Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  
  • Email Subscription

  • About Us


    Author Archive - Danielle Veluz (Technical Communications)




    This month’s Patch Tuesday release can be considered relatively light with only three Critical bulletins, with the remaining 10 bulletins rated as Important.

    As is usually the case, the cumulative update for Internet Explorer (MS15-043) is one of those rated as Critical. MS15-044 addresses critical vulnerabilities in Microsoft Font driver, which could allow remote code execution if users open specially crafted documents or visits an untrusted webpage that contains embedded TrueType fonts. Lastly, MS15-045 addresses a critical vulnerability in Microsoft Journal that could allow for remote code execution if a user opens a specially crafted Microsoft Journal file.

    The remaining ten other bulletins are rated as Important, and cover a wide range of software from Microsoft Office, SharePoint Server, the .NET Framework, and various Windows components.

    We urge users to patch their endpoints and servers as soon as possible. Trend Micro Deep Security and Vulnerability Protection protect user systems from threats that may leverage these vulnerabilities with the following DPI rules:

    • 1006662 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1658)
    • 1006663 – Microsoft Windows Journal Remote Code Execution Vulnerability (CVE-2015-1675)
    • 1006664 – Microsoft Internet Explorer ASLR Bypass (CVE-2015-1685)
    • 1006665 – Microsoft Internet Explorer VBScript ASLR Bypass (CVE-2015-1686)
    • 1006666 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1689)
    • 1006667 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1691)
    • 1006668 – Microsoft Internet Explorer Clipboard Information Disclosure Vulnerability (CVE-2015-1692)
    • 1006669 – Microsoft Windows Journal Remote Code Execution Vulnerability (CVE-2015-1695)
    • 1006670 – Microsoft Windows Journal Remote Code Execution Vulnerability (CVE-2015-1696)
    • 1006671 – Microsoft Windows Journal Remote Code Execution Vulnerability (CVE-2015-1697)
    • 1006672 – Microsoft Windows Journal Remote Code Execution Vulnerability (CVE-2015-1698)
    • 1006673 – Microsoft Windows Journal Remote Code Execution Vulnerability (CVE-2015-1699)
    • 1006674 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1705)
    • 1006675 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1706)
    • 1006676 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1708)
    • 1006678 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1710)
    • 1006679 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1711)
    • 1006680 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1712)
    • 1006694 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1717)
    • 1006695 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1718)
    • 1006696 – Microsoft Office Memory Corruption Vulnerability (CVE-2015-1682)
    • 1006697 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1714)
    • 1006698 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1709)

    More information about these bulletins and their corresponding Trend Micro solutions are posted at our Threat Encyclopedia Page: May 2015 – Microsoft Releases 13 Security Advisories.

     
    Posted in Vulnerabilities |



    This month’s Patch Tuesday release appears moderately light compared with the previous month’s, with only 11 security bulletins with four rated ‘Critical’, while the rest are rated as ‘Important’. Microsoft addressed a total of 26 vulnerabilities this April.

    The critical security updates issued by Microsoft all deal with remote code execution (RCE) vulnerabilities. One of the updates rated as ‘Critical’ is MS15-033 or Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019) addresses flaws that could be exploited across several versions of Microsoft Office including Microsoft Word 2007, Microsoft Office 2010, Microsoft Word 2010 Microsoft Word Viewer, Microsoft Office Compatibility Pack, etc.

    A summary of our Patch Tuesday coverage for April 2015 is posted at our Threat Encyclopedia Page: April 2015 – Microsoft Releases 11 Security Advisories.

    Users and system administrators are strongly advised to issue the appropriate patches for these system vulnerabilities. Trend Micro Deep Security and Vulnerability Protection protect user systems from threats that may leverage these vulnerabilities following DPI rules:

    • 1006609 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1652)
    • 1006610 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1657)
    • 1006611 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1659)
    • 1006612 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1660)
    • 1006613 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1661)
    • 1006614 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1662)
    • 1006615 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1665)
    • 1006616 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1666)
    • 1006617 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1667)
    • 1006618 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1668)
    • 1006623 – Microsoft Office Memory Corruption Vulnerability (CVE-2015-1641)
    • 1006625 – Microsoft Office Component Use After Free Vulnerability (CVE-2015-1649)
    • 1006626 – Microsoft Office Component Use After Free Vulnerability (CVE-2015-1650)
    • 1006627 – Microsoft Office Component Use After Free Vulnerability (CVE-2015-1651)
    • 1006620 – Microsoft Windows HTTP.sys Remote Code Execution Vulnerability (CVE-2015-1635)
    • 1006619 – Microsoft Windows EMF Processing Remote Code Execution Vulnerability (CVE-2015-1645)
    • 1000552 – Generic Cross Site Scripting (XSS) Prevention
    • 1006628 – MSXML Same Origin Policy Security Bypass Vulnerability (CVE-2015-1646)
    • 1006629 – Microsoft Windows ASP.NET Information Disclosure Vulnerability (CVE-2015-1648)

    Solution for “Re-Direct To SMB” Vulnerability

    In addition to the DPI rules for this month’s Patch Tuesday, we are also issuing an update that addresses a newly-disclosed vulnerability that is said to affect 31 application from Adobe, Apple, Microsoft, among other software. More about this vulnerability known as the “Re-Direct To SMB” vulnerability can be found at this page: Vulnerability Note VU#672268 

    Trend Micro Deep Security and Vulnerability Protection protect user systems from this vulnerability through the following DPI rule:

    • 1006631 – Identified File Protocol Handler In HTTP Location Header
     
    Posted in Vulnerabilities | Comments Off on April 2015 Patch Tuesday Issues Updates to Microsoft Office



    Today Microsoft released their monthly Patch Tuesday posting, with a total of 14 security bulletins that include 5 bulletins that were listed as Critical. This batch of patches addresses vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Exchange, and Internet Explorer.

    Fixes for FREAK

    One of the more notable bugs covered by this posting include the recent FREAK (Factoring RSA Export Keys) vulnerability seen in early March, which forces a secure connection to use weaker encryption—making it easier for attackers to decrypt and sniff data encrypted by SSL. The FREAK vulnerability is patched by MS15-031 and was given an Important rating.

    FREAK was discovered by Karthikeyan Bhargavan at INRIA in Paris and the mitLS team. Initially, it was thought that only OpenSSL (versions prior to 1.0.1k) and Apple TLS/SSL clients were vulnerable to man-in-the-middle (MITM) attacks, but later research revealed that Microsoft products were at risk as well.

    Critical Bulletins Include Updates for Internet Explorer- Again

    Last month’s Patch Tuesday update included a critical update for different versions of Internet Explorer. The same goes for this month’s patches, but this time, MS15-018 only addresses a total of 12 CVEs, while the MS15-009 update last month addressed 41 different CVEs.

    MS15-021 is another update rated as Critical and addresses eight vulnerabilities in the Adobe Font Driver that could lead to remote code execution (RCE). Other updates that were given the Critical rating addressed holes in Microsoft Office and SharePoint (MS15-022), and an RCE vulnerability in the VBScript scripting engine in Microsoft Windows (MS15-019).

    One bulletin that received a Critical rating (MS15-020) also deserves to be highlighted due to its history: this particular bulletin is an updated fix for the original shortcut vulnerability that was targeted by Stuxnet that was first patched in August 2010 with MS10-046. It is now believed that the original fix was not complete; it is unclear if attacks targeted systems with the incomplete patch were ever seen in the wild.

    Solutions and Best Practices

    Users and system administrators are strongly advised to issue the appropriate patches for these system vulnerabilities. Trend Micro Deep Security and Vulnerability Protection protect user systems from threats that may leverage these vulnerabilities following DPI rules:

    • 1006563 – Microsoft Windows VBScript Memory Corruption Vulnerability (CVE-2015-0032)
    • 1006571 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0056)
    • 1006564 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0099)
    • 1006570 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0100)
    • 1006565 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1622)
    • 1006567 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1623)
    • 1006569 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1624)
    • 1006566 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1625)
    • 1006568 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1626)
    • 1006573 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1634)
    • 1006563 – Microsoft Windows VBScript Memory Corruption Vulnerability (CVE-2015-0032)
    • 1006577 – Microsoft Windows Text Service Remote Code Execution Vulnerability (CVE-2015-0081)
    • 1006554 – Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)
    • 1006550 – Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0090)
    • 1006551 – Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0091)
    • 1006553 – Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0092)
    • 1006548 – Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0093)
    • 1006578 – Microsoft Office Remote Code Execution Vulnerability (CVE-2015-0086)
    • 1006472 – Microsoft Internet Explorer Same Origin Policy Bypass Vulnerability (CVE-2015-0072)
    • 1006547 – Adobe Font Driver Information Disclosure Vulnerability (CVE-2015-0087)
    • 1006549 – Adobe Font Driver Information Disclosure Vulnerability (CVE-2015-0089)
    • 1006552 – Microsoft Office Remote Code Execution Vulnerability (CVE-2015-0085)
    • 1006574 – Microsoft Office Local Zone Remote Code Execution Vulnerability (CVE-2015-0097)
    • 1000552 – Generic Cross Site Scripting(XSS) Prevention
    • 1006575 – Microsoft Windows Malformed PNG Parsing Information Disclosure Vulnerability (CVE-2015-0080)
    • 1000552 – Generic Cross Site Scripting(XSS) Prevention (CVE-2015-1628)
    • 1000552 – Generic Cross Site Scripting(XSS) Prevention (CVE-2015-1632)
    • 1006576 – Microsoft Windows JPEG XR Parser Information Disclosure Vulnerability (CVE-2015-0076)
    • 1003716 – Identified Too Many Remote Desktop Protocol (RDP) Connection Request
    • 1006562 – Identified Usage Of TLS/SSL EXPORT Cipher Suite In Request (CVE-2015-1637)

    More information about these bulletins and their corresponding Trend Micro solutions are posted at our Threat Encyclopedia Page: March 2015 – Microsoft Releases 14 Security Advisories.

     
    Posted in Vulnerabilities | Comments Off on Microsoft Releases 14 Security Bulletins, 5 Rated ‘Critical'; Fixes FREAK Bug



    This month’s Microsoft Patch Tuesday lists nine security bulletins released for February 2015, among which include a roll out for several vulnerabilities in Internet Explorer. This round of security updates includes three updates rated as Critical, while the remaining six were rated Important as Microsoft addressed a total of 56 CVEs. Last month’s Patch Tuesday notification did not include patches for Internet Explorer and only had one update with a Critical rating.

    Critical Updates for February Patch Internet Explorer

    MS15-009, MS15-010, and MS15-011 are the bulletins rated “critical” as they deal with vulnerabilities in Internet Explorer, Windows Kernel-Mode Driver, and Microsoft Group Policy, respectively. The MS15-009 bulletin is most alarming as the update applies to versions of Internet Explorer that date back all the way to versions 6 to 11. The update addresses a total of 41 different CVEs.

    Important Bulletins Fix Vulnerabilities in Microsoft Office, among others
    Microsoft released six bulletins rated “important,” which addresses security flaws in Microsoft Office, Windows, Group Policy, Microsoft Graphic Component, and System Center Manager. The bulletins associated with these updates are MS15-012, MS15-013, MS15-014, MS15-015, MS15-016, and MS15-017.

    MS15-014 is particularly important as it addresses a single, privately reported vulnerability within Windows Group Policy (CVE-2015-0009). Microsoft describes CVE-2015-0009 as a possible security feature bypass vulnerability that exists in the Group Policy application of Security Configuration policies “that could cause Group Policy settings on a targeted system to revert to their default, and potentially less secure state.” Microsoft further writes: “An attacker could accomplish this by way of a man-in-the-middle attack that modifies domain controller responses to client requests.”

