The critical role of patch management comes into play when vulnerabilities are used by attackers as entry points to infiltrate their target systems and networks or when security flaws are abused to spread any threats. The case of the infamous SAMSAM crypto-ransomware supports this. The said threat deviated from other crypto-ransomware families. Instead of arriving via malicious URLs or spam emails, it leverages security flaws in unpatched servers. Last March 2016, SAMSAM hit the Maryland hospital by encrypting all its files, including those found in the network. From the healthcare industry, SAMSAM moves to target the education sector. In a recent attack, a significant number of servers and systems were exposed to SAMSAM and other malware via JBoss server vulnerabilities. JBoss is an open source application server that runs on Java. Systems or servers with ‘Destiny’ software were also affected. According to a report by CISCO, this software is typically used by K-12 schools worldwide. Follett has already released a patch to protect users of Destiny software.Read More
13 security bulletins were released in this month’s Patch Tuesday addressing vulnerabilities in Internet Explorer, Microsoft Edge, Microsoft Office, and Microsoft XML Core Services, among others. Out of these bulletins, six are rated as ‘Critical’ while seven are tagged as ‘Important.’ Both MS16-037 and MS16-038 which fixed vulnerabilities in Internet Explorer and Edge respectively, could allow remote code execution when exploited successfully.
Perhaps, the most notable among the vulnerabilities resolved in this month’s Patch Tuesday is MS16-047, more popularly known as the Badlock vulnerability that has been circulating in the last few weeks. With all the hype, this vulnerability, which affects all Windows systems and Samba servers, only received an ‘Important’ rating. One of our researchers wrote a detailed entry debunking the hype surrounding this vulnerability.Read More
News about Badlock vulnerability affecting Windows computers and Samba servers started showing up on Twitter and media around three weeks ago. The site badlock[.]org was registered on March 11 according to WHOIS. There has been a lot of guessing and speculation around this vulnerability. It’s time for reality check: just how bad actually is Badlock?
Named vulnerabilities have resulted in being clichéd very quickly. Being a named vulnerability doesn’t qualify it as a serious widespread vulnerability. Badlock is somewhere in between. In this entry, we demystify the hype of Badlock with questions that measure it as a vulnerability. We also pin it up against a noteworthy case to see how it compares.Read More
Adobe has just released a security update for Adobe Flash to address a vulnerability (CVE-2016-1019) that was used in zero day attacks against older versions of Adobe Flash. We previously discussed one such attack when we discovered this vulnerability being integrated in Magnitude Exploit Kit. In this post, we took a look at the exploit code. In the sample we acquired from our Smart Protection Network feedback, we observed that this vulnerability is also present in Mac OS X. In addition to being present on the Windows platform, it is interesting to note it is also present on Mac OS X given that fewer exploits target the said OS.Read More
Following their security advisory last April 5, 2016, Adobe has released an out of band patch today for the vulnerability CVE-2016-1019, which affects Adobe Flash Player. Trend Micro has observed active zero day attacks from the Magnitude Exploit Kit affecting users of Flash 220.127.116.116 and earlier. These attacks are not effective against users of Flash versions 18.104.22.168 and 22.214.171.124. This is because of a heap mitigation that Adobe introduced in version 126.96.36.199 and is also present in version 188.8.131.52. Users of these versions will only experience a crash in Adobe Flash when attacks attempt to exploit the vulnerability.Read More