NOVEMBER 15, 2013
Your regular source of security updates from TrendLabsSM
In This Issue

Security Spotlight
How to Avoid the Latest Microsoft Office Bug

Security for Home Users
How Attacks Adapt

Security for Business
Older Versions of Software Targeted by Zero-Day Exploit

Security for Business

Older Versions of Software Targeted by Zero-Day Exploit

Attackers exploit software vulnerabilities as means to compromise computers and, consequently, penetrate corporate networks.”

Cybercriminals exploits software vulnerabilities as means to infect computers and, consequently, penetrate corporate networks. A zero-day exploit has been targeting older versions of Microsoft Office such as 2003, 2007, and 2010 as well as Windows XP and Server 2003. The said zero-day exploit is being used in targeted attacks and highlights the importance of updating software and OSs.

The Benefits of Virtual Patching

System administrators often delay deploying software patches or updates despite the dangers exploits, especially zero days, pose. There are cases when mission-critical software or systems are not updated because patching requires restarts, which can disrupt business operations. In addition, it takes time to deploy patches, as administrators need to do quality assurance checks first. To protect your network against exploits, you need virtual patching or virtual shielding. This allows you to continue your operations while protecting your network from vulnerability exploits.

Here are the technologies used in virtual patching:

  • Intrusion detection and prevention: This secures vulnerable software and systems even in the absence of a vendor patch. It does so by blocking vulnerabilities’ use of certain traffic protocols in your network.
  • Multilayered firewalls: Through design policies and filtering per network, firewalls prevent denial-of-service (DoS) and other attacks against physical, cloud, and virtual servers.
  • Recommendation scanning: This recommends rules that need to be deployed first to protect your network.

Large organizations and enterprises should implement virtual patching to complement traditional patch management to mitigate risks that vulnerable critical systems and software introduce to their networks.

How Can Virtual Patching Protect Your Organization?

Virtual patching secures your network during the window of exposure—the amount of time that passes between the patch release and patch deployment. It allows system administrators to protect their networks in instances when patches take several hours to weeks or even months to be released, even after a vulnerability has been reported. One such example is the Adobe® Acrobat® Reader U3D Component Memory Corruption vulnerability, whick took 34 days before a fix was made available. In such events, virtual patching becomes highly critical to protect organizations and enterprises from malware infection and, possibly, even information theft.

Copyright ©2013 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their respective owners. The information contained in this document is subject to change without prior notice.