Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us


    Microsoft has released five bulletins for the month, with two rated as critical and the remaining, important. A notable inclusion in this month’s release is MS14-012. This bulletin addresses the Internet Explorer zero-day vulnerability (CVE-2014-0322) discovered last month. If exploited, the vulnerability could allow attackers to victimize users with a drive-by download. This vulnerability was used in targeted attacks, using a “hybrid exploit” wherein the malicious code was split between JavaScript and Adobe Flash.

    The remaining “Critical” bulletin is MS14-013. If exploited, this vulnerability could allow attackers remote code execution in the application programming interface DirectShow via specially crafted image files. MS14-014, meanwhile, addresses a security concern for Microsoft Silverlight for both Windows and Mac users. Though Silverlight is no longer being developed by Microsoft, support for this program will continue until October 2021.

    Two vulnerabilities, CVE-2014-0300 and CVE-2014-0323, are addressed by the bulletin MS14-015. If exploited, these could allow attackers to execute a malicious application, provided they have a valid logged-in session. MS14-016 fixes the vulnerability that could allow attackers a security feature bypass if they make multiple attempts to match passwords to a user account.

    This month’s Patch Tuesday marks the looming end-of-support for Windows XP. Come April, Windows XP will no longer receive security patches for their computers, making them vulnerable to all sorts of attacks. We recommend that users to update their OS to newer versions of Windows to continue to receive protection via security patches.

    Adobe has also released updates in time for Patch Tuesday, with security updates for Adobe Flash Player.

    We encourage users to apply these updates as soon as possible. Additional information may also be found in the Trend Micro Threat Encyclopedia page. Appropriate rules for Trend Micro Deep Security have also been created and are available for use by system administrators.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice