March Patch Tuesday
Microsoft has announced three new patches for its monthly release cycle. One patch is rated critical, and affects both server and client operating systems. This patch covers a remote code execution vulnerability, and should be patched as soon as possible. The other two patches are rated important, and only affect servers. These vulnerabilities could allow spoofing, but not remote code execution.
New Adobe Acrobat and Reader Vulnerability
GSA Reference Number: AD090220-01
Simply Put: Adobe Acrobat 9 and Reader 9 and earlier versions contain an unpatched critical vulnerability that allows arbitrary code execution. Adobe has released an advisory on this issue, but a patch will not be released until March 11th. A workaround has been published that will prevent code execution, but the application will still crash.
IE7 Vulnerability Being Exploited
GSA Reference Number: AD090218-01
Simply Put: An Internet Explorer 7 vulnerability patched in the latest installment of Microsoft updates is now being exploited by malware authors. The patch, designated MS09-002, fixed a memory corruption vulnerability, which can cause remote code execution.
Previous Articles
Gladiator Research and Security
This site is here to provide security related information and articles to better protect your financial institutions. We'll be posting advisories, blog entries and trends often so be sure to check back weekly.