• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Vulnerabilities   »   Latest Microsoft Patch Prevents Browser History Snooping

Latest Microsoft Patch Prevents Browser History Snooping

  • Posted on:June 10, 2015 at 3:41 am
  • Posted in:Vulnerabilities
  • Author:
    Abigail Pichel (Technical Communications)
0

This month’s Patch Tuesday can be considered lighter than last month’s, with only eight security bulletins released for June. Of the eight, two are considered Critical while the remaining are rated Important.

Just like last month, there is a critical, cumulative update for Internet Explorer. MS015-056 aims to resolve vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. According to the bulletin, the patch addresses the vulnerability by:

  • Preventing browser histories from being accessed by a malicious site
  • Adding additional permission validations to Internet Explorer
  • Modifying how Internet Explorer handles objects in memory

The first bullet point above is worth paying attention to. Previously, it was possible for an attacker who lured a victim to a malicious (or compromised) web site and access the user’s browser history. Obviously, many users would find this disclosure somewhat troubling. This vulnerability has now been patched, and there are no indications it was exploited in the wild.

The second critical update addresses a vulnerability found in Windows, specifically Windows Media Player (MS015-057). The vulnerability could allow remote code execution if a specially crafted file is opened in Windows Media Player. The remaining six patches address vulnerabilities that affect several Windows components, Microsoft Office, and Microsoft Exchange Server.

More information about these bulletins and their corresponding Trend Micro solutions are posted at our Threat Encyclopedia Page: June 2015 – Microsoft Releases 8 Security Advisories.

Update for Adobe

Adobe has also released a security update (APSB15-11) for Adobe Flash Player for Windows, Macintosh, and Linux. According to Adobe, the updates “address vulnerabilities that could potentially allow an attacker to take control of the affected system.”

We urge users to patch their endpoints and servers as soon as possible. Trend Micro Deep Security and Vulnerability Protection protect user systems from threats that may leverage these vulnerabilities with the following DPI rules:

  • 1006657-Adobe Flash Player Remote Integer Overflow Vulnerability (CVE-2014-0569) – 2
  • 1006745-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1687)
  • 1006747-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1730)
  • 1006748-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1731)
  • 1006749-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1732)
  • 1006751-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1735)
  • 1006752-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1736)
  • 1006753-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1737)
  • 1006755-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1740)
  • 1006756-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1741)
  • 1006757-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1742)
  • 1006758-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1744)
  • 1006759-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1745)
  • 1006760-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1747)
  • 1006761-Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2015-1748)
  • 1006762-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1750)
  • 1006763-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1751)
  • 1006764-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1752)
  • 1006765-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1753)
  • 1006766-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1755)
  • 1006767-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1766)
  • 1006769-Microsoft Office Use After Free Vulnerability (CVE-2015-1759)
  • 1006770-Microsoft Office Use After Free Vulnerability (CVE-2015-1760)
  • 1006771-Microsoft Office Uninitialized Memory Use Vulnerability (CVE-2015-1770)
  • 1006772-Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3096)
  • 1006773-Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3098)
  • 1006774-Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3099)
  • 1006775-Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-3100)
  • 1006776-Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3102)
  • 1006777-Adobe Flash Player Use After Free Vulnerability (CVE-2015-3103)
  • 1006778-Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-3104)
  • 1006779-Adobe Flash Player Out Of Bound Write Vulnerability (CVE-2015-3105)
  • 1006780-Adobe Flash Player Use After Free Vulnerability (CVE-2015-3106)
  • 1006781-Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3108)
  • 1006782-Microsoft Windows HTML Application Denial Of Service Vulnerability
Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: AdobeJune 2015 Patch TuesdayMicrosoftPatch Tuesdayvulnerability

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.