Trend Micro releases mitigation rules for IE flaw
Security specialist fills void as Microsoft continues work on patch
Cyber security specialist Trend Micro Inc today announced the availability of mitigation features in its products for the recently found flaw in Microsoft Internet Explorer.
The flaw is present in versions 6 to 11 of Microsoft's browser (although Trend Micro said attacks have only been detected in versions 9 to 11) and can be exploited when Flash objects imbedded in a compromised website are executed by the browser. The objects can then be used to bypass Data Execution Prevention (DEP) and Address Space Layout Randomisation (ASLR) protections on the target system. Worst case scenarios include complete admin rights being ceded to attackers.
The US and UK governments issued rare advisories urging users to switch to alternative browsers until Microsoft issues a patch, but regional experts previously told ITP.net that while this may be a trivial decision for individual users, many enterprises may use Web-based applications that require IE to run properly.
Trend Micro has an alternative for those users tied to IE or to Windows XP, as the legacy system is out of support with Microsoft and is not currently expected to receive a patch. Trend has released two deep packet inspection (DPI) rules for users of its Deep Security and OfficeScan Intrusion Defense Firewall (IDF) products.
The first rule addresses the IE flaw itself, which is referred to as the Microsoft Internet Explorer Remote Code Execution Vulnerability. The second is a generic VML file blocker.
Continues on next page>>
"This vulnerability may linger unpatched in many systems for some time, as it is the first vulnerability affecting Windows XP systems that will not be patched," said Macky Cruz, security focus lead, Trend Micro.
"This means that for the millions of users still using this particular operating system, they will be left with a security hole that will never be fully fixed. The risk of using unsupported OS such as Windows XP is real, and this vulnerability is proof of that. We strongly encourage Windows XP users to migrate to a supported OS as soon as they can, and ensure their systems are protected as they plan for the migration."
Trend Micro further advised that users can reduce risk from the vulnerability by disabling or removing the Flash Player from IE. In addition, Microsoft has also indicated some workarounds as part of their own security advisory including the Enhanced Protected Mode for IE 10 and 11, deemed as one of the easiest workarounds in the advisory by Trend Micro.
When addressing the retired Windows XP, Trend highlighted the option of virtual patching, where unsupported platforms and applications are patched by third-party products, such as security software. Trend said its Deep Security product has already been supporting Windows 2000 vulnerabilities beyond its end of support.