Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category




    This month’s Patch Tuesday features seven bulletins, with four rated as critical. Updates for Internet Explorer take the spotlight as one bulletin, MS14-010, addresses 24 vulnerabilities in Internet Explorer. These vulnerabilities could result in remote code execution, which could allow an attacker the same user rights as the current user. A second bulletin, MS14-007, addresses a separate vulnerability in Direct2D that can trigger remote code execution by opening a malicious website in Internet Explorer or opening an email attachment. The remaining critical vulnerability ...

    Posted in Vulnerabilities | Comments Off



    Cybercriminals can certainly be resourceful when it comes to avoiding detection. We have seen many instances wherein malware came equipped with improved evasion techniques, such as preventing execution of analysis tools, hiding from debuggers, blending in with normal network traffic, along with various JavaScript techniques. Security researchers have now come across malware that uses a legitimate compression technique to go unnoticed by security solutions. This malware, detected as TROJ_SHELLCOD.A, is an exploit that targets an Adobe Flash Player vulnerability (CVE-2013-5331). The ...

    Posted in Malware, Vulnerabilities | Comments Off



    The first Patch Tuesday of the year is relatively light, with Microsoft rolling out only four bulletins for the month. Despite the small figure, users must update their systems immediately to avoid possible  threats leveraging software vulnerabilities. Included in this month's release are updates for three privately reported vulnerabilities found in Microsoft Office. If exploited, these vulnerabilities could allow an attacker to gain the same user rights as the current user. Such access could prove damaging, especially to those with administrative user ...

    Posted in Vulnerabilities | Comments Off



    In late November, Microsoft revealed that a zero-day vulnerability was in use in targeted attacks against Windows XP and Server 2003 systems. From samples of the exploit examined, it has a backdoor payload that possesses sophisticated anti-analysis techniques. Further research of this earlier attack - discussed in the blog posts above - has revealed that the exploit was deployed via email to at least 28 embassies in a Middle Eastern capital.  The malicious payload arrived as an attachment to a blank email sent to the target ...

    Posted in Targeted Attacks, Vulnerabilities | Comments Off



    The last Patch Tuesday of the year features 11 bulletins, with five rated as Critical and the remaining as Important. This month's release addresses a notable zero-day vulnerability that was used in attacks. The particular bulletin—MS13-096—was noticeably absent in last month's Patch Tuesday. As previously reported, attackers took advantage of the vulnerability by embedding .DOC files with malicious .TIFF files to gain account privileges. Unfortunately, another zero-day vulnerability remains unpatched. Microsoft earlier that a security fix for the escalation of privilege vulnerability ...

    Posted in Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice