Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    February 2015
    S M T W T F S
    « Jan    
    1234567
    891011121314
    15161718192021
    22232425262728
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category




    2014 was a year where cybercriminal attacks crippled both likely and unlikely targets. A year rife with destructive attacks, 2014 proved to be a difficult one for individuals and companies who were victimized by these threats. Massive data breach disclosures came one after another in 2014 in much more rapid succession than past years. The Sony Pictures breach in December, along with the other big breaches of the year illustrated the wide spectrum of losses that can hit a company that ...




    Zero-day exploits pose some of the most serious risks to users everywhere. The absence of a patch means that it is up to users (and whatever security products they use) to protect against these attacks. One of the tools that can be used in mitigating these attacks is advanced network detection solutions like Trend Micro Deep Discovery, which contains a sandbox that allows for on-the-fly analysis of various threats entering an organization's network. This allows it to detect even attacks that use zero-day exploits ...

    Posted in Exploits, Vulnerabilities |



    Recently, both HP's Zero Day Initiative (ZDI) and Google's Project Zero published vulnerabilities in Microsoft products (specifically, Internet Explorer and Windows 8.1) because Redmond did not fix them within 90 days of the vulnerabilities being reported. This has resulted in an argument between security researchers and software vendors on how vulnerabilities should be disclosed. A case where a vulnerability was disclosed without a patch has mixed results for end users: It pushes vendors to respond more quickly when vulnerabilities are disclosed to them in ...




    This month's Microsoft Patch Tuesday lists nine security bulletins released for February 2015, among which include a roll out for several vulnerabilities in Internet Explorer. This round of security updates includes three updates rated as Critical, while the remaining six were rated Important as Microsoft addressed a total of 56 CVEs. Last month's Patch Tuesday notification did not include patches for Internet Explorer and only had one update with a Critical rating. Critical Updates for February Patch Internet Explorer MS15-009, MS15-010, and MS15-011 ...




    Our previous blog post analyzed CVE-2015-0016 to determine the origins of the vulnerability. However, that blog post only looked into the vulnerability on a Windows 7 system. The analysis for Windows 7 and Windows 8 is different. On the former, before CreateProcessW is called it does not check the lpApplicationName. On the latter, it will call the IsValidMstscLocation function to check lpApplicationName. This post looks into how the vulnerability works on a Windows 8.1 system. My initial analysis of this vulnerability already ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice