Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Trend Micro products and the CCS Injection Vulnerability – [CVE-2014-0224] OpenSSL Vulnerability

    • Updated:
    • 24 Nov 2016
    • Product/Version:
    • Control Manager 6.0
    • Deep Security 8.0
    • OfficeScan 10.6
    • Platform:
    • Linux - Red Hat RHEL 6 32-bit
    • Linux - Red Hat RHEL 6 64-bit
    • Windows 2003 Enterprise
    • Windows 2003 Standard
    • Windows 2008 Enterprise
    • Windows 2008 Standard
    • Windows 2012 Enterprise
    • Windows 2012 Standard

What is the CCS Injection Vulnerability?

The CCS Injection Vulnerability (CVE-2014-0224) is a serious vulnerability in the popular OpenSSL cryptographic software library. OpenSSL is an implementation of the SSL/TLS encryption protocol used to protect the privacy of Internet communication. OpenSSL is used by many websites and other applications such as email, instant messaging, and VPNs.

In certain versions of OpenSSL, an attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.

Who is impacted by the CCS Injection Vulnerability?

Recent reports indicate that this vulnerability has existed for at least ten (10) years but was only just discovered, and due to the number of organizations that have deployed servers running OpenSSL, companies who were concerned or affected by the recent Heartbleed bug may also want to take serious note of this vulnerability.

OpenSSL versions said to be affected include:

  • versions before 0.9.8za
  • 1.0.0 before 1.0.0m
  • 1.0.1 before 1.0.1h

Preliminary reports have noted that it is very difficult, if not impossible, to determine if an attack has occurred in the past because it leaves virtually no trace. Accordingly, even if an organization is not currently vulnerable, it may have been in the past and it should therefore take immediate steps to remediate if they have deployed the vulnerable OpenSSL versions.

Since some Trend Micro products may be using the affected OpenSSL version, these products may be affected by this vulnerability. This article contains the list of products that are affected and the recommended action to take to eliminate the risks as they are identified and corrected.

For your external references:


What Trend Micro products are not affected?

Advanced Reporting and Management for InterScan Web Security (ARM)1.5No0.9.8b
Advanced Reporting and Management for InterScan Web Security (ARM)1.6No1.0.0b
Control Manager (TMCM)5.5, 6.0, 6.0 SP1No0.9.6m, 1.0.1g
Core Protection Module (CPM) - ESP10.5, 10.6, 10.6 SP1, 10.6 SP2NoNot using OpenSSL
Core Protection Module (CPM) for Mac1.1NoNot using OpenSSL
Cisco Content Security and Control Security Services Module (Stargate)6.6NoNot using OpenSSL
Damage Cleanup Services (DCS)3.2NoNot using OpenSSL
Deep Discovery Email Inspector (DDEI)2.0 SP1Nov1.0.1h
Deep Discovery Inspector (DDI)3.0, 3.1No1.0.0d
3.2, 3.5, 3.6No1.0.0j
Deep Security for Web Apps2.0NoNot using OpenSSL
DirectPass1.8NoNot using OpenSSL
Data Loss Prevention (DLP) Endpoint5.0J, 5.2J, 5.5, 5.6No0.9.7a, 1.0.0c
Email Security Platform for Service Providers - White Label3.0No0.9.8e-fips-rhel5
Email Security Platform for Service Providers - White Label (EMSP-SP - NTT-C)3.2No0.9.8e
InterScan Messaging Security Suite (IMSS)7.0 LinuxNo0.9.8j
7.1 LinuxNo0.9.8x
InterScan VirusWall (ISVW)6.02 Linux, 7.0 WinNo0.9.8
InterScan Web Security Suite (IWSS)3.1 Sol JP, Linux EN/JP, Win EN/JPNo0.9.7d
5.6 Linux JPNo1.0.0b
InterScan Web Security Virtual Appliance (IWSVA)5.5 ENNo0.9.8a
5.6 EN/JP/SCNo1.0.0b
6.0 SP1 ENNo1.0.0j
Mobile Security (TMMS)1.2, 2.0, 2.1, 2.2, 2.5, 2.6, 3.0, 3.1, 3.5, 5.0NoNot using OpenSSL
OfficeScan (OSCE)10.5, 10.6, 10.6 SP1, 10.6 SP2, 10.6 SP3, 11.0No0.9.6l
Portable Security (TMPS)2.0No1.0.1g
1.0, 1.1, 1.5NoNot using OpenSSL
PortalProtect2.0, 2.1No1.0.0a
Safe Lock (TMSL)1.0?, 1.1NoNot using OpenSSL
SafeSync5.0NoNot using OpenSSL
SafeSync for Business5.1No1.0.1-4ubuntu5.14
Smart Protection Server (TMSPS)2.0, 2.5, 2.6No0.9.8q
Smart Surfing for MAC1.6NoNot using OpenSSL
ScanMail for Microsoft Exchange (SMEX)10.2, 10.2 SP2, 11.0No1.0.0a
ScanMail for Lotus Domino (SMLD)3.0, 3.1, 5.0, 5.5NoNot using OpenSSL
Security for NAS (TMNAS)1.0, 1.1No1.0.0
ServerProtect for Windows (SPNT)5.7, 5.8NoNot using OpenSSL
Threat Discovery Appliance (TDA)2.55No0.9.8
2.6 SP1No1.0.0d
Threat Mitigator (TMTM)2.58No1.0.0L
TMEE Data Armor3.0?, 5.0NoNot using OpenSSL
TMEE Drive Armor3.0?, 5.0NoNot using OpenSSL
TMEE File Armor3.0?, 5.0NoNot using OpenSSL
TMEE Key Armor3.0?, 5.0NoNot using OpenSSL
TMEE Policy Server3.1?, 5.0NoNot using OpenSSL
Trend Micro Online Guardian (TMOG)1.0, 1.5, 1.6, 1.8NoNot using OpenSSL
Trend Micro Security for Macintosh (TMSM)2.0, 2.0 SP1, 2.1No1.0.1e
USB Security (TMUSB)1.1, 1.3, 2.0NoNot using OpenSSL
Worry-Free Business Security (WFBS)7.0No0.9.8i
Worry-Free Business Security Services (WFBS-SVC)5.3 SP1No1.0.1e
Worry-Free Remote Manager (WFRM)2.5, 2.6, 3.0, 3.1No1.0.0

What if my product is not listed?

If the product has not reached End-of-Support, it is most likely that Trend Micro is still analyzing the vulnerability and its impact on your product. As soon as the analysis is completed, the product will be added in the list.

What if I have additional questions?

For additional inquiries, contact Technical Support.

Troubleshoot; Remove a Malware / Virus
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.