Latest Security Advisories & Notable Vulnerabilities

Oracle Java SE Remote Code Execution Vulnerability (CVE-2015-2590)
 Severity:    
 Advisory Date:  14 Jul 2015

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

Trend Micro researcher Brooks Li disclosed details about this vulnerability to Oracle. The said company acknowledged Li’s research contribution.

Microsoft addresses the following vulnerabilities in its batch of patches for July 2015:

  • (MS15-058) Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718)
    Risk Rating: Important

    This security update resolves vulnerabilities in several versions of Microsoft SQL Server. These vulnerabilities, when exploited, may allow remote code execution.


  • (MS15-065) Security Update for Internet Explorer (3076321)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in several versions of Internet Explorer installed on various Windows operating systems. The vulnerabilities could allow remote code execution if exploited successfully by an attacker.


  • (MS15-066) Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3072604)
    Risk Rating: Critical

    This security update resolves a vulnerability in the Windows VB Scripting Engine. Users with administrator rights that are currently logged on in a vulnerable system are most affected by attacks leveraging this vulnerability.


  • (MS15-067) Vulnerability in RDP Could Allow Remote Code Execution (3073094)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Windows operating systems that have Remote Desktop Protocol (RDP) enabled. The vulnerability, when exploited successfully, could allow remote attackers to execute code on the vulnerable system.


  • (MS15-068) Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution (3072000)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution on the vulnerable system. An attacker must have valid logon credentials on a guest Hyper-V machine in the vulnerable system in order to successfully exploit this vulnerability.


  • (MS15-069) Vulnerabilities in Windows Could Allow Remote Code Execution (3072631)
    Risk Rating: Important

    This security bulletin issues updates on several vulnerabilities in Windows. The vulnerabilities could allow remote code execution on the vulnerable system. An attacker issues a specially crafted .DLL file to exploit these vulnerabilities.


  • (MS15-070) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3072620)
    Risk Rating: Important

    This security update resolves several vulnerabilities in Microsoft Office, most severe of which could cause remote code execution. Users with administrator rights currently logged in on the vulnerable system are more susceptible to the risks of these vulnerabilities.


  • (MS15-071) Vulnerability in Netlogon Could Allow Elevation of Privilege (3068457)
    Risk Rating: Important

    This security update resolves an elevation of privilege vulnerability in Microsoft Windows. An attacker must have access to a primary domain controller (PDC) in order to successfully exploit this vulnerability.


  • (MS15-072) Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392)
    Risk Rating: Important

    This security update resolves an elevation of privilege vulnerability in Microsoft Windows. It resolves the way the Windows Graphics Component handles bitmap conversions.


  • (MS15-073) Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102)
    Risk Rating: Important

    This security update resolves an elevation of privilege vulnerability in Microsoft Windows. An attacker exploits this vulnerability by running a specially crafted application on the vulnerable system.


  • (MS15-074) Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (3072630)
    Risk Rating: Important

    This security update resolves an elevation of privilege vulnerability in Microsoft Windows Installer service. The vulnerability lies in the way the Installer service improperly handles custom action scripts.


  • (MS15-075) Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633)
    Risk Rating: Important

    This security update resolves several vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if exploited one after the other.


  • (MS15-076) Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege (3067505)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows Remote Call Procedure (RPC) authentication. When exploited successfully, an attacker may elevate his privileges on the vulnerable system.


  • (MS15-077) Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. When exploited successfully, an attacker may elevate his privileges on the vulnerable system.


Adobe Flash Player Vulnerability (CVE-2015-5122)
 Severity:    
 Advisory Date:  12 Jul 2015

This is the a zero-day vulnerability disclosed from the Hacking Team leak. It affects all versions of Flash Player for Windows, Mac, and Linux. The bug is a Use-After-Free vulnerability involving the methods TextBlock.createTextLine() and TextBlock.recreateTextLine(textLine). If exploited, it could result in a crash that would allow an attacker to take control of the vulnerable system.

As of this writing, only a proof-of-concept exists; we are continuously monitoring to see if this has been exploited in the wild.

Adobe Flash Player Vulnerability (CVE-2015-5123)
 Severity:    
 Advisory Date:  12 Jul 2015
This is the third zero-day vulnerability disclosed from the Hacking Team leak. It affects all versions of Flash Player for Windows, Mac, and Linux. Once successfully exploited, it could cause a crash and may possibly lead an attacker from taking control of the affected system thus compromising its security. Trend Micro detects this as SWF_EKSPLOYT.EDF.
A certificate forgery security bypass has been reported in OpenSSL. This is due to incorrectly implemented certificate verification in OpenSSL. An attacker could use a crafted certificate to bypass certain checks. Successful exploitation could allow a remote attacker to bypass intended access restrictions.
Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0349)
 Severity:    
 Advisory Date:  08 Jul 2015
Adobe Flash Player is prone to an unspecified remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition.
Adobe Flash Player contains a vulnerability in the ActionScript 3 ByteArray class, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Ref: http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/
Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-3113)
 Severity:    
 Advisory Date:  23 Jun 2015
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to an unspecified error. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted file. A successful attack could result in arbitrary code execution in the security context of the target user.
Vulnerability in Adobe Flash Player Could Allow Remote Code Execution
 Severity:    
 Advisory Date:  23 Jun 2015
This Adobe update address a critical vulnerability (CVE-2015-3113), and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin.
Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3043)
 Severity:    
 Advisory Date:  23 Jun 2015
Adobe Flash Player is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.