Additional Background Information
OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites. OpenSSL contains an open-source implementation of the SSL and TLS protocols (Wikipedia).OpenSSL 3.0 was released in September 2021 and this latest version is included in the most recent versions of several popular Linux distributions. OpenSSL is also widely used in security technology used to protect against Internet intrusions, but versions can vary widely depending on usage.
More specific background information can be found in the following Trend Micro blog: Latest on OpenSSL 3.0.7 Critical Bug & Security Fix .
The most direct way for administrators to validate what version of OpenSSL they may have deployed is to utilize the following command:
openssl versionPlease note this command is only for installed versions of OpenSSL and would not cover specific libraries that may be embedded or included as part of commercial applications. Administrators should check with their application vendors for updated information on potential packages that may need updates.
Using Trend Micro Products for Investigation
The following highlights several items that can be used by customers to investigation potential exposure to the vulnerabilities.Trend Micro Vision One™
Trend Micro Vision One customers benefit from XDR detection capabilities of the underlying products such as Trend Micro Apex One. The following outlines some of the components of Trend Micro Vision One that can be used for preparation and inventory:
Assessment > Security Assessment
As of November 2, 2022, Trend Micro Vision One customers now have access to a new Security Assessment that covers this new vulnerability.
Users who are not already Trend Micro Vision One customers can visit Trend Micro's Security Assessment Service Landing Page for more information on how to get access to the Security Assessment for a limited time.
Risk Insights > Executive Dashboard
Customers utilizing the Executive Dashboard component of Risk Insights can view pieces of proactive information about Trend Micro rules and mitigations, as well as act on potentially affected devices (if Vulnerability Detection is enabled).
Please note, that similar to the openssl version command outlined above, the current detections cover only instance where OpenSSL is fully installed versus merely present as part of another application.
Trend Micro Cloud One™ - Container Security
Trend Micro Cloud One - Container Security customers can easily assess if any container running on Kubernetes clusters is impacted by the newly released vulnerabilities. Please visit this article for further information: Using Trend Micro Cloud One - Container Security to Assess Contained Potentially Affected by OpenSSL 3.x Vulnerability.
Trend Micro Protection and Detection Against Exploitation
First and foremost, it is always highly recommended that users apply the vendor's patches when they become available and is feasible. At this time, OpenSSL 3.0.7 has been released to address the issue.In addition to the formal patch, Trend Micro has released some supplementary rules, filters and detection that may help provide additional protection against potential exploits.
Preventative Rules, Filters & Detection
Trend Micro Cloud One - Workload Security and Deep Security IPS Rules- Rule 1011591 - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3602) - Client
- Rule 1011590 - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3602) - Server
Trend Micro Cloud One - Network Security and TippingPoint Filters
- Filter 41923: TLS: OpenSSL ossl_punycode_decode Buffer Overflow Vulnerability (Client)
- Filter 41924: TLS: OpenSSL ossl_punycode_decode Buffer Overflow Vulnerability (Server)
Trend Micro Vulnerability Protection IPS Rules
- Rule 1011591 - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3602) - Client
Trend Micro Deep Discovery Rules
- Rule 4793 - CVE-2022-3602_TCP_OPENSSL_BUFFER_OVERFLOW_EXPLOIT - TCP(REQUEST)
- Rule 4794 - CVE-2022-3602_TCP_OPENSSL_BUFFER_OVERFLOW_EXPLOIT - TCP(RESPONSE)
+
Affected Trend Micro Products
Trend Micro is currently undergoing a proactive inventory of products and services that may have affected versions of OpenSSL 3.x. If any products are found to be affected / vulnerable, they will be listed here with information about potential mitigations.The following chart lists products that have been found to be unaffected. Additional products are still under evaluation.
| Trend Micro Product/Service Name | Status |
| Apex Central | Not Affected |
| Apex Central as a Service | Not Affected |
| Apex One (including Apex One as a Service) | Not Affected |
| Cloud App Security | Resolved |
| Cloud Edge | Not Affected |
| Cloud One - Application Security | Not Affected |
| Cloud One - Container Security | Not Affected |
| Cloud One - File Storage Security | Not Affected |
| Cloud One - Network Security | Not Affected |
| Cloud One - Subscription | Not Affected |
| Cloud One - User Management | Not Affected |
| Cloud One - Workload Security | Not Affected |
| DDAaaS | Not Affected |
| Deep Discovery Analyzer | Not Affected |
| Deep Discovery Director | Not Affected |
| Deep Discovery Email Inspector | Not Affected |
| Deep Discovery Inspector | Not Affected |
| Deep Security | Not Affected |
| InterScan Messaging Security Virtual Appliance (IMSVA) | Not Affected |
| InterScan Messaging Security | Not Affected |
| InterScan Web Security Suite | Not Affected |
| InterScan Web Security Virtual Appliance | Not Affected |
| ScanMail for Domino (SMD) - Linux | Affected Contact Trend Micro Support for Hotfix |
| ServerProtect For EMC Celerra | Not Affected |
| ServerProtect For Linux | Not Affected |
| ServerProtect For Microsoft Windows/Novell NetWare | Not Affected |
| ServerProtect For Network Appliance Filers | Not Affected |
| ServerProtect For Storage | Not Affected |
| TippingPoint IPS N-series | Not Affected |
| TippingPoint IPS NX-series | Not Affected |
| TippingPoint Network Protection (AWS) | Not Affected |
| TippingPoint Network Protection (Azure) | Not Affected |
| TippingPoint SMS | Not Affected |
| TippingPoint TPS | Not Affected |
| TippingPoint TX-Series | Not Affected |
| TippingPoint Virtual SMS | Not Affected |
| TippingPoint Virtual TPS | Not Affected |
| TXOne - EdgeFire | Not Affected |
| TXOne - EdgeIPS (including Pro) | Not Affected |
| TXOne - ODC | Not Affected |
| TXOne - StellarEncforce | Not Affected |
| TXOne - StellarOne | Not Affected |
| TXOne - StellerProtect | Not Affected |
| Vision One | Not Affected |
| Worry-Free Business Security (including WF Services) | Not Affected |
Please continue to visit this article for updates.
Reference
- Trend Micro Blog: Latest on OpenSSL 3.0.7 Critical Bug & Security-Fix
- OpenSSL Formal Disclosure: https://www.openssl.org/news/secadv/20221101.txt
- OpenSSL Blog: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows