Gladiator Research and Security

Microsoft has announced eight new patches today, including six that could allow remote code execution.  Two patches are rated Critical by Microsoft and affect Microsoft Windows, Internet Explorer, the Microsoft .NET Framework, and Microsoft Silverlight.  Gladiator recommends you apply MS11-078 and MS11-081 due to the risk of remote code exploitation.  Detailed information regarding the patches can be found in Microsoft’s October Security Bulletin.  

Microsoft has announced twelve new patches today to fix many vulnerabilities, including some that could allow remote code execution.  Five patches are rated Critical by Microsoft and affect Microsoft Windows and Internet Explorer.  The other patches are rated Important by Microsoft and affects Microsoft Windows.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. Detailed information regarding the patches can be found in Microsoft’s January Security Bulletin.  Summary information is included below:

Microsoft has announced 10 new patches today to fix vulnerabilities that could allow remote code execution, elevation of privileges and tampering.  Three patches are rated Critical by Microsoft and affect Microsoft Windows and Internet Explorer.  Seven patches are rated Important by Microsoft and affect Microsoft Windows, Office, and the .NET Framework.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. Other patches can be applied during your normal patch roll outs.  Detailed information for the patches can be found in Microsoft’s June Security Bulletin. 

GSA Reference Number: AD100331-01

Microsoft has a released a security update that patches 10 reported vulnerabilities in Internet Explorer.  The reported vulnerabilities could potentially allow attackers to execute remote code by tricking users into viewing specially-crafted web pages.  This security update is rated Critical for all releases of Internet Explorer and it is highly recommended that all users apply the patch immediately.  The Microsoft bulletin can be found here, and the update can be applied through Windows Update.

GSA Reference Number: AD100302-01

Simply Put: A new Internet Explorer remote code execution exploit has been released.  This vulnerability affects Internet Explorer 6, 7, and 8 running on Windows 2000, Windows XP, and Windows Server 2003.  This vulnerability uses VBScript and Windows Help files to force a victim machine to run remote code.  In order to trigger this vulnerability, a user would have to hit the F1 key while visiting a malicious website.

GSA Reference Number: AD100203-01

Simply Put: A new Internet Explorer (IE) information disclosure vulnerability has been announced by Microsoft.  This vulnerability could allow an attacker to access files in known locations on the victim’s system. For now, no widespread worms or exploit packs are currently using this vulnerability, and Microsoft has stated that they do not know of any attacks currently taking advantage of this vulnerability.  This vulnerability does not affect Internet Explorer running in Protected Mode, which is the default setting on Windows Vista, Windows Server 2008, or Windows 7.  This mode is not available in Windows XP.  A patch has not yet been released by Microsoft.

GSA Reference Number: AD100121-01

Previous GSA Reference Number: AD100119-01

Simply Put: Microsoft has released an out-of-band patch for the Internet Explorer remote code execution exploit referenced above as well as for other security vulnerabilities.  There is evidence that this exploit is being used in limited, targeted attacks on the Internet.  For now, no widespread worms or exploit packs are currently using this vulnerability.  The Microsoft bulletin can be found here, and the update can be downloaded through Windows Update.