Gladiator Research and Security

GSA Reference Number: AD100630-01
Related GSA Reference Number: AD100607-01

Simply Put: Adobe has released a patch for the previously reported critical remote-code-execution vulnerability in Adobe Reader and Acrobat.  This patch addresses additional issues as well.  Adobe Reader and Acrobat versions 9.3.2 and earlier should upgrade.

GSA Reference Number: AD100616-01

Simply Put: Microsoft has released an advisory for a remote code execution vulnerability in Microsoft Windows Help and Support Center.  This vulnerability affects Windows XP and Windows Server 2003.  This vulnerability can be exploited if a user visits a malicious website or clicks a specially-crafted link in an email.  Microsoft has also been alerted to targeted attacks using this exploit code.  Gladiator recommends that users apply workarounds recommended by Microsoft as soon as possible.  No patch has been released as of yet.

Microsoft has announced 10 new patches today to fix vulnerabilities that could allow remote code execution, elevation of privileges and tampering.  Three patches are rated Critical by Microsoft and affect Microsoft Windows and Internet Explorer.  Seven patches are rated Important by Microsoft and affect Microsoft Windows, Office, and the .NET Framework.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. Other patches can be applied during your normal patch roll outs.  Detailed information for the patches can be found in Microsoft’s June Security Bulletin. 

GSA Reference Number: AD100607-01

Simply Put: Adobe has released an advisory for a critical vulnerability in Adobe Flash.  Adobe Reader and Acrobat are also exploitable through the authplay.dll component included with Adobe Reader and Acrobat 9.x.  This vulnerability can lead to remote code execution and are already the target of malware authors.  No patch is available at this time.  However, Adobe has provided workarounds in its advisory.

GSA Reference Number: AD100331-01

Microsoft has a released a security update that patches 10 reported vulnerabilities in Internet Explorer.  The reported vulnerabilities could potentially allow attackers to execute remote code by tricking users into viewing specially-crafted web pages.  This security update is rated Critical for all releases of Internet Explorer and it is highly recommended that all users apply the patch immediately.  The Microsoft bulletin can be found here, and the update can be applied through Windows Update.

Microsoft has announced two new patches today to fix vulnerabilities that could allow remote code execution.  Both patches are rated Important by Microsoft and affect Microsoft Windows and Microsoft Office.  Gladiator recommends that users immediately apply the Microsoft Office Excel patch. Detailed information for the patches can be found in Microsoft’s March Security Bulletin. 

GSA Reference Number: AD100302-01

Simply Put: A new Internet Explorer remote code execution exploit has been released.  This vulnerability affects Internet Explorer 6, 7, and 8 running on Windows 2000, Windows XP, and Windows Server 2003.  This vulnerability uses VBScript and Windows Help files to force a victim machine to run remote code.  In order to trigger this vulnerability, a user would have to hit the F1 key while visiting a malicious website.