The IERS (International Earth Rotation and Reference System Service) has communicated via an official bulletin that a positive leap second will be introduced at the end of June 2015. The leap second needs to be added in 2015 to keep the atomic clock time in sync with the Earth's actual rotational time.
Leap Seconds are a periodic one-second adjustment of Coordinated Universal Time (UTC) in order to keep a system's time of day close to the mean solar time. However, the Earth's rotation speed varies in response to climatic and geological events; and due to this UTC leap, seconds are irregularly spaced and unpredictable.
The last leap second was inserted on June 30, 2012, and the next leap second insertion is scheduled on June 30, 2015, at 23:59:60 UTC.
The sequence of dates of the UTC second markers will be:
2015 June 30, 23h 59m 59s
2015 June 30, 23h 59m 60s
2015 July 1, 0h 0m 0s
What Trend Micro products are affected?
Trend Micro’s Product Vulnerability Response and Service Engineering teams have conducted a thorough analysis of our products and services to identify if any technologies may be affected. They have confirmed that only Linux based products may be affected by the leap second and Windows based products are not affected.
The following Linux-based products have been found to be potentially affected by the upcoming leap second. Fortunately, the workaround for most of these products is to temporarily disable NTP before June 30, 2015, and then re-enable it after July 1, 2015, to prevent any potential issues. For the remaining products, a hotfix or patch with an updated kernel may be required.
|InterScan Web Security Virtual Appliance||5.6, 6.0 SP1 and 6.5||The ntpd deamon in IWSVA is disabled by default. However, there is a cron job to sync time every day. Trend Micro testing has found that only devices that have their clock set to UTC +6 could be potentially affected, which is a very small subset of territories.|
|Deep Discovery Email Inspector||2.0 GM, SP1 and SP2||
As a workaround solution, disable ntp during the leap second:
The next major release is in the fourth quarter of 2015.
|Network VirusWall Enforcer||3.0, 3.1, 3.2, 3.5||
As workaround solution, disable ntp during the leap second:
The next major release is in 2016.
More information on why the Windows OS platform is not affected can be found here.
What if my product is not listed?
If the product has not reached End-of-Support, it is most likely that Trend Micro is still analyzing the vulnerability and its impact on your product. As soon as the analysis is completed, the product will be added in the list.
What if I have additional questions?
Trend Micro always highly recommends that vendor critical patches are applied as soon as possible upon release. Customers and partners who may need some additional information or have questions are encouraged to contact Technical Support or their authorized Trend Micro technical support representative for further assistance.