Gladiator Research and Security

GSA Reference Number: AD110412-01

Simply Put: Adobe has released a new security advisory regarding a critical vulnerability in Adobe Flash Player, Reader, and Acrobat.  The vulnerability could cause the programs to crash and possibly allow remote code execution.  These vulnerabilities are reportedly being exploited by malware authors at this time.  The attacks are being delivered in Word documents as email attachments.  No patch is available at this time.  Gladiator recommends that institutions inform their users of this threat and tell them not to open any Word document attachments without checking with their information security officer.

GSA Reference Number: AD110323-01

Simply Put: Adobe has released critical updates for its Reader, Acrobat, and Flash products.  High-risk vulnerabilities are present in these applications that could allow for remote code execution.  Gladiator recommends that institutions roll out these patches to all of their vulnerable workstations and servers as soon as possible.

Microsoft has announced three new patches today to fix three vulnerabilities, including one that could allow remote code execution.  One patch is rated Critical by Microsoft and affects Microsoft Windows.  The two other patches are rated Important by Microsoft and affects Microsoft Windows and Microsoft Office.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. Detailed information regarding the patches can be found in Microsoft’s March Security Bulletin.  Summary information is included below:

GSA Reference Number: AD110208-01

Simply Put: Adobe has released an update for Adobe Reader versions 9.4.2 and 10.0.1.  These latest versions address serious vulnerabilities and added security enhancements.

Microsoft has announced twelve new patches today to fix many vulnerabilities, including some that could allow remote code execution.  Five patches are rated Critical by Microsoft and affect Microsoft Windows and Internet Explorer.  The other patches are rated Important by Microsoft and affects Microsoft Windows.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. Detailed information regarding the patches can be found in Microsoft’s January Security Bulletin.  Summary information is included below:

Microsoft has announced two new patches today to fix vulnerabilities that could allow remote code execution.  One patch is rated Critical by Microsoft and affects Microsoft Windows.  The other patch is rated Important by Microsoft and affects Microsoft Windows.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. Detailed information regarding the patches can be found in Microsoft’s January Security Bulletin. 

Microsoft has announced 17 new patches today to fix vulnerabilities that could allow remote code execution, elevation of privileges, and denial of service.  Two patches are rated Critical by Microsoft and affect Microsoft Windows and Internet Explorer.  Fourteen patches are rated Important by Microsoft and affect Microsoft Office, Microsoft SharePoint, and Microsoft Windows.  Furthermore, one patch is rated Moderate and affects Microsoft Exchange.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. In addition, Gladiator recommends that MS10-098 and MS10-105 are also applied immediately. Detailed information regarding the patches can be found in Microsoft’s December Security Bulletin.