New Internet Explorer Remote Code Execution Vulnerability
GSA Reference Number: AD100302-01
Simply Put: A new Internet Explorer remote code execution exploit has been released. This vulnerability affects Internet Explorer 6, 7, and 8 running on Windows 2000, Windows XP, and Windows Server 2003. This vulnerability uses VBScript and Windows Help files to force a victim machine to run remote code. In order to trigger this vulnerability, a user would have to hit the F1 key while visiting a malicious website.
7 New Cisco Vulnerabilities in ASA 5500 Devices
GSA Reference Number: AD100217-01
Simply Put: Cisco has released an advisory for multiple vulnerabilities with Cisco ASA 5500 devices. This advisory identifies six new denial of service vulnerabilities and one new authentication bypass vulnerability. An update from Cisco is available to address these issues and should be applied as soon as possible. Gladiator will be testing this update for compatibility and stability and will then notify affected clients if an update is necessary.
February Microsoft Patch Announcement
Microsoft has announced 13 new patches for its February release. One vulnerability causing an elevation of privileges, fixed by MS10-015 and rated Important by Microsoft, already has exploit code available. Five patches are rated Critical, seven are rated Important, and one is rated Moderate. Gladiator recommends that users immediately apply all critical updates. Detailed information for these patches can be found in Microsoft’s February Security Bulletin.
Previous Articles
Gladiator Research and Security
This site is here to provide security related information and articles to better protect your financial institutions. We'll be posting advisories, blog entries and trends often so be sure to check back weekly.