Gladiator Research and Security

Microsoft has announced nine new patches today to fix vulnerabilities that could allow remote code execution and elevation of privileges.  Four patches are rated Critical by Microsoft and affect Microsoft Windows and Microsoft Office.  Five patches are rated Important by Microsoft and affect Microsoft Windows.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. Detailed information regarding the patches can be found in Microsoft’s September Security Bulletin. 

Microsoft has announced 15 new patches today to fix vulnerabilities that could allow remote code execution and elevation of privileges.  Nine patches are rated Critical by Microsoft and affect Microsoft Windows, Microsoft Office, Microsoft .NET, and Internet Explorer.  Six patches are rated Important by Microsoft and affect Microsoft Windows and Microsoft Office.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. Detailed information for the patches can be found in Microsoft’s August Security Bulletin. 

GSA Reference Number: AD100805-01

Simply Put: A new vulnerability has been found in Adobe Acrobat.  This vulnerability can result in remote code execution.  A patch is not available at this time; however, Adobe is working on a fix that should come out in the next few weeks.  Adobe Reader and Acrobat versions 9.3.3 and earlier are vulnerable to this issue.

GSA Reference Number: AD100802-01
Related GSA Reference Number: AD100719-01

Simply Put: Microsoft has released an advisory for a code execution vulnerability in Microsoft Windows Shell.  This vulnerability affects Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7.  This vulnerability can be exploited if a user opens a USB device or network share with a malicious-crafted shortcut file (.lnk).  Microsoft has also been alerted to attacks using this exploit code.  Gladiator recommends that users apply the patch provided by Microsoft as soon as possible.

GSA Reference Number: AD100719-01

Simply Put: Microsoft has released an advisory for a code execution vulnerability in Microsoft Windows Shell.  This vulnerability affects Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7.  This vulnerability can be exploited if a user opens a USB device or network share with a malicious-crafted shortcut file (.lnk).  Microsoft has also been alerted to attacks using this exploit code.  Gladiator recommends that users apply workarounds recommended by Microsoft as soon as possible.  No patch has been released as of yet.

Microsoft has announced 4 new patches today to fix vulnerabilities that could allow remote code execution, elevation of privileges and tampering.  Three patches are rated Critical by Microsoft and affects Microsoft Windows and Microsoft Office.  One patch is rated Important by Microsoft and affects Microsoft Outlook.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. Detailed information for the patches can be found in Microsoft’s July Security Bulletin.  Summary information is included below:

GSA Reference Number: AD100630-01
Related GSA Reference Number: AD100607-01

Simply Put: Adobe has released a patch for the previously reported critical remote-code-execution vulnerability in Adobe Reader and Acrobat.  This patch addresses additional issues as well.  Adobe Reader and Acrobat versions 9.3.2 and earlier should upgrade.