Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Author Archive - Dianne Lagrimas (Technical Communications)

    As we mentioned last week, this month’s Patch Tuesday includes the release of what Microsoft calls as an updater feature for Windows Vista and 7. This updater flags and automatically checks untrusted certificates from time to time. The checking relies on a list of untrusted certificates that Microsoft updates. Trend Micro Deep Security users, on the other hand, must apply the rule 1005040 – Detected Unauthorized Digital Certificate to protect from components of FLAME malware, which were known to use Microsoft certificates.

    Of the seven bulletins released this month, three are rated Critical while the rest are rated Important. The Critical-rates bulletins are updates for Remote Desktop Protocol, versions 6 to 9 of Internet Explorer, and several versions of Microsoft .NET Framework. Vulnerabilities mentioned in the said Microsoft products/components allow remote code execution when successfully exploited. Users should immediately apply patches, whenever possible, for these vulnerabilities.

    As guidance for Trend Micro Deep Security users, a complete list of rules and information on the bulletins are found in this Threat Encyclopedia page.

    Posted in Malware, Vulnerabilities | Comments Off on June 2012 Patch Tuesday Includes Flagging for Untrusted Certificates

    While seven bulletins from Microsoft is generally a “light” release, bulletin MS12-034 surprisingly addresses a number of vulnerabilities found in the Windows operating system, MS Office, Silverlight, and .NET Framework. Of note, Microsoft mentions that this particular bulletin supersedes MS11-087, the bulletin meant to address the Win32k TrueType Font (TTF) vulnerability that was used by the DUQU malware back in November 2011. Read more on the DUQU attack in this Threat Encyclopedia page.

    As elaborated in the Microsoft blog post, MS12-034 lists down several versions of affected software as the TTF vulnerability also directly or indirectly affects these software.  Trend Micro Deep Security users can apply rules 1005009 – Win23k TrueType Font Parsing Vulnerability (CVE-2012-0159) and 1005009 – .NET Framework Buffer Allocation Vulnerability (CVE-2012-0162) to ensure protection from attacks that might use these vulnerabilities. More information on patched MS vulnerabilities this month are found here in the Threat Encyclopedia.

    In other vulnerability news, Oracle issued a security alert that brings to attention a vulnerability in TNS listener, which is found in several versions of the Oracle Database Server. Oracle recommends to its customers to apply workarounds found in their customer portal. The vulnerable component also affects other Oracle products such as the Oracle E-Business Suite. Trend Micro Deep Security users are protected from attacks that might use this particular vulnerability by applying rule 1004995 – Oracle Database TNS Listener Poison Attack Vulnerability.

    Lastly, Adobe released a security update for Adobe Flash Player for Windows, Macintosh, Linux, and Android operating systems. As of this writing, Trend Micro is investigating attacks that are actively using CVE-2012-0779, which is addressed by Adobe’s security update. Applying rule 1005000 – Adobe Flash Player Object Confusion Vulnerability (CVE-2012-0779) ensures protection from exploits using CVE-2012-0779.

    Update as of May 11, 2012, 7:55 AM PST

    The following additional Deep Security rules have been issued to ensure protection against attacks using some of the aforementioned vulnerabilities:

    • 1005019 – Restrict Microsoft Office File With Linked SWF has been added to protect against attacks using the vulnerability in CVE-2012-0779
    • 1004997 – Detected Too Many Oracle TNS Service Register Requests has been added to protect again attacks using the vulnerability in CVE-2012-1675
    Posted in Vulnerabilities | Comments Off on Microsoft Releases an Update Covering DUQU; Oracle and Adobe Vulnerabilities Patched, Too

    The Flashback malware discovered last week is raising doubts over the security of the Mac platform. The Trojan, detected by Trend Micro as OSX_FLASHBCK.AB, continues to be a hot topic in the computing industry and it opposes Apple’s own concept that their Mac OS are threat-proof. But this attack, along with an onslaught of malware and targeted attacks, put Apple’s self-proclaimed security into perspective.

    Flashback is not only a piece of malware but a family of Trojans, and most recently, backdoors. It was first uncovered on October 2011 masquerading as a Flash Player installer. The next variants we have seen were dropped by malicious Java files that exploited Java vulnerabilities. Flashback variants typically modify the content of a web browser. They do this by exploiting Java vulnerabilities.

    Specifically, OSX_FLASHBCK.AB comes from malicious Java files that exploit CVE-2012-0507. The said vulnerability has been patched for Windows environments as early as February this year. Apple released the same patch to its Mac users this month.

    Based on Trend Micro’s Smart Protection Network data below, users from the United States are the most affected by OS_FLASHBCK.AB:

    Read the rest of this entry »

    Posted in Exploits, Mac, Malware, Vulnerabilities | Comments Off on OSX_FLASHBCK: A Backlash to Apple's Popularity?

    Microsoft released today six bulletins addressing several vulnerabilities for the month of April. Of note, the update patching Internet Explorer versions 6-9 and the update addressing the Windows Common Controls ActiveX control, which is used in a number of Microsoft programs such MS Office.

    This MSRC blog entry reports that there have been some attacks using the MS12-027 vulnerability. While these attacks were not elaborated, the report claims attackers are using specially crafted MS Office documents to exploit this vulnerability. MS Office 2007 and MS Office 2010 users can actively protect their computers by disabling ActiveX controls via the Trust Center Settings > ActiveX Settings. More details of this workaround are found in the MSRC blog.

    Note that the vulnerability described in the MS12-027 bulletin also affects several versions of Visual FoxPro, Commerce Server, BizTalk Server, as well as SQL Server. It is highly recommended to apply updates whenever possible.

    Bulletin MS12-023, on the other hand, provides protection from five identified vulnerabilities in Internet Explorer 6, 7, 8, and 9 versions. This particular update includes a multi-layered approach of defense against the five vulnerabilities found in Internet Explorer. More information on the said vulnerabilities can be found in this Threat Encyclopedia page.

    Trend Micro Deep Security users are protected from attacks using MS12-023 by applying the following rules:

    • 1004970 – Microsoft Internet Explorer ‘OnReadyStateChange’ Remote Code Execution Vulnerability (CVE-2012-0170)
    • 1004971 – VML Style Remote Code Execution Vulnerability (CVE-2012-0172)
    • 1004975 – Microsoft Internet Explorer ‘selectAll’ Remote Code Execution Vulnerability (CVE-2012-0171)

    In addition, Deep Security also protects users from exploits using MS12-027 via 1004973 – MSCOMCTL.OCX RCE Vulnerability (CVE-2012-0158) and 1004977 – Microsoft Windows MSCOMCTL.OCX Remote Code Execution Vulnerability (CVE-2012-0158). Moreover, Deep Security provides a layer of protection for systems that cannot be patched or updated right away. Using its vulnerability shielding feature, systems hosting critical applications or legacy systems that cannot be updated immediately are protected from any attack using any of the vulnerabilities mentioned.

    A complete list of rules for this month’s patches is found in this Threat Encyclopedia page.

    Posted in Vulnerabilities | Comments Off on Patch Tuesday April 2012: Microsoft Issues 4 Critical, 2 Important Updates

    We’re nearing the opening of the 2012 Summer Olympics, which will be held this time in London in July. As the event starts to go in full swing, cybercriminals start mounting their scams and schemes to get users to click.

    Users dreaming of watching the closing ceremonies of the London 2012 Olympics live may find the said offer hard to resist as Visa Golden Space is supposedly inviting users to join a lottery for a chance to win a travel package for the said event. Note that the said offer is non-existent.

    Read the rest of this entry »



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice