To jumpstart the new year, both Microsoft and Adobe release their security updates today. Microsoft, in particular, releases seven bulletins to address 12 vulnerabilities while Adobe issues its fix for Adobe Reader and Acrobat.
Two of the seven bulletins from Microsoft are tagged as Critical as they could lead to remote code execution, in which a successful attacker can execute a malware onto vulnerable systems. Five of these are rated Important and among these, three bulletins may lead to a possible attacker gaining administrator privileges.
What is noteworthy, however, is the absence of security update for the unpatched vulnerability in Internet Explorer reported last December. Just before 2012 ended, we blogged about the incident, in which the Council on Foreign Relations website was compromised to host a zero-day exploit by way of a user-after-free vulnerability in IE. To address this issue, Microsoft opted to release a workaround solution.
Trend Micro users need not fret as they are protected from this threat via Deep Security. To know more details about this protection, users may refer to our Threat Encyclopedia entry.
In addition, Trend Micro also protects users from the reported fake digital certificates via Deep Security rule 1005307. Accordingly, the said fraudulent certificates, which were revoked by Turktrust can be used by cybercriminals to launch attacks like phishing and man-in-the middle attacks among others.
Not to be outdone, Adobe also releases security fixes for Adobe Reader and Acrobat XI (11.0.0) and earlier versions (both for Windows and Mac OS) and Adobe Reader 9.5.1 and earlier 9.x versions for Linux.
Trend Micro Deep Security and Office Scan with Intrusion Defense Firewall (IDF) plugin protects users against possible threats leveraging these vulnerabilities. For more information on the bulletins and their IDF rules visit the Threat Encyclopedia page.