Anteriormente en este blog dedicamos una entrada a la nueva vulnerabilidad de día cero que se presentó hace algunos días para IE 6-11. Trend Micro libera este día las recomendaciones y las soluciones que presentan para aquellos que manejen estos productos. Se recomienda se apliquen especialmente para Windows XP debido al fin del soporte:
Details |
Just recently, Microsoft released Security Advisory 2963983 which describes a new zero-day vulnerability found in Internet Explorer (CVE-2014-1776). This remote code execution vulnerability allows an attacker to run code on a victim system if the user visits a website under the control of the attacker. While attacks are only known against three IE versions (IE 9-11), the underlying flaw exists in all versions of IE in use today (from IE 6 all the way to IE 11).
Read more here: Who is Affected Internet Explorer 6 to Internet Explorer 11 on All Windows Platforms. __________________________________________________________________________________ Recommended Action Trend Micro provides multiple layer solutions to against this vulnerability. File Detection: Trend Micro has updated its heuristic code in OPR 10.763.00 specifically around CVE-2014-1776 and will continue to update and improve the detection as more samples and information become available. Behavior Monitoring: Trend Micro has a heuristic feature in behavior monitoring module and available in following products which can detect the file download through exploit attack. – OfficeScan 10.6 SP3 and later – Worry-Free 9 – Titanium Antivirus+ 2013 and later Meanwhile, there is also a rule (101404.0.0) released for Browser Exploit Solution to cover this vulnerability. This solution is available in following products. – OfficeScan 11 – Worry-Free 9 – Titanium Antivirus+ 2011 and later Network Detection: For customers using Deep Security and OfficeScan Intrusion Defense Firewall (IDF), we have released following rules to cover this Vulnerability. – 1006030 – Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-1776). There is also a rule that restricts the use of the VML tag – 1001082 – Generic VML File Blocker For customers using Deep Discovery Inspector, we will release a rule – HTTP_CVE-2014-1776_IE_EXPLOIT to cover this vulnerability (NCIP 1.12083.00 and NCCP 1.12053.00)
Protection with ATSE: For customers using product with Advanced Threat Scan Engine, ATSE 9.755-1107 has released to include heuristics rules to cover file using in the exploit. – HEUR_SWFHS.A – HEUR_SWFJIT.B Current products which can use Advanced Threat Scan Engine (ATSE) includes: – ScanMail for Microsoft Exchange 10.0 SP2 and later – ScanMail for Lotus Domino 5.5 – InterScan Web Security Virtual Appliance 6.0 – InterScan Messaging Security Virtual Appliance 8.2 and later – InterScan Messaging Security Suite for Windows 7.5 – Deep Discovery Advisor 3.0 Note: Trend Micro will continue to update and improve above solutions as more samples and information become available. |
Fuente: Trend Micro