Gladiator Research and Security

Microsoft has announced twelve new patches today to fix many vulnerabilities, including some that could allow remote code execution.  Five patches are rated Critical by Microsoft and affect Microsoft Windows and Internet Explorer.  The other patches are rated Important by Microsoft and affects Microsoft Windows.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. Detailed information regarding the patches can be found in Microsoft’s January Security Bulletin.  Summary information is included below:

GSA Reference Number: AD090330-01

Simply Put: A small media frenzy has been created as many security professionals and groups have released research which indicates that the Conficker worm will be changing the way it works on April 1st, 2009.  On April 1st, Conficker will be reconfiguring its updating functionality, making it easier for infected machines to receive updates.  While the code update is important news, researchers have found no indication of an attack beginning on April 1st.  These updates will be occurring to machines that are already infected.  However, the risk of a new Conficker infection is something that is always prevalent.  April 1st will certainly be an important date to monitor network traffic, but the Conficker worm will be just as dangerous before and after April 1st, as many of Conficker’s attack and propagation techniques have been very effective to date.