Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us

    Patch-Tuesday_grayInternet Explorer and Microsoft Windows are some of the affected applications addressed in this month’s round of security updates.  For their July patch Tuesday, Microsoft has released six security bulletins, two of which are tagged as ‘critical’.  The three other bulletins are rated as ‘important’ and one bulletin as ‘moderate.’

    MS14-037 resolves about 23 vulnerabilities found existing in Internet Explorer, which may lead to remote code execution when exploited successfully via a specially crafted webpage. These vulnerabilities affect Internet Explorer versions 6 to 11. One of the vulnerabilities covered in this bulletin is Extended Validation (EV) Certificate Security Feature Bypass Vulnerability (CVE-2014-2783), which has been disclosed publicly. However, as of this posting no exploit is seen in the wild abusing this particular vulnerability.

    While Microsoft isn’t saying if the latest IE vulnerabilities affect IE 6 on Windows XP, we can reasonably suppose that it is affected since IE 6 on Windows Server 2003 is vulnerable. Users with Windows XP and have OfficeScan with the Intrusion Defense Firewall running are protected against attacks using these vulnerabilities.

    Another critical bulletin, MS14-038 addresses vulnerability in Microsoft Windows. If exploited, attackers can also execute remote code via a specially crafted Journal file. As such, this can compromise the security of user systems. Bulletins which are rated as ‘important’ also affect Microsoft Windows and pose risks since it may lead to elevation of privilege once exploited by remote attackers.

    Adobe has also rolled out its security patches for vulnerabilities found in Adobe Flash Player. When exploited, these vulnerabilities can allow a remote attacker from compromising the system and consequently, taking control of it.  These vulnerabilities are covered under the following CVEs:

    • CVE-2014-0537
    • CVE-2014-0539
    • CVE-2014-4671

    Users are strongly advised to update their Adobe Flash Player to its latest version. Trend Micro Deep Security and Office Scan with Intrusion Defense Firewall (IDF) plugin protect user systems from threats that may leverage these vulnerabilities via the following DPI rules:

    • 1006123 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-1765)
    • 1006124 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2787)
    • 1006114 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2795)
    • 1006115 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2797)
    • 1006116 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2801)
    • 1006125 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2804)

    We highly recommend users to apply these patches immediately. For additional information on these security bulletins, visit our Threat Encyclopedia page.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice