Latest Security Advisories & Notable Vulnerabilities

Microsoft addresses the following vulnerabilities in its February batch of patches:

  • (MS16-009) Cumulative Security Update for Internet Explorer (3134220)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website.


  • (MS16-011) Cumulative Security Update for Microsoft Edge (3134225)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Edge. The vulnerability could allow remote code execution if a user visits a specially crafted webpage while using Microsoft Edge. Note that accounts that have administrator privileges are more impacted.


  • (MS16-012) Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3138938)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution. Note that accounts that have administrator privileges are more impacted.


  • (MS16-013) Security Update for Windows Journal to Address Remote Code Execution (3134811)
    Risk Rating: Critical

    This security update resolves a vulnerabilitiy in Microsoft Windows. The vulnerabiliy could allow remote code execution when successfully exploited by an attacker using a specially crafted Journal file.


  • (MS16-014) Security Update for Microsoft Windows to Address Remote Code Execution (3134228)
    Risk Rating: Important

    This security update resolves several vulnerabilities in Microsoft windows. The most severe of the vulnerabilities could allow remote code execution.


  • (MS16-015) Security Update for Microsoft Office to Address Remote Code Execution (3134226)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Microsoft Office. The more severe of the vulnerabilities could allow remote code execution. Note that accounts that have administrator privileges are more impacted.


  • (MS16-016) Security Update for WebDAV to Address Elevation of Privilege (3136041)
    Risk Rating: Important

    This security update resolves a vulnerability in the Microsoft Web Distributed Authoring and Versioning (WebDAV) client. The vulnerability could allow elevation of privilege when successfully exploited.


  • (MS16-017) Security Update for Remote Desktop Display Driver to Address Elevation of Privilege (3134700)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if successfully exploited by an attacker.


  • (MS16-018) Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if successfully exploited by an attacker.


  • (MS16-019) Security Update for .NET Framework to Address Denial of Service (3137893)
    Risk Rating: Important

    This security update resolves several vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could cause denial of service (DoS) when exploited successfully by an attacker.


  • (MS16-020) Security Update for Active Directory Federation Services to Address Denial of Service (3134222)
    Risk Rating: Important

    This security update resolves a vulnerability in Active Directory Federation Services. The vulnerability could cause denial of service (DoS) when exploited successfully by an attacker.


  • (MS16-021) Security Update for NPS RADIUS Server to Address Denial of Service (3133043)
    Risk Rating: Important

    This security update resolves a vulnerability in Windows Network Policy Server (NPS). The vulnerability could cause denial of service (DoS) when exploited successfully by an attacker.


  • (MS16-022) Security Update for Adobe Flash Player (3135782)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Adobe Flash Player installed on certain Microsoft Windows operating systems. The vulnerabilities could allow remote code execution on the affected system.


Trend Micro researchers discovered a vulnerability that affects OS X below 10.11.3. It occurs by sending one special constructed IOConnectCallMethod requests to AppleGraphicsPowerManagement module. If an attacker sends a request once, Kernel memory heap corruption happens in method AppleGraphicsPowerManagement`AGPM:etBoost. As such, this would lead an attacker to execute arbitrary code with Kernel privileges.

While this vulnerability is not easy to exploit due to the lack of Kernel information leak and heap control, we recommend users to upgrade their OS X to latest version.

Array Overflow Vulnerability in IOAcceleratorFamily2 Module (CVE-2016-1718)
 Severity:    
 Advisory Date:  19 Jan 2016

This vulnerability affects OS X below 10.11.3. It occurs by sending two special requests to IOAcceleratorFamily2 module. As such, an array overflow happens in method IOAccelDispalyMachine2::getFramebufferCount. This may lead to local privilege escalation. While this vulnerability is not easy to exploit, we advise users to upgrade their OS X to the latest version.

Trend Micro researcher Juwei Lin disclosed details about this vulnerability to Apple.

Memory Corruption Vulnerability in Kernel (CVE-2016-1721)
 Severity:    
 Advisory Date:  19 Jan 2016

Trend Micro researchers discovered this vulnerability which is rated by Apple as ‘Critical.’ It affects OS X below 10.11.3 and iOS below 9.2.1. Once successfully exploited, an attacker can execute arbitrary codes with Kernel privileges. In addition, once attackers bypass KASLR using vulnerability, they can root the affected system and/or device when a user installs and runs a malicious app.

We advise users to update their systems and devices to the latest OS X and iOS versions.

Microsoft addresses the following vulnerabilities in its January batch of patches:

  • (MS16-001) Cumulative Security Update for Internet Explorer (3124903)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.


  • (MS16-002) Cumulative Security Update for Microsoft Edge (3124904)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge. The vulnerabilities could allow attacker remote code execution if a user views a maliciously-crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.


  • (MS16-003) Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3125540)
    Risk Rating: Critical

    This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.


  • (MS16-004) Security Update for Microsoft Office to Address Remote Code Execution (3124585)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.


  • (MS16-005) Security Update for Windows Kernel-Mode Drivers to Address Remote Code Execution (3124584)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website.


  • (MS16-006) Security Update for Silverlight to Address Remote Code Execution (3126036)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application. An attacker would have no way to force users to visit a compromised website.


  • (MS16-007) Security Update for Microsoft Windows to Address Remote Code Execution (3124901) (3108670)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution.


  • (MS16-008) Security Update for Windows Kernel to Address Elevation of Privilege (3124605)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.


  • (MS16-010) Security Update for Microsoft Windows to Address Remote Code Execution (3116162)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow spoofing if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content.


Zero Address Execution in AppleIntelBDWGraphics (CVE-2015-7076)
 Severity:    
 Advisory Date:  11 Dec 2015

Apple has released a security bulletin which covers several vulnerabilities, including CVE-2015-7076, which our security researcher, Juwei Lin discovered and reported to the said company. Apple has credited Lin for his research contribution.

All systems which run on Mac OS X below 10.11.2 (OS X El Capitan) and Intel Graphics Driver AppleIntelBDWGraphics can be affected by this vulnerability. Note, however, that there are certain systems that installed Intel Graphics Driver AppleIntelBDWGraphics by default.

A local privilege escalation vulnerability exists when Intel Graphics Driver handles a special request from usermode. This vulnerability could let the local user be able to execute arbitrary code with system privileges. While Apple rated this vulnerability low since they employ mitigation technologies such as SMAP/SMEP, an attacker with minimal knowledge of IOKit can develop an exploit to abuse this security hole.

In order for the attackers to infect the vulnerable system, users need to execute a program containing an exploit send via spam email. When users execute this malicious program, it gets local system privilege thus enabling the attackers to control the system. This local privilege escalation vulnerability is typically use as part of an entire attack to enable to bypass sandbox and gain system privilege to do further actions thus compromising its (system) security.

Users are advised to update their systems to the latest Mac OS version.

Mediaserver in Android Vulnerability (CVE-2015-6616)
 Severity:    
 Advisory Date:  09 Dec 2015

This vulnerability resides in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01. It allows attackers to execute arbitrary code or cause denial of service (DoS), thus compromising the security of the device.

Trend Micro researcher Peter Pi discovered and reported the details of the vulnerability to Google. The said company credited Pi for his research contribution.

Microsoft addresses the following vulnerabilities in its December batch of patches:

  • (MS15-124) Cumulative Security Update for Internet Explorer (3116180)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer, some of which could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.


  • (MS15-125) Cumulative Security Update for Microsoft Edge (3116184)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge, some of which could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.


  • (MS15-126) Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3116178)
    Risk Rating: Critical

    This security update resolves vulnerabilities found in the VBScript scripting engine in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted webpage designed to exploit said vulnerabilities.


  • (MS15-127) Security Update for Microsoft Windows DNS to Address Remote Code Execution (3100465)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows that when exploited successfully, could allow remote code execution. An attacker could exploit the vulnerability by sending a specially crafted request to a DNS server.


  • (MS15-128) Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows, .NET Framework, Office, Skype for Business, Lync, and Silverlight. The most severe of the vulnerabilities could allow remote code execution.


  • (MS15-129) Security Update for Silverlight to Address Remote Code Execution (3106614)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Silverlight. Attackers looking to exploit these vulnerabilities could create a website containing specially crafted Silverlight applications.


  • (MS15-130) Security Update for Microsoft Uniscribe to Address Remote Code Execution (3108670)
    Risk Rating: Critical

    This security update resolves vulnerability in Microsoft Windows that could allow remote code execution.


  • (MS15-131) Security Update for Microsoft Office to Address Remote Code Execution (3116111)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Office file that is designed to exploit the vulnerability.


  • (MS15-132) Security Update for Microsoft Windows to Address Remote Code Execution (3116162)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows, some of which could allow remote code execution if an attacker accesses a local system and runs a specially crafted application.


  • (MS15-133) Security Update for Windows PGM to Address Elevation of Privilege (3116130)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow elevation of privilege. Certain conditions in the Microsoft Message Queuing and Windows Pragmatic General Multicast must be present for attackers to successfully exploit this vulnerability.


  • (MS15-134) Security Update for Windows Media Center to Address Remote Code Execution (3108669)
    Risk Rating: Important

    This security update resolves several vulnerabilities in Microsoft Windows, some of which could allow remote code execution when the Windows Media Center opens a specially crafted file with malicious code references.


  • (MS15-135) Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3119075)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows, some of which could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application.


Microsoft addresses the following vulnerabilities in its November batch of patches:

  • (MS15-112) Cumulative Security Update for Internet Explorer (3104517)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.


  • (MS15-113) Cumulative Security Update for Microsoft Edge (3104519)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.


  • (MS15-114) Security Update for Windows Journal to Address Remote Code Execution (3100213)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file.


  • (MS15-115) Security Update for Microsoft Windows to Address Remote Code Execution (3105864)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts.


  • (MS15-116) Security Update for Microsoft Office to Address Remote Code Execution (3104540)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.


  • (MS15-117) Security Update for NDIS to Address Elevation of Privilege (3101722)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows NDIS. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.


  • (MS15-118) Security Update for .NET Framework to Address Elevation of Privilege (3104507)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if an attacker convinces a user to navigate to a compromised website or open a link in a specially crafted email that is designed to inject client-side code into the user’s browser.


  • (MS15-119) Security Update for Winsock to Address Elevation of Privilege (3104521)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs specially crafted code that is designed to exploit the vulnerability.


  • (MS15-120) Security Update for IPSec to Address Denial of Service (3102939)
    Risk Rating: Important

    This security update resolves a denial of service vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could cause the server to become nonresponsive. To exploit the vulnerability an attacker must have valid credentials.


  • (MS15-121) Security Update for Schannel to Address Spoofing (3081320)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server.


  • (MS15-122) Security Update for Kerberos to Address Security Feature Bypass (3105256)
    Risk Rating: Important

    This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer.


  • (MS15-123) Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure (3105872)
    Risk Rating: Important

    This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a target user to an instant message session and then sends that user a message containing specially crafted JavaScript content.


Adobe Flash Player Vulnerability (CVE-2015-7645)
 Severity:    
 Advisory Date:  14 Oct 2015

This is a zero-day vulnerability in Adobe Flash Player is reportedly used by the Pawn Storm targeted attack campaign. The said vulnerability exists in Adobe Flash Player versions 19.0.0.207 and earlier for Windows and Mac operating systems.

Trend Micro researcher Peter Pi discovered and reported the details of the vulnerability to Adobe. The said company credited Pi for his research contribution.