Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
    • About Us
    blog.trendmicro.com Sites > TrendLabs Security Intelligence Blog > Vulnerabilities > Microsoft Releases an Update Covering DUQU; Oracle and Adobe Vulnerabilities Patched, Too

    While seven bulletins from Microsoft is generally a “light” release, bulletin MS12-034 surprisingly addresses a number of vulnerabilities found in the Windows operating system, MS Office, Silverlight, and .NET Framework. Of note, Microsoft mentions that this particular bulletin supersedes MS11-087, the bulletin meant to address the Win32k TrueType Font (TTF) vulnerability that was used by the DUQU malware back in November 2011. Read more on the DUQU attack in this Threat Encyclopedia page.

    As elaborated in the Microsoft blog post, MS12-034 lists down several versions of affected software as the TTF vulnerability also directly or indirectly affects these software.  Trend Micro Deep Security users can apply rules 1005009 – Win23k TrueType Font Parsing Vulnerability (CVE-2012-0159) and 1005009 – .NET Framework Buffer Allocation Vulnerability (CVE-2012-0162) to ensure protection from attacks that might use these vulnerabilities. More information on patched MS vulnerabilities this month are found here in the Threat Encyclopedia.

    In other vulnerability news, Oracle issued a security alert that brings to attention a vulnerability in TNS listener, which is found in several versions of the Oracle Database Server. Oracle recommends to its customers to apply workarounds found in their customer portal. The vulnerable component also affects other Oracle products such as the Oracle E-Business Suite. Trend Micro Deep Security users are protected from attacks that might use this particular vulnerability by applying rule 1004995 – Oracle Database TNS Listener Poison Attack Vulnerability.

    Lastly, Adobe released a security update for Adobe Flash Player for Windows, Macintosh, Linux, and Android operating systems. As of this writing, Trend Micro is investigating attacks that are actively using CVE-2012-0779, which is addressed by Adobe’s security update. Applying rule 1005000 – Adobe Flash Player Object Confusion Vulnerability (CVE-2012-0779) ensures protection from exploits using CVE-2012-0779.

    Update as of May 11, 2012, 7:55 AM PST

    The following additional Deep Security rules have been issued to ensure protection against attacks using some of the aforementioned vulnerabilities:

    • 1005019 – Restrict Microsoft Office File With Linked SWF has been added to protect against attacks using the vulnerability in CVE-2012-0779
    • 1004997 – Detected Too Many Oracle TNS Service Register Requests has been added to protect again attacks using the vulnerability in CVE-2012-1675




    Share this article
    		 Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon



    This entry was posted on Tuesday, May 8th, 2012 at 8:21 pm and is filed under Vulnerabilities . Both comments and pings are currently closed.



    Comments are closed.



     

    Other Trend Micro blogs
    CTO Insights
    CounterMeasures Blog
    Cloud Security Blog
    Consumerization Blog
    Fearless Web
    Internet Safety for Kids & Families
    Simply Security News
    Trend Micro Blog [German]
    TrendLabs Security Blog [Japan]
    Cloud Security APAC
    Trend Micro Free Tools Threat Encyclopedia Trend Micro Videos
    Do you have a product-related question? Visit our eSupport website.

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice