Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Recent Posts

  • Calendar

    April 2015
    S M T W T F S
    « Mar    
     1234
    567891011
    12131415161718
    19202122232425
    2627282930  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category




    On March 19 we wrote about how OpenSSL disclosed and fixed 13 vulnerabilities to address several security holes. Among the vulnerabilities addressed was CVE-2015-1787, which can result in a complete denial of service on an application compiled with OpenSSL library. This blog post will tackle how the bug can be exploited, and how Trend Micro can protect against future possible attacks. CVE-2015-17187 also affects several protocols, including SSL/TLS and DTLS, which we will analyze in this entry. Vulnerability description The vulnerability is rooted in the method ssl3_get_client_key_exchange implemented in the file ...

    Posted in Vulnerabilities |



    This month's Patch Tuesday release appears moderately light compared with the previous month's, with only 11 security bulletins with four rated 'Critical', while the rest are rated as 'Important'. Microsoft addressed a total of 26 vulnerabilities this April. The critical security updates issued by Microsoft all deal with remote code execution (RCE) vulnerabilities. One of the updates rated as 'Critical' is MS15-033 or Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019) addresses flaws that could be exploited across several versions of Microsoft ...

    Posted in Vulnerabilities |



    Digital certificates are the backbone of the Public Key Infrastructure (PKI), which is the basis of trust online. Digital certificates are often compared to signatures; we can trust a document because it has a signature, or certificate authority (CA) by someone we trust. Simply put, digital certificates are a reproduction of a simple model which occurs in the real world. Incidents involving digital certificates have been in the news recently. Issues surrounding digital certificates and CAs are not always clear or noticeable ...

    Posted in Vulnerabilities |



    Support for Windows XP ended over a year ago. By any standard, Windows XP ranks as one of the most influential versions of Windows ever, thanks to its longevity and widespread adoption by enterprises around the world. However, the end of support should have served as a clear signpost to users and organizations to immediately upgrade to newer systems. A year later, remarkably, Windows XP isn't quite dead yet. Its exact share can be debated. Net Market Share data suggests its ...

    Posted in Vulnerabilities |



    Security researchers Luca Carettoni and Mauro Gentile recently found during their research that even though Adobe has fixed an old vulnerability found in 2011 (CVE-2011-2461), its side effects still linger around the Internet. Your favorite websites might still be affected by this bug. They have shared great details in their blog post. Let’s take a quick look at the issue and how the vulnerability impacts both site owner and end users. What’s the issue? The vulnerability was in the Adobe Flex SDK, which is used to create Internet ...

    Posted in Vulnerabilities |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice