Gladiator Research and Security

There have been reports of a new vulnerability in Microsoft Vista that would allow a local user to run code as System, which is an even higher privilege level than Administrator.  However, the user would have to be an Administrator to exploit the vulnerability, and the practical differences between Administrator and System are minimal.  So really, there is not much of a reason to be concerned.  If you see reports for an iphlpapi.dll Local Kernel Buffer Overflow, a Vista TCP/IP stack buffer overflow or a CreateIpForwardEntry2 this is the issue being referenced.  There is no need to panic.  In fact, Microsoft is not releasing an out-of-band patch for this issue, so they don’t believe it’s that critical.  Phion AG, the researcher group who found the vulnerability, has released a patch of its own, but we do not recommend you install it at this time.

• Continue reading

With the number of web exploits rising every day, organizations are discovering that some type of content or web filtering solution is necessary.  Content filters provide a number of excellent benefits to an organization, including the ability to block access to domains that are known to house malware or exploits.  Organizations are also finding that the content filter is an excellent way to ensure that sites that are not necessary for operations and that have the potential to divert attention from users are denied.  However, many organizations are seeing users that have found that content filtering and web usage logging can be bypassed with the use of anonymous proxy servers.

• Continue reading

GSA Reference Number: AD081120-01

Simply Put: Symantec Backup Exec versions 11.x and 12.x are vulnerable to a denial of service attack and an authentication bypass attack.  These vulnerabilities, if exploited together, can lead to a remote code exploit.  Both issues affect the Backup Exec Remote Agent.

• Continue reading