Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing seven bulletins covering a total of 12 vulnerabilities. Three of this month’s issues are rated ‘Critical’.As always, customers are advised to follow these security best practices: Install vendor patches as soon as they are available. Run all software […]
As discussed in our previous blog entries, we’ve found an exploit (Trend Micro detection HTML_EXPLOYT.AE) that targets a vulnerability found in Microsoft XML Core Services (CVE-2012-1889). Based on our analysis, HTML_EXPLOYT.AE contains three key features: its usage of Microsoft XML Core Services, heap spray, and No ROP (Return-Oriented-Programming) function. Our two initial blog entries already […]
Last month, Microsoft released a fix tool in order to address a vulnerability in Microsoft XML Core Services. The said vulnerability, according to the Microsoft Security Advisory, could allow remote code execution if a user views a specifically crafted webpage using Internet Explorer. It has been given the identifier CVE-2012-1889. Since the vulnerability exists in […]
Latest Comments