Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category




    Microsoft released 16 security updates during its Patch Tuesday release for November 2014, among which includes CVE-2014-6332, or the Windows OLE Automation Array Remote Code Execution Vulnerability (covered in MS14-064). We would like to bring attention to this particular vulnerability for the following reasons: It impacts almost all Microsoft Windows versions from Windows 95 onward. A stable exploit exists and works in versions of Internet Explorer from 3 to 11, and can bypass operating system (OS) security utilities and protection such as Enhanced ...




    14 security bulletins addressing vulnerabilities in Internet Explorer, Microsoft Office, Microsoft Windows, Microsoft Windows Object Linking and Embedding (OLE), and Microsoft .NET Framework among others. Out of these security bulletins, four are tagged as Critical and 8 are rated as Important. One of the notable bulletins is MS14-065, which fixes several vulnerabilities in Internet Explorer. All supported versions of the browser are affected by these vulnerabilities, which could lead to remote code execution. Another crucial bulletin is MS14-064 that resolves vulnerabilities in Microsoft Windows Object ...

    Posted in Vulnerabilities |



    We see many kinds of vulnerabilities on a regular basis. These range from user-after-free (UAF) vulnerabilities, to type confusion, to buffer overflows, to cross-site scripting (XSS) attacks. It's rather interesting to understand the root cause of each of these vulnerability types, so we looked at the root cause of an Internet Explorer vulnerability - CVE-2014-1772. We'd privately disclosed this vulnerability to Microsoft earlier in the year, and it had been fixed as part of the June Patch Tuesday update, as part of ...

    Posted in Exploits, Vulnerabilities |



    2014 brought with it many significant additions to the technology landscape. These put new capabilities into the hands of users and companies that allowed them to do things that they would not have thought possible before. However, these same changes also aid threat actors: threats can now come from unexpected vectors, and augment the existing capabilities that attackers already possess. What are the key developments that will shape the threat landscape of tomorrow, and how do we foresee its evolution? These ...




    One of the bulletins that was part of the October 2014 Patch Tuesday cycle was MS14-063 which fixed a vulnerability in the FAT32 disk partition driver that could allow for an attacker to gain administrator rights on affected systems, with only a USB disk with a specially modified file system. This vulnerability as also designated as CVE-2014-4115. Why is this vulnerability unusual? We pay close attention to file system drivers because these can be used to attack systems via USB drives. Consider ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice