Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Trend Micro Products and the Oracle Java Zero-day (Pawn Storm targeted attack)

    • Updated:
    • 24 Feb 2017
    • Product/Version:
    • Deep Security 9.6
    • Platform:
    • Windows 2003 Enterprise

Trend Micro researchers engaged in ongoing research into the Pawn Storm targeted attack campaign have identified a new zero-day vulnerability in Oracle Java being used in new attacks associated with the campaign.

These attacks have been identified through the Trend Micro Smart Protection Network as being carried out through spear phishing messages that contain URLs to malicious servers hosting attacks against the unpatched Java vulnerability. The attacks also use a three year old vulnerability in Microsoft Windows Common Controls (CVE-2012-015) which has been addressed in MS12-027.

Specific detailed information on this attack and the new zero-day can be found here:  Pawn Storm Update: Trend Micro Discovers New Java Zero-Day Exploit

Update as of July 14, 2015:  Trend Micro has reported this vulnerability and worked closely with Oracle to address this new zero-day.  Oracle has included the fix for this zero-day vulnerability, as well as over 190 other issues in its July 2015 Critical Patch Update for Java. 

It is highly recommended that users update to the latest version of Java as soon as possible.

More information can be found in this blog: Oracle Patches Java Zero-Day Used in Operation Pawn Storm.


Trend Micro Products and Protection

Trend Micro’s Vulnerability Response and Service Engineering teams are investigating to see what, if any, products and services may be affected and/or vulnerable. At the conclusion of this investigation we will take appropriate steps to address any issues that are identified. 

If any Trend Micro product and services are affected, this Knowledge Base article will be updated to contain the most up-to-date list of products that have been tested for this vulnerability. This list will continually be updated as the investigation on additional products are completed, as well as information for any patches or solutions required if necessary. 

In addition, Trend Micro has some solutions that already provide protection against this threat: 

  • Trend Micro Deep Security and Vulnerability Protection(formerly the IDF plug-in for OfficeScan) customers with the latest rules also have an additional layer of protection against this vulnerability. Specifically, Trend Micro has released the following rule for proactive protection: 
    • Deep Packet Inspection (DPI) rule 1006857 – Oracle Java SE Remote Code Execution Vulnerability

Trend Micro always highly recommends that vendor critical patches are applied as soon as possible upon release. Customers and partners who may need some additional information or have questions are encouraged to contact their authorized Trend Micro technical support representative for further assistance.

Remove a Malware / Virus
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.