Latest Security Advisories & Notable Vulnerabilities

Adobe Flash Player Vulnerability (CVE-2015-3104)
 Severity:    
 Advisory Date:  27 Jul 2015
This Adobe Flash vulnerability is used by Angler Exploit Kit as a starting point in the infection chain that spreads a Point-of-Sale (PoS) malware reconnaissance. Trend Micro detects this PoS malware as TROJ_RECOLOAD.A that checks if the infected system is a PoS machine or part of the PoS network.
Arbitrary Memory Read in Libxslt (CVE-2012-2825)
 Severity:    
 Advisory Date:  21 Jul 2015
This vulnerability assigned with CVE-2012-2825 is related to the Hacking Team leak, which exposed the RCSAndroid code. The said malicious code could potentially allow surveillance operations for cybercriminals. Based on our investigation, one of the methods that attackers used to lead users into downloading RCSAndroid is to send a specially crafted URL to the recipients/users via SMS or email.

This vulnerability is assigned as CVE-2015-2426 and is described as the following:

Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability."

Arbitrary Memory Read in Libxslt (CVE-2012-2871)
 Severity:    
 Advisory Date:  21 Jul 2015
This vulnerability is related to the Hacking Team leak, which exposed the RCSAndroid code. The said malicious code could potentially allow surveillance operations for cybercriminals. Based on our investigation, one of the methods that attackers used to lead users into downloading RCSAndroid is to send a specially crafted URL to the recipients/users via SMS or email.
Linux Kernel Futex Local Privilege Escalation (CVE-2014-3153)
 Severity:    
 Advisory Date:  16 Jul 2015
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
Oracle Java SE Remote Code Execution Vulnerability (CVE-2015-2590)
 Severity:    
 Advisory Date:  14 Jul 2015

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

Trend Micro researcher Brooks Li disclosed details about this vulnerability to Oracle. The said company acknowledged Li’s research contribution.

Microsoft addresses the following vulnerabilities in its batch of patches for July 2015:

  • (MS15-058) Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718)
    Risk Rating: Important

    This security update resolves vulnerabilities in several versions of Microsoft SQL Server. These vulnerabilities, when exploited, may allow remote code execution.


  • (MS15-065) Security Update for Internet Explorer (3076321)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in several versions of Internet Explorer installed on various Windows operating systems. The vulnerabilities could allow remote code execution if exploited successfully by an attacker.


  • (MS15-066) Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3072604)
    Risk Rating: Critical

    This security update resolves a vulnerability in the Windows VB Scripting Engine. Users with administrator rights that are currently logged on in a vulnerable system are most affected by attacks leveraging this vulnerability.


  • (MS15-067) Vulnerability in RDP Could Allow Remote Code Execution (3073094)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Windows operating systems that have Remote Desktop Protocol (RDP) enabled. The vulnerability, when exploited successfully, could allow remote attackers to execute code on the vulnerable system.


  • (MS15-068) Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution (3072000)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution on the vulnerable system. An attacker must have valid logon credentials on a guest Hyper-V machine in the vulnerable system in order to successfully exploit this vulnerability.


  • (MS15-069) Vulnerabilities in Windows Could Allow Remote Code Execution (3072631)
    Risk Rating: Important

    This security bulletin issues updates on several vulnerabilities in Windows. The vulnerabilities could allow remote code execution on the vulnerable system. An attacker issues a specially crafted .DLL file to exploit these vulnerabilities.


  • (MS15-070) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3072620)
    Risk Rating: Important

    This security update resolves several vulnerabilities in Microsoft Office, most severe of which could cause remote code execution. Users with administrator rights currently logged in on the vulnerable system are more susceptible to the risks of these vulnerabilities.


  • (MS15-071) Vulnerability in Netlogon Could Allow Elevation of Privilege (3068457)
    Risk Rating: Important

    This security update resolves an elevation of privilege vulnerability in Microsoft Windows. An attacker must have access to a primary domain controller (PDC) in order to successfully exploit this vulnerability.


  • (MS15-072) Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392)
    Risk Rating: Important

    This security update resolves an elevation of privilege vulnerability in Microsoft Windows. It resolves the way the Windows Graphics Component handles bitmap conversions.


  • (MS15-073) Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102)
    Risk Rating: Important

    This security update resolves an elevation of privilege vulnerability in Microsoft Windows. An attacker exploits this vulnerability by running a specially crafted application on the vulnerable system.


  • (MS15-074) Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (3072630)
    Risk Rating: Important

    This security update resolves an elevation of privilege vulnerability in Microsoft Windows Installer service. The vulnerability lies in the way the Installer service improperly handles custom action scripts.


  • (MS15-075) Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633)
    Risk Rating: Important

    This security update resolves several vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if exploited one after the other.


  • (MS15-076) Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege (3067505)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows Remote Call Procedure (RPC) authentication. When exploited successfully, an attacker may elevate his privileges on the vulnerable system.


  • (MS15-077) Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. When exploited successfully, an attacker may elevate his privileges on the vulnerable system.


Adobe Flash Player Vulnerability (CVE-2015-5122)
 Severity:    
 Advisory Date:  12 Jul 2015

This is the a zero-day vulnerability disclosed from the Hacking Team leak. It affects all versions of Flash Player for Windows, Mac, and Linux. The bug is a Use-After-Free vulnerability involving the methods TextBlock.createTextLine() and TextBlock.recreateTextLine(textLine). If exploited, it could result in a crash that would allow an attacker to take control of the vulnerable system.

As of this writing, only a proof-of-concept exists; we are continuously monitoring to see if this has been exploited in the wild.

Adobe Flash Player Vulnerability (CVE-2015-5123)
 Severity:    
 Advisory Date:  12 Jul 2015
This is the third zero-day vulnerability disclosed from the Hacking Team leak. It affects all versions of Flash Player for Windows, Mac, and Linux. Once successfully exploited, it could cause a crash and may possibly lead an attacker from taking control of the affected system thus compromising its security. Trend Micro detects this as SWF_EKSPLOYT.EDF.
A certificate forgery security bypass has been reported in OpenSSL. This is due to incorrectly implemented certificate verification in OpenSSL. An attacker could use a crafted certificate to bypass certain checks. Successful exploitation could allow a remote attacker to bypass intended access restrictions.