The solution for the vulnerability that was left unpatched during last month’s patch cycle was included in the recently released security advisory, along with a dozen other vulnerability reports.

Of the 13 security vulnerabilities fixed today, 8 vulnerabilities were marked “critical” while the other 5 were marked “important.” This month’s release covered a wide range of vulnerabilities, each of which affects long lists of software. Listed among the software affected in several of the released security update is the very much coveted Windows 7, which is slated to be released next week.

The update also included a security update for a vulnerability that was partly addressed in a previous patch release. More information on the security advisories can be found in this Trend Micro Security Advisory page.

Considering that many of the newly patched vulnerabilities enable remote code execution, it is all but necessary that users patch their systems as soon as possible.

Trend Micro OfficeScan users with Intrusion Defense Firewall plugin installed should apply today’s update for the latest filters (IDF9030). This version contains protection from attacks exploiting the above and other vulnerabilities.

Trend Micro threat analysts were recently alerted to a phishing attempt targeting random employees of several companies. The email posed as a notification from the company’s “system administrator,” reminding the employee to update his/her system’s software due to a recent server software upgrade. The spammed email contained a URL using several subdomains that resolved to the same IP address.

Trend Micro Advanced Threats Researcher Joey Costoya believes the subdomains are tailor-made, depending on the recipent’s email address. This makes the email seem legitimate, even if it is not, tricking unknowing users into clicking the URL.

As of this writing, the URLs are already inaccessible. Trend Micro analyzed the domains and subdomains used in this attack and found that they are already blacklisted. The domain was registered for only one year.

Trend Micro Smart Protection Network™ already detects the malicious files as TROJ_ZBOT.AYX and blocks the spammed emails. Non-Trend Micro product users are, on the other hand, advised to use HouseCall, Trend Micro’s highly popular and capable on-demand scanner for identifying and removing viruses, Trojans, worms, unwanted browser plugins, and other malware.