Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    January 2015
    S M T W T F S
    « Dec    
     123
    45678910
    11121314151617
    18192021222324
    25262728293031
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category




    Researchers at Qualys have found a vulnerability in the GNU C Library (alternately known as glibc), which can be used to run arbitrary code on systems running various Linux operating systems. The vulnerability (assigned as CVE-2015-0235) has been dubbed GHOST and is the latest vulnerability to receive a "friendly" name, joining others like Heartbleed, Shellshock, and POODLE. However, closer inspection reveals that this particular vulnerability, while serious, is not easy to exploit and has a very limited attack surface. GHOST is ...

    Posted in Exploits, Vulnerabilities |



    Part of this January's Patch Tuesday releases was MS15-004, which fixed a vulnerability that could be used in escalation of privilege attacks. I analyzed this vulnerability (designated as CVE-2015-0016) because it may be the first vulnerability in the wild that showed the capability to escape the Internet Explorer sandbox. As sandboxing represents a key part of exploit mitigation techniques, any exploit that can break established sandboxes is worth a second look. The vulnerability in the module TSWbPrxy.exe, which is an ActiveX Control. This ...




    Last week a major zero-day vulnerability was found in Adobe Flash Player. Over the weekend, Adobe released an update to fix the vulnerability: users who have enabled auto-update already received the newest version (16.0.0.296). Our analysis has confirmed that the vulnerable code has been modified. The update will be available for manual download later this week. Users of Chrome and newer versions of Internet Explorer will receive updates for their included versions of Flash Player at around the same time. Looking into the samples we acquired, ...




    With the New Year celebrations safely behind us, it's time to look forward and plan for 2015. Before we can do that, however, we need to spend a few minutes to remember the vulnerabilities of 2014 and what we can take away from these. Every year there are several zero-days and tons of undisclosed vulnerabilities fixed by software vendors. This year was a little different: The total number of disclosed vulnerabilities per year almost hit 10,000. Because of this, the maintainers of the ...

    Posted in Exploits, Vulnerabilities |



    Just a week after they made changes to their advanced notification service for “casual” customers for 2015, Microsoft released eight security bulletins to patch various security vulnerabilities with only one considered "critical." Microsoft Rates 7 Bulletins as ‘Important’, 1 as ‘Critical’ The security update rated "critical" is the Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (3020393), or MS15-002, which affects various Microsoft Windows versions and could allow remote code execution on affected systems. According to the bulletin, only customers ...

    Posted in Vulnerabilities |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice