Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    February 2015
    S M T W T F S
    « Jan    
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Danielle Veluz (Technical Communications)

    Six is a rather small number for this month’s round of Microsoft bulletins, but one stands out as a very critical update: MS12-020, aka, the “Remote Desktop Could Allow Remote Code Execution” vulnerability. Microsoft warned IT admin about this flaw in their MSRC (Microsoft Security Response Center) blog entry. From the MSRC blog: “We recommend that customers focus on MS12-020, our sole critical-class bulletin, as the March deployment priority.”

    Based on the Microsoft posting, the critical flaw applies to a fairly specific subset of systems – those running RDP – and is “less problematic for those systems with Network Level Authentication (NLA) enabled”. This could allow would-be attackers to achieve remote code execution on a machine running RDP (Remote Desktop Protocol). RDP allows remote access to systems for admins to manage them remotely. An exploit for such remote access does not require network credentials, however, systems that do not have RDP enabled are not at risk.

    Other issues covered in this month’s Patch Tuesday include one moderate and four important security bulletins. IT administrators are advised to abide by the patch operating procedures for these fixes.

    Trend Micro Deep Security has just released an update which addresses the critical RDP vulnerability under the rule name 1004949 – Remote Desktop Protocol Vulnerability (CVE-2012-0002). Our page on the Threat Encyclopedia also contains respective Trend Micro solutions that cover the rest of this month’s patches.

    Update as of March 15, 2012, 6:12 p.m. (PST)

    The update for MS12-020 is now available for Intrusion Defense Firewall (IDF), too. Deep Security currently has coverage with Deep Security Update DSRU12-006 and IDF with update 12007. Deep Security provides coverage for four vulnerabilities, while IDF provides coverage for three.

    Posted in Exploits, Vulnerabilities | Comments Off

    Microsoft spreads love to all IT administrators this month by addressing 23 vulnerabilities on the 14th of February. The software giant released nine bulletins and fixed critical flaws in Internet Explorer, an error in a runtime library which can be targeted through Windows Media Player, and flaws in the Windows kernel. Four out of the nine bulletins were tagged as Critical by Microsoft.

    One critical update was MS12-010, or a cumulative security update for Internet Explorer which resolves four privately reported vulnerabilities in versions 6 through 9 of Internet Explorer. These vulnerabilities could be used to run malicious code on a user’s system if they visited a malicious web site with Internet Explorer. A similar code execution vulnerability, MS12-013, could by exploited using flaws in the mscvrt.dll runtime library to run malicious code if the user opened a specially crafted video. The two remaining Critical vulnerabilities (MS12-008 and MS12-016) resolve vulnerabilities in the Windows kernel, the .NET Framework, and Silverlight that could similarly be used to run malicious code.

    Among the remaining five Important vulnerabilities are MS12-012 and MS12-014, which fix DLL preloading issues in the Color Control Panel and Indeo codecs, respectively. MS12-011 fixed a privilege escalation flaw in SharePoint.

    Microsoft urged users to immediately install the patches associated with the above bulletins; users can find full technical details from the February summary page. You can view our page on Threat Encyclopedia for respective Trend Micro solutions.

    Users of Deep Security and OfficeScan with Intrusion Defense Firewall (IDF) plug-in can also find updates to their products that will protect them from threats exploiting the vulnerabilities made public today, in advance of IT administrators being able to roll out these patches. The coverage for this month includes all of the vulnerabilities specifically mentioned above.

    Posted in Bad Sites | Comments Off

    At a time when the web is flooded with user information and entire platforms are built and run on sharing just about every piece of information about oneself, you have to wonder, “Are we really living in the post-privacy era?”

    For 2012, we believe that the new social networking generation will redefine privacy. Our concept of online privacy constantly changes along with various shifts in technology. Providing information has become so convenient that most people no longer know how much information they reveal and to whom.

    With Data Privacy Day coming up, it’s high time that people all over the world become aware about best online privacy practices. Though most of you may already know, social networking sites track your movements and store valuable information such as photos, links, videos, and everything else they make public. As you increasingly go online for personal transactions like shopping and banking, you’re bound to wonder just how much information you actually expose online.

    The end of online privacy and an era of extreme openness may be the only inevitable conclusion unless you know the implications that the cyberlinked world brings. You should realize that along with the convenience that the Internet brings comes great responsibility. Despite the fact that Data Privacy Day is currently only observed in the United States and Canada, this should not hinder raising awareness on online privacy on a global level.

    For more information on online privacy, please read our latest TrendLabs Digital Life e-Guide, Be Privy To Online Privacy.

    Trend Micro is an official data privacy champion for this year’s Data Privacy Day.

    Posted in Bad Sites | Comments Off

    Microsoft starts the year right by addressing eight vulnerabilities in its January 2012 round of patches. This update includes fixes for one Critical bulletin, while the rest are rated Important.

    This month’s update covers several vulnerabilities in Microsoft Windows, including those found in Windows Object Packager, Windows Media Player, and Windows Object Packager.

    The only bulletin rated Critical was ‘Vulnerabilities in Windows Media Could Allow Remote Code Execution’. The vulnerabilities included in the said bulletin could allow remote code execution when users open a specially-crafted media file.

    Also corrected in this patch Tuesday release is the way Media Player handles specially-crafted MIDI files and the way DirectShow parses media files. This update applies to all versions of Windows, including Windows 7.

    In addition, MS12-006 fixes the BEAST vulnerability in SSL/TLS protocols, which potentially allowed a malicious user to conduct man-in-the-middle attacks on secure traffic.

    Read the rest of this entry »

    Posted in Vulnerabilities | Comments Off

    Microsoft released 13 bulletins today instead of 14, as announced in the Patch Tuesday announcement some days ago. In their final Patch Tuesday for the year, Microsoft addressed bugs in Windows, Internet Explorer, and Microsoft Office, while adding in a fix for DUQU in the bulletin MS11-087, which is also known as the DUQU zero-day remote code execution flaw. Attackers embedding specially crafted TrueType fonts in documents can exploit this vulnerability in the Windows kernel. MS11-087 was given a ‘Critical’ rating.

    MS11-092 also deserves attention in this security bulletin as it affects Windows Media Player and also allows an attacker remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. Microsoft also includes fixes for Active Directory, OLE and the Windows kernel.

    To lean more about Microsoft support for the affected software, more details on the security bulletins for December can be found in their official bulletin summary. Users may also refer to our Trend Micro security advisory page.

    Users of Deep Security and OfficeScan with Intrusion Defense Firewall (IDF) plug-in can also find updates to their products that will protect them from threats exploiting the vulnerabilities made public today, in advance of IT administrators being able to roll out these patches to their systems.

    Posted in Vulnerabilities | Comments Off


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice