Latest Security Advisories & Notable Vulnerabilities

Android Vulnerability (CVE-2015-3839)
 Severity:    
 Advisory Date:  12 Aug 2015

Trend Micro researchers discovered this Android vulnerability assigned with CVE-2015-3839 that could allow attackers to put malicious messages in the messaging app, thus causing it to crash. In addition, attackers can also perform denial-of-service (DoS) attacks on the messaging app only (and not the whole device). As such, users won’t be able to receive and send text messages to their contacts.

Attackers need to trick users into installing a malicious app in order to download the said bug on their devices.

Microsoft addresses the following vulnerabilities in its batch of patches for August 2015:

  • (MS15-079) Cumulative Security Update for Internet Explorer (3082442)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.


  • (MS15-080) Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts.


  • (MS15-081) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.


  • (MS15-082) Vulnerabilities in RDP Could Allow Remote Code Execution (3080348)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open a Remote Desktop Protocol (RDP) file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file.


  • (MS15-083) Vulnerability in Server Message Block Could Allow Remote Code Execution (3073921)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted string to SMB server error logging.


  • (MS15-084) Vulnerabilities in XML Core Services Could Allow Information Disclosure (3080129)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows and Microsoft Office. The vulnerabilities could allow information disclosure by either exposing memory addresses if a user clicks a specially crafted link or by explicitly allowing the use of Secure Sockets Layer (SSL) 2.0.


  • (MS15-085) Vulnerability in Mount Manager Could Allow Elevation of Privilege (3082487)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker inserts a malicious USB device into a target system.


  • (MS15-086) Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege (3075158)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft System Center Operations Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL.


  • (MS15-087) Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker engineered a cross-site scripting (XSS) scenario by inserting a malicious script into a webpage search parameter.


  • (MS15-088) Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458)
    Risk Rating: Important

    This security update helps to resolve an information disclosure vulnerability in Microsoft Windows, Internet Explorer, and Microsoft Office. To exploit the vulnerability an attacker would first have to use another vulnerability in Internet Explorer to execute code in the sandboxed process.


  • (MS15-089) Vulnerability in WebDAV Could Allow Information Disclosure (3076949)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker forces an encrypted Secure Socket Layer (SSL) 2.0 session with a WebDAV server that has SSL 2.0 enabled and uses a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic.


  • (MS15-090) Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application or convinces a user to open a specially crafted file that invokes a vulnerable sandboxed application, allowing an attacker to escape the sandbox.


  • (MS15-091) Cumulative Security Update for Microsoft Edge (3084525)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.


  • (MS15-092) Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft .NET Framework. The vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application.


Linux Kernel Ping_Unhash Function Vulnerability (CVE-2015-3636)
 Severity:    
 Advisory Date:  05 Aug 2015
This vulnerability involves the ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3, where it does not initialize a certain list data structure during an unhash operation. This allows attackers to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
Android Mediaserver Vulnerability (CVE-2015-3823)
 Severity:    
 Advisory Date:  04 Aug 2015

Trend Micro researchers discovered this vulnerability in Android devices that could potentially allow attackers to perform Denial of Service (DoS) attacks once successfully exploited. It affects Android versions <4.0.1 Jelly Bean to 5.1.1 Lollipop.

Attackers need to trick users into installing a malicious app or go to a malicious website in order to download the said bug on their devices.

"Stagefright" Android vulnerability (CVE-2015-3824)
 Severity:    
 Advisory Date:  31 Jul 2015

This Android vulnerability known as “Stagefright” can be leveraged by attackers to install a malware on Android devices via a multimedia message (MMS). It affects versions of Android from 4.0.1 to 5.1.1. The said vulnerability, designated with CVE-2015-3824, resides in mediaserver component, which is for handling open media files.

Mozilla Firefox Vulnerability (CVE-2015-0817)
 Severity:    
 Advisory Date:  30 Jul 2015

This flaw allows remote attackers to read or write to memory thus allowing the execution of arbitrary code via crafted JavaScript. As such, it compromises the security of the system.

This zero-day vulnerability emerged in the Hacking Team leak, which could allow attackers to have remote control of the affected system when exploited successfully. In addition, affected systems can be potentially infected with rootkits and bootkits.
Adobe Flash Player Vulnerability (CVE-2015-3104)
 Severity:    
 Advisory Date:  27 Jul 2015
This Adobe Flash vulnerability is used by Angler Exploit Kit as a starting point in the infection chain that spreads a Point-of-Sale (PoS) malware reconnaissance. Trend Micro detects this PoS malware as TROJ_RECOLOAD.A that checks if the infected system is a PoS machine or part of the PoS network.
Arbitrary Memory Read in Libxslt (CVE-2012-2825)
 Severity:    
 Advisory Date:  21 Jul 2015
This vulnerability assigned with CVE-2012-2825 is related to the Hacking Team leak, which exposed the RCSAndroid code. The said malicious code could potentially allow surveillance operations for cybercriminals. Based on our investigation, one of the methods that attackers used to lead users into downloading RCSAndroid is to send a specially crafted URL to the recipients/users via SMS or email.