A vulnerability has been discovered in the Trend Micro InterScan Web Security Virtual Appliance (Secure web gateway) which could allow for remote code execution. Trend Micro has released new builds of the Trend Micro InterScan Web Security Virtual Appliance which resolve vulnerabilities in the product that could potentially allow a remote attacker to execute arbitrary code on vulnerable installations.
- IWSVA 6.5 SP2 (Build 1620)
- IWSVA 6.0 SP1 (Build 1255)
- IWSVA 6.0 (Build 1262)
A vulnerability has been discovered in the Trend Micro InterScan Web Security Virtual Appliance which could allow for remote code execution. Trend Micro has released new builds of the Trend Micro InterScan Web Security Virtual Appliance which resolve vulnerabilities in the product that could potentially allow a remote attacker to execute arbitrary code on vulnerable installations. This update resolves some vulnerabilities in the Trend Micro InterScan Web Security Virtual Appliance in which a remote attacker could potentially attain code execution under the context of either the current process or root. Customers are highly encouraged to update to the latest build as soon as possible. Remote code execution generally requires that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review access to critical systems and ensure policies and perimeter security is up-to-date.
-
After appropriate testing, apply appropriate patches provided by Trend Micro to vulnerable systems.
-
Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
-
Review access to critical systems and ensure policies and perimeter security is up-to-date.