Views:

Trend Micro Products and Protection

Trend Micro’s Vulnerability Response and Service Engineering teams are investigating to see what, if any, products and services may be affected and/or vulnerable. At the conclusion of this investigation we will take appropriate steps to address any issues that are identified. 

If any Trend Micro product and services are affected, this Knowledge Base article will be updated to contain the most up-to-date list of products that have been tested for this vulnerability. This list will continually be updated as the investigation on additional products are completed, as well as information for any patches or solutions required if necessary. 

In addition, Trend Micro has some solutions that already provide protection against this threat: 

  • Trend Micro Deep Security and Vulnerability Protection (formerly the IDF plug-in for OfficeScan) customers with the latest rules also have an additional layer of protection against this vulnerability. Specifically, Trend Micro has released the following rule for proactive protection: 
    • Deep Packet Inspection (DPI) rule 10068241 – Adobe Flash ActionScript3 ByteArray Use After Free Vulnerability (CVE-2015-5119)
    • Deep Packet Inspection (DPI) rule 1006858 – Adobe Flash ActionScript3 opaqueBackground Use After Free Vulnerability (CVE-2015-5122)
    • Deep Packet Inspection (DPI) rule 1006859 – Adobe Flash Player BitmapData Remote Code Execution Vulnerability (CVE-2015-5123)
  • The existing Sandbox with Script Analyzer engine, which is part of Trend Micro Deep Discovery, can be used to detect this threat by its behavior without any engine or pattern updates. 
  • The Browser Exploit Prevention (BEP) feature in our endpoint products such as Trend Micro Security and OfficeScan blocks the exploit once the user accesses the URL it is hosted in. Browser Exploit Prevention protects against exploits that target browsers or related plugins. 
Trend Micro always highly recommends that vendor critical patches are applied as soon as possible upon release. Customers and partners who may need some additional information or have questions are encouraged to contact their authorized Trend Micro technical support representative for further assistance

References