence that this exploit is being used in limited, targeted attacks on the Internet.  For now, no widespread worms or exploit packs are currently using this vulnerability.  Microsoft has not released a patch, but is currently researching the issue and hopefully will release one soon.  Reports have been published linking this exploit to the Google hacking incident.  According to this Microsoft article, an out-of-band patch will be released for this vulnerability.

GSA Reference Number: AD100114-01
Previous GSA Reference Number: AD091215-01

Simply Put: Adobe has released a patch for the previously announced critical remote code execution vulnerability in the Adobe Reader and Acrobat products.  Adobe Reader and Acrobat 9.2 and earlier versions are confirmed as vulnerable.  This vulnerability has become a target of malware authors, and should be patched as quickly as possible.