Here you will find the latest blogs from Trend Micro’s experts along with a comprehensive look at the vulnerability affecting all versions of Microsoft Internet Explorer on Microsoft Windows. We encourage you to scroll through the various blogs, provide comments and enjoy the in-depth knowledge that Trend Micro has to offer.
UPDATE: On May 1, 2014, Microsoft released a security update that addresses this vulnerability, including for Windows XP. Everyone should apply this security update as soon as possible. While Microsoft has fixed this vulnerability future Windows XP is still no longer officially supported and so won’t receive future security updates. We continue to recommend that you move off of Windows XP as soon as possible and keep your Trend Micro products up-to-date at all time if you are running Windows XP. For more information please see Microsoft Security Bulletin MS14-021 (https://technet.microsoft.com/library/security/ms14-021).
May 1, 2014
There’s been a lot of discussion around a new vulnerability affecting all versions of Microsoft Internet Explorer on Microsoft Windows.
What’s causing the most discussion is that this affects Windows XP. Because Windows XP is no longer being supported for security updates, that means this vulnerability will almost certainly never be fixed now.
We wanted to first repeat what we’ve been saying about Windows XP: if you or someone you know is on it, you should move off of it right away.
If you are still on Windows XP and you are a Trend Micro customer, there are some protections that we have in place that can help protect you from this issue.
We now have protections in place now for all our major products like Titanium, OfficeScan and Worry-Free that can help protect against attempts to exploit this vulnerability. These protections help all customers running all versions of Microsoft Windows. All customers should make sure they’ve got the latest updates for their products.
For customers on Windows Vista, Windows 7 and Windows 8: you should plan to install the security update when Microsoft makes it available.
If you’re running Windows XP, since there won’t be a security update, you should make sure your Trend Micro products are always up-to-date at all times.
As always, we’ll continue to monitor the situation, provide updated protections and updated information as soon as we can.
April 28, 2014
The recent Internet Explorer and Flash zero-days were not the only zero-day threats that hit recently. Last Friday, the Apache Struts group released an advisory (S2-021) detailing two vulnerabilities (CVE-2014-0112 and CVE-2014-0113), and potential mitigation steps until an official patch is issued.
Adobe has released a security advisory regarding a zero-day vulnerability (CVE-2014-0515) found in the program Adobe Flash. According to the advisory, the updates pertain to “Adobe Flash Player 184.108.40.206 and earlier versions for Windows, Adobe Flash Player 220.127.116.11 and earlier versions for Macintosh and Adobe Flash Player 18.104.22.1680 and earlier versions for Linux.”
April 27, 2014
Over the weekend, Microsoft released Security Advisory 2963983 which describes a new zero-day vulnerability found in Internet Explorer. (It has also been assigned the CVE designation CVE-2014-1776.) This remote code execution vulnerability allows an attacker to run code on a victim system if the user visits a website under the control of the attacker. While attacks are only known against three IE versions (IE 9-11), the underlying flaw exists in all versions of IE in use today (from IE 6 all the way to IE 11).