Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Recent Posts

  • Calendar

    March 2015
    S M T W T F S
    « Feb    
    1234567
    891011121314
    15161718192021
    22232425262728
    293031  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category




    Recently, both HP's Zero Day Initiative (ZDI) and Google's Project Zero published vulnerabilities in Microsoft products (specifically, Internet Explorer and Windows 8.1) because Redmond did not fix them within 90 days of the vulnerabilities being reported. This has resulted in an argument between security researchers and software vendors on how vulnerabilities should be disclosed. A case where a vulnerability was disclosed without a patch has mixed results for end users: It pushes vendors to respond more quickly when vulnerabilities are disclosed to them in ...




    This month's Microsoft Patch Tuesday lists nine security bulletins released for February 2015, among which include a roll out for several vulnerabilities in Internet Explorer. This round of security updates includes three updates rated as Critical, while the remaining six were rated Important as Microsoft addressed a total of 56 CVEs. Last month's Patch Tuesday notification did not include patches for Internet Explorer and only had one update with a Critical rating. Critical Updates for February Patch Internet Explorer MS15-009, MS15-010, and MS15-011 ...




    Our previous blog post analyzed CVE-2015-0016 to determine the origins of the vulnerability. However, that blog post only looked into the vulnerability on a Windows 7 system. The analysis for Windows 7 and Windows 8 is different. On the former, before CreateProcessW is called it does not check the lpApplicationName. On the latter, it will call the IsValidMstscLocation function to check lpApplicationName. This post looks into how the vulnerability works on a Windows 8.1 system. My initial analysis of this vulnerability already ...




    We are all afraid of the unknown.  Why? Because we all want to be in control of our lives: what career path to take, how to deal with our finances, where to go for a vacation. We like certainty. We love to know what’s ahead of us. We are hard wired like this. As far as technology is concerned, we don’t know what the next innovation would be like—how a product or service would affect our lives and the way we ...




    Continuing our analysis of the recent Adobe zero-day exploit, we find that the infection chain does not end with the Flash exploit, detected as SWF_EXPLOIT.MJST. Rather, the exploit downloads and executes malware belonging to the BEDEP family. Ties to BEDEP Malware This detail is rather interesting as this is not the first time an Adobe zero-day has used BEDEP malware as its final payload. Near the last days of January, we came across a Flash zero-day vulnerability that leads to the download ...

    Posted in Malware, Vulnerabilities |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice