Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Trend Micro solutions to protect against the Microsoft Internet Explorer (IE) Vulnerability (CVE-2014-1776)

    • Updated:
    • 31 Mar 2015
    • Product/Version:
    • Deep Discovery Inspector 3.6
    • Deep Discovery Inspector 3.7
    • Deep Discovery Inspector 3.8
    • Deep Security 8.0
    • Deep Security 9.0
    • Intrusion Defense Firewall 1.5
    • OfficeScan 10.6
    • OfficeScan 11.0
    • Titanium AntiVirus + 2013.All
    • Titanium AntiVirus + 2014.All
    • Worry-Free Business Security Standard/Advanced 9.0
    • Platform:
    • N/A N/A
Summary

Recently, Microsoft released Security Advisory 2963983, which describes a new zero-day vulnerability found in Internet Explorer (CVE-2014-1776). This remote code execution vulnerability allows an attacker to run the code on a victim system if the user visits a website under the control of the attacker. While the attacks are only known against three IE versions, which are IE 9, 10, and 11, the underlying flaw exists in all versions of IE in use today from IE 6 to IE 11.

For more details, read the article Internet Explorer Zero-Day Hits All Versions In Use.

Details
Public

This issue affects IE 6 to IE 11 on all Microsoft Windows platforms.

Update as of May 1, 2014 11:00 AM PST: Microsoft has released an emergency out-of-band security update to address this issue on all currently supported platforms, including Windows XP. Customers are encouraged to apply these security patches as soon as possible.

Refer to the following Microsoft articles for more information:

Even though Microsoft has just issued an emergency patch, Trend Micro and other security vendors are still analyzing and collecting real-time information on this vulnerability and potential exploits.

In the meantime, Trend Micro has released some proactive protection mechanisms to help customers guard against potential exploits of this vulnerability:

File Detection

Trend Micro has updated its heuristic code in OPR 10.763.00, specifically around CVE-2014-1776, and will continue to update and improve the detection as more information and samples become available. All customers utilizing Trend Micro VSAPI detections can benefit from these updates.

In addition, there are advanced technologies on some newer products that have additional rules and benefits.

Behavior Monitoring

Trend Micro has advanced heuristic features in the behavior monitoring module available in the following products, which can detect the file download through a possible exploit attack:

  • OfficeScan (OSCE) 10.6 SP3 and above
  • Worry-Free Business Security (WFBS) 9.0
  • Titanium Antivirus+ 2013 and above

By default, these advanced features are not enabled in OfficeScan and WFBS. To enable the feature, follow the procedures on the articles below:

Browser Exploit Solution

Rule 101404.0.0 has been released to cover this vulnerability in Titanium Antivirus+ 2014.

Network Detection

For the customers who are using Deep Security and OfficeScan Intrusion Defense Firewall (IDF), the following rule is released to cover this vulnerability:

1006030 - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-1776)

There is also a rule that restricts the use of VML tag:

1001082 - Generic VML File Blocker

For the users of Deep Discovery Inspector, we will release rule HTTP_CVE-2014-1776_IE_EXPLOIT to cover this vulnerability (NCIP 1.12083.00 and NCCP 1.12053.00)

 

Additional solutions will be added as they become available.

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1103419
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.