Site Archives Advisory
Adobe Releases Patch for Acrobat/Reader
GSA Reference Number: AD101117-01
Simply Put: Adobe has released an update for Adobe Acrobat and Reader versions 9.4 and earlier. This update fixes a publicly disclosed vulnerability that is currently being used to attack systems on the Internet.
This is a critical issue, and the patch should be applied as soon as possible.
November Microsoft Patch Tuesday
Microsoft has announced three new patches today to fix vulnerabilities that could allow remote code execution and elevation of privileges. One patch is rated Critical by Microsoft and affects Microsoft Office. Two patches are rated Important by Microsoft and affect Microsoft Office and Microsoft Forefront United Access Gateway. Gladiator recommends that users with impacted systems apply all Critical patches immediately. Detailed information regarding the patches can be found in Microsoft’s November Security Bulletin.
Vulnerability in Internet Explorer Could Allow Remote Code Execution (CVE-2010-3962)
Microsoft has released information about a new vulnerability that could potentially affect many Internet Explorer users. This vulnerability could potentially allow remote code execution if the victim visits certain malicious websites. Microsoft is aware of the vulnerability and working to quickly release patches. Currently, all production versions of Internet Explorer are affected and this includes versions 6, 7, and 8. The Internet Explorer 9 beta is not vulnerable to this vulnerability. To mitigate the vulnerability, users are advised to upgrade to Internet Explorer 8 and enable Data Execution Prevention (DEP). Disabling scripting or ActiveX controls will also prevent the malicious scripts from running.
Multiple Adobe Product Vulnerabilities
GSA Reference Number: AD101105-01
Simply Put: Multiple Adobe products are vulnerable to some new high-risk remote code execution issues. First off, Adobe Flash Player versions earlier than 10.1.85.3 have critical vulnerabilities that can be exploited by an attacker to take control of affected systems. Adobe has released an update for Flash. Second, Adobe Acrobat and Reader versions 9.4 and earlier are vulnerable to a similar issue because they implement Flash features through an authplay.dll file that can be called from a PDF. Finally, Adobe Shockwave Player is vulnerable to attack through a remote code execution issue, as well. There are no patches available for the Adobe Acrobat, Reader or Shockwave Player vulnerabilities.
Critical Java Update Released
Simply Put: A critical patch addressing 29 vulnerabilities has been released by Oracle for the Java software platform.
October Microsoft Patch Tuesday
Microsoft has announced sixteen new patches today to fix vulnerabilities that could allow remote code execution and elevation of privileges. Four patches are rated Critical by Microsoft and affect Microsoft Windows and Microsoft Internet Explorer. Ten patches are rated Important by Microsoft and affect Microsoft Windows, Microsoft Office, and Microsoft .NET. Two patches are rate Moderate by Microsoft and affect Microsoft Windows. Gladiator recommends that users with impacted systems apply all Critical patches immediately. Detailed information regarding the patches can be found in Microsoft’s October Security Bulletin. Summary information is included below:
Security Updates Available for Adobe Software
Abobe has just released its quarterly security updates early to address critical vulnerabilities in Adobe Reader. Gladiator strongly advises that users patch all devices as soon as possible as some of the Adobe Reader and Flash vulnerabilities could allow remote code execution. Currently, all Adobe installations prior to versions 9.4 or 8.2.5 (for the non v9 code base) are affected by the vulnerabilities. Affected software can be updated using the Adobe update manager or by visiting Adobe’s download pages to obtain the latest version. You can read more about the vulnerabilities and solutions here at Adobe’s security blog.
Find It Quickly
Find what you're looking for quickly by using our keyword search. Can't find it? Try our links below.
Monthly Archives
Find posts by the month they were written.
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- July 2008
- May 2008
- April 2008
- March 2008
- January 2008
- December 2007
- November 2007