Oracle has released its Critical Patch Update for the month of July. The update provides fixes for 193 new security vulnerabilities, including the recently announced zero-day vulnerability first reported by Trend Micro researchers. What makes the zero-day discovery more notable is that it is being used in an ongoing targeted attack campaign, Operation Pawn Storm. This particular vulnerability was designated as CVE-2015-2590.
Trend Micro first came across this vulnerability (and exploit) as part of our ongoing investigations on Operation Pawn Storm. We found email messages targeting a certain armed forces of a NATO country and a US defense organization contained these malicious URLs where the Java exploit is hosted. This exploit sets off a chain of malware infections that lead to its final payload: an information-stealing malware.
More details about the connections between Pawn Storm and this vulnerability will be made available in an upcoming blog entry.
We recommend users install the latest security fix from Java immediately.
Trend Micro is already able to protect users against exploits targeting this vulnerability without any necessary updates. The existing Sandbox with Script Analyzer engine, which is part of Trend Micro™ Deep Discovery, can be used to detect this threat by its behavior. The Browser Exploit Prevention feature in the Endpoint Security in Trend Micro™ Smart Protection Suite detects the exploit once the user accesses the URL that hosted it. Our Browser Exploit Prevention detects user systems against exploits targeting browsers or related plugins.
Vulnerability protection in Trend Micro Deep Security protects user systems from threats that may leverage this vulnerability with the following DPI rule:
- 1006857 – Oracle Java SE Remote Code Execution Vulnerability