New Delhi, May 6, 2014: Trend Micro Incorporated, Global leader in cloud security, warns of and provides mitigation around the first Internet Explorer zero-day vulnerability – CVE-2014-1776 – which will remain unpatched in Windows XP.To protect users against exploits leveraging this vulnerability, Trend Micro has released two rules to help reduce the threat until a patch is provided by Microsoft, and to protect unsupported Operating Systems (“OS”) such as Windows XP.
The deep packet inspection (“DPI”) rules available to customers of Trend Micro Deep Security and OfficeScan Intrusion Defense Firewall (“IDF”) include:
- 1006030 – Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-1776)
- 1001082 0 – Generic VML File Blocker
Announced over the weekend via the Microsoft Security Advisory 2963983, the CVE-2014-1776 vulnerability is due to the way Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The successful exploitation of the vulnerability allows an attacker to execute arbitrary code in the context of the current user, allowing the attacker to run code on a victim system if the user visits a website under the control of the attacker.
Users can be lured into opening specially crafted webpages using the Internet Explorer by clickable links sent through emails or instant messages. The Adobe Flash file embedded in these malicious sites will then be used to bypass Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) protections on the target system. While attacks are only known against three IE versions 9 to 11, the underlying flaws exists in all versions of IE in use today, from IE 6 through to IE11.
Dhanya Thakkar, Managing Director, India & SEA, Trend Micro, said, “This vulnerability may linger unpatched in many systems for some time, as it is the first vulnerability affecting Windows XP systems that will not be patched. This means that for the millions of users still using this particular operating system, they will be left with a security hole that will never be fully fixed. The risk of using unsupported OS such as Windows XP is real, and this vulnerability is proof of that. We strongly encourage Windows XP users to migrate to a supported OS as soon as they can, and ensure their systems are protected as they plan for the migration.”
Users can reduce risk from this vulnerability by disabling or removing the Flash Player from IE whenever possible.In addition, Microsoft has also indicated some workarounds as part of their security advisory including the Enhanced Protected Modefor IE 10 and 11, deemed as one of the easiest workarounds in the advisory by Trend Micro security experts.
Protecting unprotected and under-protected systems
The end of support for any software, OS or not, leaves organizations more vulnerable to threats, but there are some solutions that can help address or mitigate this dilemma including:
- Virtual Patching: With the ability to “virtually patch” affected systems before actual patches are made available, virtual patching complements traditional patch management strategies reducing the risks to companies. Another benefit is that it can “virtually patch” unsupported applications. For example, Trend Micro Deep Security has been supporting Windows 2000 vulnerabilities even beyond its end of support.
- Enhanced Mitigation Experience Toolkit (EMET): Trend Micro threat security experts recommends using the EMET toolkit which prevents software vulnerabilities from being exploited through several security mitigation technologies, thereby reducingexploits from this vulnerability.
Cyber threats can have profound effects on companies. Trend Micro urges all IE users to stay vigilant and migrate away from Windows XP to a supported operating system, while ensuring their systems are always protected as they prepare for enterprise-wide migration.