Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    February 2015
    S M T W T F S
    « Jan    
    1234567
    891011121314
    15161718192021
    22232425262728
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Danielle Veluz (Technical Communications)




    This month’s Microsoft Patch Tuesday lists nine security bulletins released for February 2015, among which include a roll out for several vulnerabilities in Internet Explorer. This round of security updates includes three updates rated as Critical, while the remaining six were rated Important as Microsoft addressed a total of 56 CVEs. Last month’s Patch Tuesday notification did not include patches for Internet Explorer and only had one update with a Critical rating.

    Critical Updates for February Patch Internet Explorer

    MS15-009, MS15-010, and MS15-011 are the bulletins rated “critical” as they deal with vulnerabilities in Internet Explorer, Windows Kernel-Mode Driver, and Microsoft Group Policy, respectively. The MS15-009 bulletin is most alarming as the update applies to versions of Internet Explorer that date back all the way to versions 6 to 11. The update addresses a total of 41 different CVEs.

    Important Bulletins Fix Vulnerabilities in Microsoft Office, among others
    Microsoft released six bulletins rated “important,” which addresses security flaws in Microsoft Office, Windows, Group Policy, Microsoft Graphic Component, and System Center Manager. The bulletins associated with these updates are MS15-012, MS15-013, MS15-014, MS15-015, MS15-016, and MS15-017.

    MS15-014 is particularly important as it addresses a single, privately reported vulnerability within Windows Group Policy (CVE-2015-0009). Microsoft describes CVE-2015-0009 as a possible security feature bypass vulnerability that exists in the Group Policy application of Security Configuration policies “that could cause Group Policy settings on a targeted system to revert to their default, and potentially less secure state.” Microsoft further writes: “An attacker could accomplish this by way of a man-in-the-middle attack that modifies domain controller responses to client requests.”

    Solutions and Best Practices

    Users and system administrators are strongly advised to issue the appropriate patches for these system vulnerabilities. Trend Micro Deep Security and Vulnerability Protection protect user systems from threats that may leverage these vulnerabilities following DPI rules:

    • 1006403- Microsoft Internet Explorer ‘display:run-in’ Use-After-Free Remote Code Execution Vulnerability (CVE-2014-8967)
    • 1006475- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0017)
    • 1006476- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0018)
    • 1006478- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0019)
    • 1006480- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0020)
    • 1006483- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0021)
    • 1006474- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0022)
    • 1006477- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0023)
    • 1006502- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0025)
    • 1006511- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0026)
    • 1006479- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0029)
    • 1006481- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0030)
    • 1006484- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0035)
    • 1006489- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0036)
    • 1006504- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0037)
    • 1006505- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0038)
    • 1006508- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0038) -1
    • 1006487- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0039)
    • 1006488- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0040)
    • 1006490- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0041)
    • 1006492- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0042)
    • 1006501- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0043)
    • 1006495- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0044)
    • 1006497- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0045)
    • 1006499- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0046)
    • 1006491- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0048)
    • 1006493- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0049)
    • 1006503- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0050)
    • 1006494- Microsoft Internet Explorer ASLR Bypass Vulnerability (CVE-2015-0051)
    • 1006496- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0052)
    • 1006498- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0053)
    • 1006500- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0067)
    • 1006507- Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-0068)
    • 1006510- Microsoft Internet Explorer ASLR Bypass Vulnerability (CVE-2015-0069)
    • 1006486- Microsoft Internet Explorer Cross Domain Information Disclosure Vulnerability (CVE-2015-0070)
    • 1006506- Microsoft Internet Explorer ASLR Bypass Vulnerability (CVE-2015-0071)
    • 1006470- Microsoft Excel Remote Code Execution Vulnerability (CVE-2015-0063)
    • 1006471- Microsoft Office Remote Code Execution Vulnerability (CVE-2015-0064)
    • 1006473- Microsoft OneTableDocumentStream Remote Code Execution Vulnerability (CVE-2015-0065)
    • 1006482- Microsoft Windows TIFF Processing Information Disclosure Vulnerability (CVE-2015-0061)

    More information about these bulletins and their corresponding Trend Micro solutions are posted at our Threat Encyclopedia Page: February 2015 – Microsoft Releases 9 Security Advisories.

     



    Just a week after they made changes to their advanced notification service for “casual” customers for 2015, Microsoft released eight security bulletins to patch various security vulnerabilities with only one considered “critical.”

    Microsoft Rates 7 Bulletins as ‘Important’, 1 as ‘Critical’

    The security update rated “critical” is the Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (3020393), or MS15-002, which affects various Microsoft Windows versions and could allow remote code execution on affected systems. According to the bulletin, only customers who enable the Telnet service are vulnerable. The bulletin also reports that Telnet is not installed by default on Windows Vista later operating systems.

    MS15-005 and MS15-006 are both bulletins rated as ‘Important’ that describe a security feature bypass, which result in a system restart. Four of the ‘Important’ bulletins describe an elevation of privilege.

    End of Mainstream Support for Windows 7

    The first Patch Tuesday for the year also signals the end of mainstream support for Windows 7. This means that non-security updates will no longer be provided, but security updates will still be sent out. Windows 7 will end all support in January 2020.

    It is highly recommended for users and system administrators to immediately patch these system vulnerabilities. Trend Micro Deep Security and Office Scan with the Intrusion Defense Firewall (IDF) plugin protect user systems from threats that may leverage these vulnerabilities following DPI rules:

    • 1006439 – Microsoft Windows Telnet Service Buffer Overflow Vulnerability (CVE-2015-0014)
    • 1006441 – Microsoft Windows Components Directory Traversal Elevation Of Privilege Vulnerability (CVE-2015-0016)
    • 1006372 – Microsoft Network Policy Server RADIUS Implementation Denial Of Service Vulnerability (CVE-2015-0015)

    More information about these bulletins and their corresponding Trend Micro solutions are posted at our Threat Encyclopedia Page: January 2015 – Microsoft Releases 8 Security Advisories.

     
    Posted in Vulnerabilities |



    This year’s last installment of Patch Tuesday security advisories by Microsoft includes MS14-075, a bug in Microsoft Exchange Server, which had been delayed last November. It was rated important due to an elevation in privilege across several versions of Exchange, from 2007 (SP3), 2010 (SP3), and 2013 (Cumulative Update 6). Last month, Microsoft originally listed the patch date for MS14-075 as “Release date to be determined”.

    Microsoft Rates 3 Bulletins as ‘Critical’, 4 as ‘Important’

    A total of three critical bulletings were listed, which were MS14-080, MS14-081, and MS14-084. MS14-080 resolved vulnerabilities in Internet Explorer, while MS14-081 patched previously reported bugs in Microsoft Word and Microsoft Office Web Apps. MS14-084 bulletin fixed a remote code execution vulnerability in the VBScript scripting engine in Microsoft Windows.

    As previously discussed, MS14-075 was given an ‘Important’ rating due to an elevation of privileges across various versions of Microsoft Exchange Server. MS14-082 and MS14-083 both addressed remote code execution flaws in Microsoft Office programs, while MS14-085 fixes a bug that “could allow information disclosure if a user browses to a website containing specially crafted JPEG content.”

    It is highly recommended for users and system administrators to immediately patch these system vulnerabilities. Trend Micro Deep Security and Office Scan with the Intrusion Defense Firewall (IDF) plugin protect user systems from threats that may leverage these vulnerabilities following DPI rules:

    • 1000552 – Generic Cross Site Scripting(XSS) Prevention
    • 1000552 – Generic Cross Site Scripting(XSS) Prevention
    • 1006346 – Identified Unvalidated Redirect And Forward Over HTTP
    • 1006373 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6327)
    • 1006376 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6329)
    • 1006378 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6330)
    • 1006383 – Microsoft Internet Explorer VBScript Memory Corruption Vulnerability (CVE-2014-6363)
    • 1006374 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6366)
    • 1006396 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6369)
    • 1006379 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6373)
    • 1006387 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6375)
    • 1006371 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6376)
    • 1006381 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-8966)
    • 1006393 – Microsoft Word Index Remote Code Execution Vulnerability (CVE-2014-6356)
    • 1006370 – Microsoft Word Use After Free Remote Code Execution Vulnerability (CVE-2014-6357)
    • 1006394 – Microsoft Office Component Use After Free Vulnerability (CVE-2014-6364)
    • 1006385 – Microsoft Excel Global Free Remote Code Execution Vulnerability (CVE-2014-6360)
    • 1006382 – Microsoft Excel Invalid Pointer Remote Code Execution Vulnerability (CVE-2014-6361)
    • 1006383 – Microsoft Internet Explorer VBScript Memory Corruption Vulnerability (CVE-2014-6363)
    • 1006380 – Microsoft Graphics Component Information Disclosure Vulnerability (CVE-2014-6355)

    More information about these bulletins and their corresponding Trend Micro solutions are posted at our Threat Encyclopedia Page: December 2014 – Microsoft Releases 7 Security Advisories.

     
    Posted in Vulnerabilities |



    Over time, attackers continuously update their tactics to respond to security experts’ countermeasures. In a constant game of cat and mouse, attackers shifted tactics using several notable tools and techniques alongside the usual. The security roundup for the second quarter presents key highlights and developing trends in the security landscape.

    Trend Micro research in the second quarter shows that attackers carefully selected their targets albeit sticking to time-tested tactics and going after the same end goals. The bad guys moved away from launching large-scale attacks and instead focused on more specific and somewhat “personal” targets.

    The security roundup brings to light various threats Trend Micro encountered in the second quarter. Using more advanced tools like automatic transfer systems (ATSs)—the latest addition to widely used cybercrime toolkits—attackers streamlined their list of targets to only online banking customers in countries like Germany, the United Kingdom, and Italy.

    Carefully choosing targets was also evidenced by Trend Micro research findings on advanced persistent threat (APT) campaigns like IXESHE. Trend Micro also protected small and medium-sized businesses (SMBs) against more than 142 million threats in the first half of 2012 alone. Android malware like fake spying tool apps continue to increase in number due most likely to the continued rise in the OS’s popularity for more than 400 million active Android-based devices. Lastly, true to the quarter’s theme, Pinterest took the spotlight as its users were lured to take part in several survey scams due to its steady rise in popularity.

    To take a closer look at the security landscape in the second quarter, read our comprehensive report, “It’s Big Business… and It’s Getting Personal.”

     
    Posted in Bad Sites, Malware | Comments Off



    The massively popular and entertaining pastime of online gaming is done by millions all around the world but little realize its not-so-entertaining drawbacks. People tend to create another self in the world of online gaming. It’s easy to assume that that there is nothing harmful with losing yourself in that other world. But as mentioned in our e-guide, online gaming also has a dark side that opens up possibilities of financial theft and hacked or stolen accounts. In fact, we’ve been seeing more and more in-game phishing activity in the massively multiplayer online role-playing game (MMORPG) World of Warcraft.

    That said, online gaming today clearly isn’t just about fun and games, no matter what type of gamer you are. Our new infographic illustrates some quick stats on casual and hardcore gamers as well as the risks they may encounter. Can you guess how many times the Angry Birds games were downloaded? How about the estimated population of console gamers? To know the answers to these and more, check out our latest infographic “What Type of Gamer Are You?

     
    Posted in Bad Sites | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice