Trend Micro researchers engaged in ongoing research into the Pawn Storm targeted attack campaign have identified a new zero-day vulnerability in Oracle Java being used in new attacks associated with the campaign.
These attacks have been identified through the Trend Micro Smart Protection Network as being carried out through spear phishing messages that contain URLs to malicious servers hosting attacks against the unpatched Java vulnerability. The attacks also use a three year old vulnerability in Microsoft Windows Common Controls (CVE-2012-015) which has been addressed in MS12-027.
Specific detailed information on this attack and the new zero-day can be found here: Pawn Storm Update: Trend Micro Discovers New Java Zero-Day Exploit
Update as of July 14, 2015: Trend Micro has reported this vulnerability and worked closely with Oracle to address this new zero-day. Oracle has included the fix for this zero-day vulnerability, as well as over 190 other issues in its July 2015 Critical Patch Update for Java.
It is highly recommended that users update to the latest version of Java as soon as possible.
More information can be found in this blog: Oracle Patches Java Zero-Day Used in Operation Pawn Storm.
Trend Micro Products and Protection
Trend Micro’s Vulnerability Response and Service Engineering teams are investigating to see what, if any, products and services may be affected and/or vulnerable. At the conclusion of this investigation we will take appropriate steps to address any issues that are identified.
If any Trend Micro product and services are affected, this Knowledge Base article will be updated to contain the most up-to-date list of products that have been tested for this vulnerability. This list will continually be updated as the investigation on additional products are completed, as well as information for any patches or solutions required if necessary.
In addition, Trend Micro has some solutions that already provide protection against this threat:
- Trend Micro Deep Security and Vulnerability Protection(formerly the IDF plug-in for OfficeScan) customers with the latest rules also have an additional layer of protection against this vulnerability. Specifically, Trend Micro has released the following rule for proactive protection:
- Deep Packet Inspection (DPI) rule 1006857 – Oracle Java SE Remote Code Execution Vulnerability
Trend Micro always highly recommends that vendor critical patches are applied as soon as possible upon release. Customers and partners who may need some additional information or have questions are encouraged to contact their authorized Trend Micro technical support representative for further assistance.