Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Recent Posts

  • Calendar

    July 2015
    S M T W T F S
    « Jun    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • Email Subscription

  • About Us


    Archive for the ‘Vulnerabilities’ Category




    Windows XP reached end of support last year and now it’s time for another end of life—Windows Server 2003. On July 14, 2015, this widely deployed Microsoft operating system will reach its end of life—a long run since its launch in April 2003. Estimates on the number of still-active Windows Server 2003 users vary from 2.6 to 11 million. But this new end of life will raise a whole new set of challenges. Unlike Windows XP, Windows Server 2003 is a ...

    Posted in Vulnerabilities |



    This month’s Patch Tuesday can be considered lighter than last month’s, with only eight security bulletins released for June. Of the eight, two are considered Critical while the remaining are rated Important. Just like last month, there is a critical, cumulative update for Internet Explorer. MS015-056 aims to resolve vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. According to the bulletin, the patch addresses the vulnerability by: Preventing browser ...

    Posted in Vulnerabilities |



    We’ve discovered a vulnerability in the Apache Cordova app framework that allows attackers to modify the behavior of apps just by clicking a URL. The extent of the modifications can range from causing nuisance for app users to crashing the apps completely. Designated as CVE-2015-1835, this high-severity vulnerability affects all versions of Apache Cordova up to 4.0.1. Apache has released a security bulletin confirming the vulnerability. This means that majority of Cordova-based apps, which accounts for 5.6% of all apps in ...




    Our analysis of the win32k.sys vulnerability used in a recent targeted attack reveals that it opens up an easy way to bypass the sandbox, making it a bigger threat than originally thought. As mentioned in Microsoft security bulletin MS15-051, CVE-2015-1701 is an elevation of privilege vulnerability that exists when the Win32k.sys kernel-mode driver improperly handles objects in memory. The vulnerability exists in Win32k.sys, which is a weak security point in Windows. Elevation of privilege vulnerabilities are technically less dangerous since they can't be ...



    May20
    6:03 am (UTC-7)   |    by

    Another flaw has been found in the basic encryption algorithms that secure the Internet. This flaw, named the Logjam attack by its discoverers (researchers from various universities and companies), allows an attacker that can carry out man-in-the-middle attacks to weaken the encryption used in secure connections (such as HTTPS, SSH, and VPNs). In theory, this means that an attacker (with sufficient resources) can break the encryption and read the "secure" traffic. In some ways, this attack is similar to the recent FREAK attack. Both attacks ...

    Posted in Vulnerabilities |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice