MAY 9, 2014
Your regular source of security updates from TrendLabsSM
In This Issue

Security Spotlight
Notes from the (Russian) Underground

Security for Home Users
Taking the Bait: A Closer Look at Social Engineering

Security for Business
Virtual Patching: A Necessity amid Zero-Days

Security for Business

Virtual Patching: A Necessity amid Zero-Days

Vulnerabilities, particularly zero-days, trigger a race against time.”

The end of March was marked by notable zero-days targeting , Adobe Flash®, and Apache Struts. The vulnerabilities found highlighted the all-too-real dilemma of protecting computers—particularly those in an enterprise setup—from exploits when no official patches are readily available.

A Season of Zero-Days

Microsoft released a security advisory describing an Internet Explorer Memory Corruption zero-day vulnerability (CVE-2014-1776). This allows a malicious code to run on a vulnerable system if its user visits a site under an attacker’s control. Adobe also released an advisory for a Flash vulnerability and reported that an exploit for this was found in the wild.

The creators of Apache Struts—a framework used to build and deploy Java™-based Web applications—also released an advisory detailing two vulnerabilities that if exploited could allow remote code execution.

A Race Against Time

Vulnerabilities, particularly zero-days, trigger a race against time. Developers need to immediately create security patches for these so as not to leave users unprotected against related threats. Even if patches are quickly made available, enterprises may have some legitimate cause for delaying patch application though. IT administrators, for one, need enough time to test patches in their environments before actual deployment.

The Virtue of Virtual Patching

Enterprises should consider virtual patching on top of traditional patching practices or strategies. Virtual patching provides the functionality of a software patch by creating network policies based on internal and external resources. Virtual patching works on the premise that exploits often take an identifiable network path to and from an application to use vulnerabilities. This makes it possible to manipulate and protect a network through rules.

Virtual patching can “patch” vulnerabilities to help mitigate risks while official patches remain unavailable. It can also help protect unsupported systems. For example, Trend Micro™ Deep Security has been providing patches for Windows® 2000 vulnerabilities beyond its end of support.

Virtual patching allows enterprises to effectively manage complex challenges like zero-days and unsupported systems. It also addresses the challenge of managing a constant influx of high-profile vulnerabilities and critical updates each week.

Copyright ©2014 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their respective owners. The information contained in this document is subject to change without prior notice.