Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    April 2012
    S M T W T F S
    « Mar   May »
  • Email Subscription

  • About Us

    Archive for April 10th, 2012

    Microsoft released today six bulletins addressing several vulnerabilities for the month of April. Of note, the update patching Internet Explorer versions 6-9 and the update addressing the Windows Common Controls ActiveX control, which is used in a number of Microsoft programs such MS Office.

    This MSRC blog entry reports that there have been some attacks using the MS12-027 vulnerability. While these attacks were not elaborated, the report claims attackers are using specially crafted MS Office documents to exploit this vulnerability. MS Office 2007 and MS Office 2010 users can actively protect their computers by disabling ActiveX controls via the Trust Center Settings > ActiveX Settings. More details of this workaround are found in the MSRC blog.

    Note that the vulnerability described in the MS12-027 bulletin also affects several versions of Visual FoxPro, Commerce Server, BizTalk Server, as well as SQL Server. It is highly recommended to apply updates whenever possible.

    Bulletin MS12-023, on the other hand, provides protection from five identified vulnerabilities in Internet Explorer 6, 7, 8, and 9 versions. This particular update includes a multi-layered approach of defense against the five vulnerabilities found in Internet Explorer. More information on the said vulnerabilities can be found in this Threat Encyclopedia page.

    Trend Micro Deep Security users are protected from attacks using MS12-023 by applying the following rules:

    • 1004970 – Microsoft Internet Explorer ‘OnReadyStateChange’ Remote Code Execution Vulnerability (CVE-2012-0170)
    • 1004971 – VML Style Remote Code Execution Vulnerability (CVE-2012-0172)
    • 1004975 – Microsoft Internet Explorer ‘selectAll’ Remote Code Execution Vulnerability (CVE-2012-0171)

    In addition, Deep Security also protects users from exploits using MS12-027 via 1004973 – MSCOMCTL.OCX RCE Vulnerability (CVE-2012-0158) and 1004977 – Microsoft Windows MSCOMCTL.OCX Remote Code Execution Vulnerability (CVE-2012-0158). Moreover, Deep Security provides a layer of protection for systems that cannot be patched or updated right away. Using its vulnerability shielding feature, systems hosting critical applications or legacy systems that cannot be updated immediately are protected from any attack using any of the vulnerabilities mentioned.

    A complete list of rules for this month’s patches is found in this Threat Encyclopedia page.

    Posted in Vulnerabilities | Comments Off on Patch Tuesday April 2012: Microsoft Issues 4 Critical, 2 Important Updates

    Just like what we have reported recently, we have spotted yet another targeted attack campaign that uses Pro-Tibetan sentiments as social engineering ploy for the attackers to infiltrate target systems. And yes, this is again targeting Windows and Mac systems.

    It starts with the email below:

    Users clicking on the link included in the email will be led to a site with a script that determines if the user is using a Windows or a Mac system.

    The site is currently not resolving but we managed to get the code from Google’s cache:

    Read the rest of this entry »



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice