Gladiator Research and Security

With the number of web exploits rising every day, organizations are discovering that some type of content or web filtering solution is necessary.  Content filters provide a number of excellent benefits to an organization, including the ability to block access to domains that are known to house malware or exploits.  Organizations are also finding that the content filter is an excellent way to ensure that sites that are not necessary for operations and that have the potential to divert attention from users are denied.  However, many organizations are seeing users that have found that content filtering and web usage logging can be bypassed with the use of anonymous proxy servers.

The amount of spam on the Internet has decreased considerably during the last week.  All signs are pointing to the takedown of McColo Corp, a US-based service provider notorious for housing spam and malware providers, as the probable reason.  Multiple articles have been written debating the pros and cons of taking down an entire service provider (some are linked below), but I think we can all agree that the reduction in spam is a welcome sight.  Gladiator’s eShield service has detected a remarkable decrease in spam of over 60% recently.  The graph below indicates our spam counts for the last month:

Microsoft’s Patch Tuesday has arrived, and there are two new security patches available.  And although only a couple of patches were released, patching this month is just as important as ever.  The first patch deals with a critical flaw in the XML Core services, which are called by Internet Explorer.  This vulnerability could allow remote code execution.  The second patch deals with the Server Message Block (SMB) protocol, used for file sharing in Windows.  This patch is rated “important” by Microsoft, and could also result in remote code execution.  Both patches are listed as “exploitable” by Microsoft.  The patches are more critical on client workstations than servers, since they affect client programs such as web browsers.  Gladiator recommends you install these patches during your standard release cycle.

A number of critical vulnerabilities have been found in older versions of Adobe Acrobat and Adobe Reader.  The vulnerabilities affect version 8 of the Adobe products, more specifically, Adobe Reader 8.1.2 and earlier versions, Adobe Acrobat Professional, 3D, and Standard 8.1.2 and earlier versions.  These vulnerabilities could potentially cause a number of issues including a denial of service or even remote code execution through a specially-crafted .pdf file, which could lead to a system take-over.

Happy Halloween, everybody!  This is a great holiday that brings out the kid in all of us.  Unfortunately, it also brings out the email forwards with games that could be more “trick” than “treat.”  Malware authors are quick to take advantage of any holiday to send us fun, new ways to spend our free time.  In this case, our free time may be spent cleaning up some new spyware or trojans.  CRN has a nice piece on Halloween malware from the past few years.  I suggest you check it out and let your employees know to beware of email forwards with Halloween subjects.

Related Links:

• CRN: 9 Scary Halloween Tricks (http://www.crn.com/security/211800350)

GSA Reference Number: AD081023-01

Simply Put: Normally Microsoft only releases patches on the second Tuesday of each month.  But Microsoft has just released a bulletin notifying customers they will release a patch to address a new remote code execution exploit.  The patch was posted today at 1 pm and addresses a bug in the Server Service.

Today is Patch Tuesday, Microsoft’s monthly patch release day.  There were 11 new advisories released, with 4 of them critical, 6 important and 1 moderate.  The critical patches deal with Active Directory, Internet Explorer, Host Integration Server and Microsoft Excel.  These should be applied as soon as possible.   Remember to test them on a subset of your servers first to make sure they’re compatible with all of the software you currently run.