Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

New "Zero-Day" Vulnerability in Adobe Flash

    • Updated:
    • 19 Oct 2016
    • Product/Version:
    • Control Manager 6.0
    • Deep Discovery 3.0
    • Deep Discovery 3.1
    • Deep Discovery 3.2
    • Deep Discovery Advisor 3.0
    • Deep Discovery Analyzer 5.0
    • Deep Discovery Analyzer 5.1
    • Deep Discovery Email Inspector 2.0
    • Deep Discovery Inspector 3.0
    • Deep Discovery Inspector 3.2
    • Deep Discovery Inspector 3.5
    • Deep Discovery Inspector 3.6
    • Deep Discovery Inspector 3.7
    • Deep Discovery Inspector 3.8
    • Deep Edge 1.5
    • Deep Edge 2.0
    • Deep Security 7.5
    • Deep Security 8.0
    • Deep Security 9.0
    • Deep Security 9.5
    • Deep Security as a Service 2.0
    • Deep Security for Web Apps 2.0
    • InterScan Messaging Security Suite 7.1 Linux
    • InterScan Messaging Security Suite 7.1 Windows
    • InterScan Messaging Security Virtual Appliance 8.2
    • InterScan Messaging Security Virtual Appliance 8.5
    • InterScan Messaging Security Virtual Appliance 9.0
    • OfficeScan 10.6
    • OfficeScan 11.0
    • ServerProtect for Linux 3.0
    • ServerProtect for Microsoft Windows/Novell Netware 5.7
    • ServerProtect for Microsoft Windows/Novell Netware 5.8
    • Worry-Free Business Security Services 5.7
    • Worry-Free Business Security Standard/Advanced 7.0
    • Worry-Free Business Security Standard/Advanced 8.0
    • Worry-Free Business Security Standard/Advanced 9.0
    • Platform:
    • N/A N/A
Summary

Trend Micro is aware of the recently reported unpatched “zero-day” vulnerability affecting versions of Adobe Flash (up to version 16.0.0.287) on Microsoft Windows systems. We have also obtained samples from our Smart Protection Network of malicious SWF files used by the Angler Exploit kit that may be exploiting this vulnerability, currently detected as SWF_ANGZIA.A using Trend Micro’s latest VSAPI and SmartScan pattern files.

Details
Public

Trend Micro’s primary recommendation to users when vulnerabilities such as this one is discovered is to apply a vendor-issued patch as soon as possible; however, Adobe has not yet released an official patch or fix for this issue as of the time of this writing.

Fortunately, Trend Micro has some solutions that already provide protection against this threat:

  1. The Browser Exploit Prevention (BEP) feature in Trend Micro Endpoint solutions (such as Worry-Free Business Security and OfficeScan) blocks the exploit upon accessing the URL it is hosted in. BEP also protects against exploits that target browsers or related plugins.
  2. Domains and URLs associated with the Angler Exploit are already detected and blocked using Trend Micro Web Reputation Services (WRS):
    • sdhcnniq33iq3ytrg.nojovoitrwaz.in/ea6gutg5x5
    • asdbvgzt3440s834.in
    • bidolazot54moosa.in
    • nojovoitrwaz.in
    • bxoipoqlytera.in
    • hdusnzpo2n3.in
  3. Deep Security, Vulnerability Protection (formerly the IDF plug-in for OfficeScan), and Deep Discovery customers with the latest rules also have an additional layer of protection against this vulnerability. Specifically, Trend Micro has released the following rules and patterns for proactive protection:
    • Deep Security rule DSRU15-002;
    • Deep Packet Inspection (DPI) rule 1006460 for Deep Security and Vulnerability Protection (formerly the IDF plug-in for OfficeScan) customers; and
    • The existing Sandbox and Script Analyzer engine that is part of Deep Discovery can also be used to detect this threat, without any engine or pattern update.
  4. Administrators looking to block Flash can specifically block the affected versions from running or even lock down their endpoints to only run specific applications and their updates with Endpoint Application Control. This lockdown policy blocks all unwanted applications (Ex: Any malware from executing on the endpoint).

Again, Trend Micro always highly recommends that vendor critical patches are applied as soon as possible upon release. Customers and partners who may need some additional information or have questions are encouraged to contact their authorized Trend Micro Technical Support representative for further assistance.

References:

Premium
Internal
Rating:
Category:
Remove a Malware / Virus
Solution Id:
1107564
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.