    Solutions and Best Practices

    Users and system administrators are strongly advised to issue the appropriate patches for these system vulnerabilities. Trend Micro Deep Security and Vulnerability Protection protect user systems from threats that may leverage these vulnerabilities following DPI rules:

    • 1006403- Microsoft Internet Explorer ‘display:run-in’ Use-After-Free Remote Code Execution Vulnerability (CVE-2014-8967)
    • 1006475- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0017)
    • 1006476- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0018)
    • 1006478- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0019)
    • 1006480- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0020)
    • 1006483- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0021)
    • 1006474- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0022)
    • 1006477- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0023)
    • 1006502- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0025)
    • 1006511- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0026)
    • 1006479- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0029)
    • 1006481- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0030)
    • 1006484- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0035)
    • 1006489- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0036)
    • 1006504- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0037)
    • 1006505- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0038)
    • 1006508- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0038) -1
    • 1006487- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0039)
    • 1006488- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0040)
    • 1006490- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0041)
    • 1006492- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0042)
    • 1006501- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0043)
    • 1006495- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0044)
    • 1006497- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0045)
    • 1006499- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0046)
    • 1006491- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0048)
    • 1006493- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0049)
    • 1006503- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0050)
    • 1006494- Microsoft Internet Explorer ASLR Bypass Vulnerability (CVE-2015-0051)
    • 1006496- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0052)
    • 1006498- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0053)
    • 1006500- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0067)
    • 1006507- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0068)
    • 1006510- Microsoft Internet Explorer ASLR Bypass Vulnerability (CVE-2015-0069)
    • 1006486- Microsoft Internet Explorer Cross Domain Information Disclosure Vulnerability (CVE-2015-0070)
    • 1006506- Microsoft Internet Explorer ASLR Bypass Vulnerability (CVE-2015-0071)
    • 1006470- Microsoft Excel Remote Code Execution Vulnerability (CVE-2015-0063)
    • 1006471- Microsoft Office Remote Code Execution Vulnerability (CVE-2015-0064)
    • 1006473- Microsoft OneTableDocumentStream Remote Code Execution Vulnerability (CVE-2015-0065)
    • 1006482- Microsoft Windows TIFF Processing Information Disclosure Vulnerability (CVE-2015-0061)

    More information about these bulletins and their corresponding Trend Micro solutions are posted at our Threat Encyclopedia Page: February 2015 – Microsoft Releases 9 Security Advisories.

     



    Just a week after they made changes to their advanced notification service for “casual” customers for 2015, Microsoft released eight security bulletins to patch various security vulnerabilities with only one considered “critical.”

    Microsoft Rates 7 Bulletins as ‘Important’, 1 as ‘Critical’

    The security update rated “critical” is the Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (3020393), or MS15-002, which affects various Microsoft Windows versions and could allow remote code execution on affected systems. According to the bulletin, only customers who enable the Telnet service are vulnerable. The bulletin also reports that Telnet is not installed by default on Windows Vista later operating systems.

    MS15-005 and MS15-006 are both bulletins rated as ‘Important’ that describe a security feature bypass, which result in a system restart. Four of the ‘Important’ bulletins describe an elevation of privilege.

    End of Mainstream Support for Windows 7

    The first Patch Tuesday for the year also signals the end of mainstream support for Windows 7. This means that non-security updates will no longer be provided, but security updates will still be sent out. Windows 7 will end all support in January 2020.

    It is highly recommended for users and system administrators to immediately patch these system vulnerabilities. Trend Micro Deep Security and Office Scan with the Intrusion Defense Firewall (IDF) plugin protect user systems from threats that may leverage these vulnerabilities following DPI rules:

    • 1006439 – Microsoft Windows Telnet Service Buffer Overflow Vulnerability (CVE-2015-0014)
    • 1006441 – Microsoft Windows Components Directory Traversal Elevation Of Privilege Vulnerability (CVE-2015-0016)
    • 1006372 – Microsoft Network Policy Server RADIUS Implementation Denial Of Service Vulnerability (CVE-2015-0015)

    More information about these bulletins and their corresponding Trend Micro solutions are posted at our Threat Encyclopedia Page: January 2015 – Microsoft Releases 8 Security Advisories.

     
    Posted in Vulnerabilities | Comments Off on January 2015 Patch Tuesday Issues 8 Patches, Ends Mainstream Support for Windows 7


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice