Views:

As of May 26, 2015, researchers have indicated that major browsers by Mozilla, Google, Microsoft, and Apple, among others, are working on fixes to address this vulnerability. End-users can also check if their browser is vulnerable by visiting this site.

Software developers are encouraged to check that any encryption libraries that are used or bundled with their applications are all up to date. In addition, the use of larger prime numbers for key exchange can be specified as well.

IT administrators with servers that use any of the at-risk services and protocols may perform the following actions:

  • Disable support for all export cipher suites, to ensure they cannot be used.
  • Increase the number of bits used by the prime numbers in the Diffie-Hellman key exchange to 2048 bits; this ensures that exceptional computational powers would be needed to break any encryption based on this process.

Does Trend Micro offer any protection against this vulnerability?

Fortunately, Trend Micro has some solutions that already provide protection against this threat.

Trend Micro Deep Security and Vulnerability Protection (formerly the IDF plug-in for OfficeScan) customers with the latest rules also have an additional layer of protection against this vulnerability.

Specifically, Trend Micro has released the following rules and patterns for proactive protection:

  • Security Update 15-016 for Deep Security (DSRU15-016)
  • Deep Packet Inspection (DPI) rule 1006561 – Identified Usage Of TLS/SSL EXPORT Cipher Suite In Response
  • Deep Packet Inspection (DPI) rule 1006562 – Identified Usage Of TLS/SSL EXPORT Cipher Suite In Request

What Trend Micro products are affected?

ProductsVersionFix Location
InterScan Messaging Security Suite (IMSS)7.1 and 7.5 WindowsIMSS 7.1 Critical Patch 1326
IMSS 7.5 Critical Patch 1326
ServerProtect for Linux (SPLX)RHEL 4/5/6 Centos 4/5/6 and SUSE 10/11SPLX 3 Product Patch 6

Trend Micro’s Product Vulnerability Response and Service Engineering teams are conducting a thorough analysis of our products and services to identify if other technologies may be affected.

What if my product is not listed?

If the product has not reached End-of-Support, it is most likely that Trend Micro is still analyzing the vulnerability and its impact on your product. As soon as the analysis is completed, the product will be added in the list.

What if I have additional questions?

For additional inquiries, contact Technical Support.

More information on the Logjam vulnerability can be found by visiting Trend Micro’s Security Blog:
http://blog.trendmicro.com/trendlabs-security-intelligence/logjam-breaks-secure-key-exchange-sometimes/