Gladiator Research and Security

GSA Reference Number: AD100719-01

Simply Put: Microsoft has released an advisory for a code execution vulnerability in Microsoft Windows Shell.  This vulnerability affects Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7.  This vulnerability can be exploited if a user opens a USB device or network share with a malicious-crafted shortcut file (.lnk).  Microsoft has also been alerted to attacks using this exploit code.  Gladiator recommends that users apply workarounds recommended by Microsoft as soon as possible.  No patch has been released as of yet.

Microsoft has announced 4 new patches today to fix vulnerabilities that could allow remote code execution, elevation of privileges and tampering.  Three patches are rated Critical by Microsoft and affects Microsoft Windows and Microsoft Office.  One patch is rated Important by Microsoft and affects Microsoft Outlook.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. Detailed information for the patches can be found in Microsoft’s July Security Bulletin.  Summary information is included below:

GSA Reference Number: AD100616-01

Simply Put: Microsoft has released an advisory for a remote code execution vulnerability in Microsoft Windows Help and Support Center.  This vulnerability affects Windows XP and Windows Server 2003.  This vulnerability can be exploited if a user visits a malicious website or clicks a specially-crafted link in an email.  Microsoft has also been alerted to targeted attacks using this exploit code.  Gladiator recommends that users apply workarounds recommended by Microsoft as soon as possible.  No patch has been released as of yet.

Microsoft has announced 10 new patches today to fix vulnerabilities that could allow remote code execution, elevation of privileges and tampering.  Three patches are rated Critical by Microsoft and affect Microsoft Windows and Internet Explorer.  Seven patches are rated Important by Microsoft and affect Microsoft Windows, Office, and the .NET Framework.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. Other patches can be applied during your normal patch roll outs.  Detailed information for the patches can be found in Microsoft’s June Security Bulletin. 

Microsoft has announced two new patches today to fix vulnerabilities that could allow remote code execution.  Both patches are rated Critical by Microsoft and affect Microsoft Windows and Microsoft Office.  Gladiator recommends that users with impacted systems apply both Critical patches. Detailed information for the patches can be found in Microsoft’s May Security Bulletin. 

Microsoft has announced 11 new patches today to fix vulnerabilities that could allow remote code execution, denial of service, elevation of privileges, and spoofing.  Five patches are rated Critical by Microsoft and affect Microsoft Windows.  Five patches are rated Important by Microsoft and affect Microsoft Windows and Microsoft Office.  One patch is rated Moderate and affects Microsoft Windows.  Gladiator recommends that users immediately apply the Critical patches. Detailed information for the patches can be found in Microsoft’s April Security Bulletin. 

GSA Reference Number: AD100331-01

Microsoft has a released a security update that patches 10 reported vulnerabilities in Internet Explorer.  The reported vulnerabilities could potentially allow attackers to execute remote code by tricking users into viewing specially-crafted web pages.  This security update is rated Critical for all releases of Internet Explorer and it is highly recommended that all users apply the patch immediately.  The Microsoft bulletin can be found here, and the update can be applied through Windows Update.