Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Recent Posts

  • Calendar

    July 2015
    S M T W T F S
    « Jun    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • Email Subscription

  • About Us


    Archive for the ‘Vulnerabilities’ Category




    Unpatched versions of Microsoft's Internet Information Services (IIS) web server are vulnerable to a remote denial of service attack that can prove to be very threatening if set against critical systems. The vulnerability, which was fixed by Microsoft in MS15-034 as part of the April 2015 Patch Tuesday cycle, can trigger the blue screen of death or more commonly known as BSOD. While there are no indications of possible remote code execution, it is still very important for users to apply the update, especially in systems that ...

    Posted in Vulnerabilities |



    An 18-year-old vulnerability called Redirect to SMB has been resurrected with a new attack vector. This vulnerability can be used to redirect a victim to a malicious Server Message Block (SMB) server, without any direct action from the user except visiting a website. If the SMB security policy is not secure enough, the SMB client will try to make an authenticated request to the malicious server and send credentials through the network. Even if the SMB credentials are protected by encryption, today a state of art brute force ...

    Posted in Vulnerabilities |



    On March 19 we wrote about how OpenSSL disclosed and fixed 13 vulnerabilities to address several security holes. Among the vulnerabilities addressed was CVE-2015-1787, which can result in a complete denial of service on an application compiled with OpenSSL library. This blog post will tackle how the bug can be exploited, and how Trend Micro can protect against future possible attacks. CVE-2015-17187 also affects several protocols, including SSL/TLS and DTLS, which we will analyze in this entry. Vulnerability description The vulnerability is rooted in the method ssl3_get_client_key_exchange implemented in the file ...

    Posted in Vulnerabilities |



    This month's Patch Tuesday release appears moderately light compared with the previous month's, with only 11 security bulletins with four rated 'Critical', while the rest are rated as 'Important'. Microsoft addressed a total of 26 vulnerabilities this April. The critical security updates issued by Microsoft all deal with remote code execution (RCE) vulnerabilities. One of the updates rated as 'Critical' is MS15-033 or Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019) addresses flaws that could be exploited across several versions of Microsoft ...

    Posted in Vulnerabilities |



    Digital certificates are the backbone of the Public Key Infrastructure (PKI), which is the basis of trust online. Digital certificates are often compared to signatures; we can trust a document because it has a signature, or certificate authority (CA) by someone we trust. Simply put, digital certificates are a reproduction of a simple model which occurs in the real world. Incidents involving digital certificates have been in the news recently. Issues surrounding digital certificates and CAs are not always clear or noticeable ...

    Posted in Vulnerabilities |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice