Protection Against Exploitation
First and foremost, it is always highly recommended that users apply the vendor's patches when they become available.Spring Framework 5.3.18 (5.3x) and 5.2.20 (5.2x) as well as Spring Boot 2.6.6 and 2.5.12 have been released to resolve the issue. Users are strongly encouraged to upgrade to these latest versions as soon as possible.
Spring has also posted some detailed workarounds in their blog that may be temporarily utilized until an upgrade is possible.
Trend Micro Protection and Investigation
In addition to the vendor patch(s) that should be applied, Trend Micro has released some supplementary rules, filters and detection protection that may help provide additional protection and detection of malicious components associated with this attack servers that have not already been compromised or against further attempted attacks.Preventative Rules, Filters & Detection
Trend Micro Cloud One - Workload Security and Deep Security IPS Rules
- Rule 1011372 - Spring Framework "Spring4Shell" Remote Code Execution Vulnerability (CVE-2022-22965)
Trend Micro Cloud One - Network Security and TippingPoint Filters
- Filter 41108: HTTP: Spring Core Code Execution Vulnerability
Trend Micro Deep Discovery Inspector Network Content Inspection Rules
- Rule 4678: CVE-2022-22965 - SPRING RCE EXPLOIT - HTTP(REQUEST)
- Rule 4679: POSSIBLE JAVA CLASSLOADER RCE EXPLOIT - HTTP(REQUEST)
Trend Micro Cloud One - Open Source Security by Snyk
Trend Micro Cloud One - Open Source Security by Snyk can identify vulnerable versions across all organization source code repositories with very little integration effort. Once installed, it can also monitor progress on updating to non-vulnerable versions.
Impact on Trend Micro Products
As of this writing, no Trend Micro products have been found to be affected. Please refer to the KB article: SECURITY BULLETIN: Trend Micro Products and Spring Cloud (CVE-2022-22963) and Spring Framework (CVE-2022-22965) RCE Vulnerabilities for the complete list of products and the current status.