Latest Advisories Notable Vulnerabilities

  • Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2391)
     Severity: :    
     Advisory Date:  06 April 2016

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Trend Micro researcher Jack Tang discovered and reported details about this vulnerability to Microsoft. The said company acknowledged Tang’s research contribution.

  • Adobe Flash Player Vulnerability (CVE-2016-1019)
     Severity: :    
     Advisory Date:  06 April 2016

    This vulnerability, tagged as ‘critical’ is found in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Once successfully exploited, it could cause crash and allow remote attackers to take control of the affected system. As such, this compromises the security of the systems.

    We are currently monitoring this for any attacks or threats that may leverage this vulnerability. Adobe will release an emergency patch to address the said vulnerability.

  • Microsoft addresses the following vulnerabilities in its March batch of patches:

    • (MS16-023) Cumulative Security Update for Internet Explorer (3142015)
      Risk Rating: Critical

      This security update resolves several vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website. Users with administrative privileges are more affected.


    • (MS16-024) Cumulative Security Update for Microsoft Edge (3142019)
      Risk Rating: Critical

      This security update resolves several vulnerabilities in Microsoft Edge. The more severe of the vulnerabilities could allow remote code execution if a user visits a specially crafted webpage while using Microsoft Edge. Note that accounts that have administrator privileges are more impacted.


    • (MS16-025) Security Update for Windows Library Loading to Address Remote Code Execution (3140709)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Windows. When exploited successfully, the vulnerability could allow remote code execution.


    • (MS16-026) Security Update for Graphic Fonts to Address Remote Code Execution (3143148)
      Risk Rating: Critical

      This security update resolves several vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution when successfully exploited by an attacker.


    • (MS16-027) Security Update for Windows Media to Address Remote Code Execution (3143146)
      Risk Rating: Critical

      This security update resolves several vulnerabilities in Microsoft windows. The most severe of the vulnerabilities could allow remote code execution.


    • (MS16-028) Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3143081)
      Risk Rating: Critical

      This security update resolves several vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution.


    • (MS16-029) Security Update for Microsoft Office to Address Remote Code Execution (3141806)
      Risk Rating: Important

      This security update resolves vulnerabilities in Microsoft Office. The more severe of the vulnerabilities could allow remote code execution if these vulnerabilties are successfully exploited.


    • (MS16-030) Security Update for Windows OLE to Address Remote Code Execution (3143136)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if successfully exploited by an attacker.


    • (MS16-031) Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if successfully exploited by an attacker.


    • (MS16-032) Security Update for Secondary Logon to Address Elevation of Privilege (3143141)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Windows. When successfully exploited, an attacker could elevate privileges on the vulnerable system.


    • (MS16-033) Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege (3143142)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Windows. When successfully exploited, an attacker could elevate privileges on the vulnerable system.


    • (MS16-034) Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3143145)
      Risk Rating: Important

      This security update resolves aseveral vulnerabilities in Microsoft Windows. These vulnerabilities could allow privilege elevation when exploited successfully by an attacker.


    • (MS16-035) Security Update for .NET Framework to Address Security Feature Bypass (3141780)
      Risk Rating: Important

      This security update resolves a vulnerability in .NET Framework. This update addresses the vulnerability by correcting the validation points for XML documents.


  • Microsoft addresses the following vulnerabilities in its February batch of patches:

    • (MS16-009) Cumulative Security Update for Internet Explorer (3134220)
      Risk Rating: Critical

      This security update resolves several vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website.


    • (MS16-011) Cumulative Security Update for Microsoft Edge (3134225)
      Risk Rating: Critical

      This security update resolves a vulnerability in Microsoft Edge. The vulnerability could allow remote code execution if a user visits a specially crafted webpage while using Microsoft Edge. Note that accounts that have administrator privileges are more impacted.


    • (MS16-012) Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3138938)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution. Note that accounts that have administrator privileges are more impacted.


    • (MS16-013) Security Update for Windows Journal to Address Remote Code Execution (3134811)
      Risk Rating: Critical

      This security update resolves a vulnerabilitiy in Microsoft Windows. The vulnerabiliy could allow remote code execution when successfully exploited by an attacker using a specially crafted Journal file.


    • (MS16-014) Security Update for Microsoft Windows to Address Remote Code Execution (3134228)
      Risk Rating: Important

      This security update resolves several vulnerabilities in Microsoft windows. The most severe of the vulnerabilities could allow remote code execution.


    • (MS16-015) Security Update for Microsoft Office to Address Remote Code Execution (3134226)
      Risk Rating: Critical

      This security update resolves several vulnerabilities in Microsoft Office. The more severe of the vulnerabilities could allow remote code execution. Note that accounts that have administrator privileges are more impacted.


    • (MS16-016) Security Update for WebDAV to Address Elevation of Privilege (3136041)
      Risk Rating: Important

      This security update resolves a vulnerability in the Microsoft Web Distributed Authoring and Versioning (WebDAV) client. The vulnerability could allow elevation of privilege when successfully exploited.


    • (MS16-017) Security Update for Remote Desktop Display Driver to Address Elevation of Privilege (3134700)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if successfully exploited by an attacker.


    • (MS16-018) Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if successfully exploited by an attacker.


    • (MS16-019) Security Update for .NET Framework to Address Denial of Service (3137893)
      Risk Rating: Important

      This security update resolves several vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could cause denial of service (DoS) when exploited successfully by an attacker.


    • (MS16-020) Security Update for Active Directory Federation Services to Address Denial of Service (3134222)
      Risk Rating: Important

      This security update resolves a vulnerability in Active Directory Federation Services. The vulnerability could cause denial of service (DoS) when exploited successfully by an attacker.


    • (MS16-021) Security Update for NPS RADIUS Server to Address Denial of Service (3133043)
      Risk Rating: Important

      This security update resolves a vulnerability in Windows Network Policy Server (NPS). The vulnerability could cause denial of service (DoS) when exploited successfully by an attacker.


    • (MS16-022) Security Update for Adobe Flash Player (3135782)
      Risk Rating: Critical

      This security update resolves several vulnerabilities in Adobe Flash Player installed on certain Microsoft Windows operating systems. The vulnerabilities could allow remote code execution on the affected system.


  • Trend Micro researchers discovered a vulnerability that affects OS X below 10.11.3. It occurs by sending one special constructed IOConnectCallMethod requests to AppleGraphicsPowerManagement module. If an attacker sends a request once, Kernel memory heap corruption happens in method AppleGraphicsPowerManagement`AGPM:etBoost. As such, this would lead an attacker to execute arbitrary code with Kernel privileges.

    While this vulnerability is not easy to exploit due to the lack of Kernel information leak and heap control, we recommend users to upgrade their OS X to latest version.

  • Array Overflow Vulnerability in IOAcceleratorFamily2 Module (CVE-2016-1718)
     Severity: :    
     Advisory Date:  19 January 2016

    This vulnerability affects OS X below 10.11.3. It occurs by sending two special requests to IOAcceleratorFamily2 module. As such, an array overflow happens in method IOAccelDispalyMachine2::getFramebufferCount. This may lead to local privilege escalation. While this vulnerability is not easy to exploit, we advise users to upgrade their OS X to the latest version.

    Trend Micro researcher Juwei Lin disclosed details about this vulnerability to Apple.

  • Memory Corruption Vulnerability in Kernel (CVE-2016-1721)
     Severity: :    
     Advisory Date:  19 January 2016

    Trend Micro researchers discovered this vulnerability which is rated by Apple as ‘Critical.’ It affects OS X below 10.11.3 and iOS below 9.2.1. Once successfully exploited, an attacker can execute arbitrary codes with Kernel privileges. In addition, once attackers bypass KASLR using vulnerability, they can root the affected system and/or device when a user installs and runs a malicious app.

    We advise users to update their systems and devices to the latest OS X and iOS versions.

  • Microsoft addresses the following vulnerabilities in its January batch of patches:

    • (MS16-001) Cumulative Security Update for Internet Explorer (3124903)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.


    • (MS16-002) Cumulative Security Update for Microsoft Edge (3124904)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Microsoft Edge. The vulnerabilities could allow attacker remote code execution if a user views a maliciously-crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.


    • (MS16-003) Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3125540)
      Risk Rating: Critical

      This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.


    • (MS16-004) Security Update for Microsoft Office to Address Remote Code Execution (3124585)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.


    • (MS16-005) Security Update for Windows Kernel-Mode Drivers to Address Remote Code Execution (3124584)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website.


    • (MS16-006) Security Update for Silverlight to Address Remote Code Execution (3126036)
      Risk Rating: Critical

      This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application. An attacker would have no way to force users to visit a compromised website.


    • (MS16-007) Security Update for Microsoft Windows to Address Remote Code Execution (3124901) (3108670)
      Risk Rating: Important

      This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution.


    • (MS16-008) Security Update for Windows Kernel to Address Elevation of Privilege (3124605)
      Risk Rating: Important

      This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.


    • (MS16-010) Security Update for Microsoft Windows to Address Remote Code Execution (3116162)
      Risk Rating: Important

      This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow spoofing if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content.


  • Zero Address Execution in AppleIntelBDWGraphics (CVE-2015-7076)
     Severity: :    
     Advisory Date:  11 December 2015

    Apple has released a security bulletin which covers several vulnerabilities, including CVE-2015-7076, which our security researcher, Juwei Lin discovered and reported to the said company. Apple has credited Lin for his research contribution.

    All systems which run on Mac OS X below 10.11.2 (OS X El Capitan) and Intel Graphics Driver AppleIntelBDWGraphics can be affected by this vulnerability. Note, however, that there are certain systems that installed Intel Graphics Driver AppleIntelBDWGraphics by default.

    A local privilege escalation vulnerability exists when Intel Graphics Driver handles a special request from usermode. This vulnerability could let the local user be able to execute arbitrary code with system privileges. While Apple rated this vulnerability low since they employ mitigation technologies such as SMAP/SMEP, an attacker with minimal knowledge of IOKit can develop an exploit to abuse this security hole.

    In order for the attackers to infect the vulnerable system, users need to execute a program containing an exploit send via spam email. When users execute this malicious program, it gets local system privilege thus enabling the attackers to control the system. This local privilege escalation vulnerability is typically use as part of an entire attack to enable to bypass sandbox and gain system privilege to do further actions thus compromising its (system) security.

    Users are advised to update their systems to the latest Mac OS version.

  • Mediaserver in Android Vulnerability (CVE-2015-6616)
     Severity: :    
     Advisory Date:  09 December 2015

    This vulnerability resides in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01. It allows attackers to execute arbitrary code or cause denial of service (DoS), thus compromising the security of the device.

    Trend Micro researcher Peter Pi discovered and reported the details of the vulnerability to Google. The said company credited Pi for his research contribution.