Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Patch-Tuesday_grayThis February, Microsoft released 12 security bulletins addressing 57 vulnerabilities. Out of the security updates, 5 are tagged Critical and the rest rated as Important.

    One of the notable advisories for this round is (MS13-009) Cumulative Security Update for Internet Explorer (2792100), which covers the vulnerabilities in Internet Explorer. These vulnerabilities affecting all versions of IE, which include the latest version IE 10 on Windows 8 and Windows RT, could lead to remote code execution. The other notable Critical-rate updates are MS13-011 and MS13-012, which affect Microsoft Exchange and Microsoft Windows and can allow a potential attacker to execute any malicious commands onto the vulnerable system.

    Users should immediately apply patches, whenever possible, for these vulnerabilities. Trend Micro Deep Security and OfficeScan with Intrusion Defense Firewall (IDF) plugin users are protected from any attacks that may leverage these vulnerabilities. For more information on the bulletins and corresponding Trend Micro solutions, visit the Threat Encyclopedia Page.

    Trend Micro Deep Security has released the following Deep Security Deep Packet Inspection (DPI) rules to address the vulnerabilities in Internet Explorer included in MS13-09:

    • 1005364 Internet Explorer Shift JIS Character Encoding Vulnerability (CVE-2013-0015)
    • 1005365 Microsoft Internet Explorer SetCapture Use After Free Vulnerability (CVE-2013-0018)
    • 1005366 Microsoft Internet Explorer COMWindowProxy Use After Free Vulnerability (CVE-2013-0019)
    • 1005367 Microsoft Internet Explorer CMarkup Use After Free Vulnerability (CVE-2013-0020)
    • 1005368 Microsoft Internet Explorer vtable Use After Free Vulnerability (CVE-2013-0021)
    • 1005369 Microsoft Internet Explorer LsGetTrailInfo Use After Free Vulnerability (CVE-2013-0022)
    • 1005370 Internet Explorer CDispNode Use After Free Vulnerability (CVE-2013-0023)
    • 1005371 Internet Explorer pasteHTML Use After Free Vulnerability (CVE-2013-0024)
    • 1005372 Internet Explorer SLayoutRun Use After Free Vulnerability (CVE-2013-0025)
    • 1005373 Internet Explorer InsertElement Use After Free Vulnerability (CVE-2013-0026)
    • 1005374 Internet Explorer CPasteCommand Use After Free Vulnerability (CVE-2013-0027)
    • 1005375 Internet Explorer CObjectElement Use After Free Vulnerability (CVE-2013-0028)
    • 1005376 Internet Explorer CHTML Use After Free Vulnerability (CVE-2013-0029)

    Users are also encouraged to apply the following DPI rules:

    Microsoft Bulletin Identifier Rule Name
    MS13-010 CVE-2013-0030 VML Memory Corruption Vulnerability (CVE-2013-0030)
    MS13-015 1005384 Identified Download Of XBAP File Over HTTP
    MS13-020 1005382 Microsoft Office Common Controls Remote Code Execution Vulnerability (CVE-2013-1313)
    MS13-020 1005381 Common Controls Remote Code Execution Vulnerability (CVE-2013-1313)
    MS13-020 CVE-2013-1313 Restrict Microsoft Windows TabStrip ActiveX Control**

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice