Two Recent Zero-Day Bugs Fixed by February Patch Tuesday
The two recent zero-day vulnerabilities in Internet Explorer and the Graphics Rendering Engine found in late December and in early January, respectively, have been addressed by today’s Patch Tuesday release.
This month’s release comprises 12 bulletins, three of which are rated “critical” while the remaining nine are rated ”important.” The other bulletins include those that address vulnerabilities in Windows Kernel, Microsoft Visio, Active Directory and Local Security Authority Subsystem Service (LSASS). A cumulative update for Internet Explorer is also provided, which covers two vulnerabilities, including one reported by Trend Micro Threat Solutions Engineer Yuki Chen.
Despite the number of bulletins, Microsoft’s list of notable bugs to patch has yet to be cleared, as the recently found vulnerability in MHTML remains unpatched.
Although no active attacks have been found exploiting the MHTML vulnerability, applying security measures to protect systems from possible exploits is strongly recommended. Users may opt to implement the workarounds that Microsoft has provided. Trend Micro product users are already safe from being victimized by exploits leveraging this specific vulnerability through Deep Security and OfficeScan with the Intrusion Defense Firewall (IDF) plug-in.
Microsoft is not the only one to update their software this patch tuesday, as Adobe also released patches for their products. Security updates were released for Adobe Reader and Acrobat, Adobe Flash Player, and Shockwave Player. All updates were rated as “critical”, and majority of the vulnerabilities may lead to remote code execution. As such, users are strongly advised to apply the patches for their respective software as soon as possible.
Post from: TrendLabs | Malware Blog – by Trend Micro
Two Recent Zero-Day Bugs Fixed by February Patch Tuesday
Spotlight
Cloud Computing
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
- Desktop virtualization can enhance security performance
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- US makes large investment in cyber weaponry
- SEC may ask for more information after cyberattacks
- FBI trying to train financial execs on cyber threats
- Wall Street has data security concerns over Bloomberg reporting
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet