Skip to content

2014 Press Release

Trend Micro Helps Affected Users Navigate Internet Explorer Zero-Day CVE-2014-1776 Vulnerability

New rules and mitigation advice to tackle vulnerability affecting all versions of IE, especially Windows XP

Taipei, April 30, 2014 – Global leader in cloud security, Trend Micro Incorporated (TYO: 4704; TSE: 4704), warns of and provides mitigation around the first Internet Exlorer zero-day vulnerability – CVE-2014-1776 – which will remain unpatched in Windows XP. To protect users against exploits leveraging this vulnerability, Trend Micro has released two rules to help reduce the threat until a patch is provided by Microsoft, and to protect unsupported Operating Systems (“OS") such as Windows XP. The deep packet inspection (“DPI") rules available to customers of Trend Micro Deep Security and OfficeScan Intrusion Defense Firewall (“IDF") include:

  • 1006030 – Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-1776)
  • 1001082 0 – Generic VML File Blocker


Announced over the weekend via the Microsoft Security Advisory 2963983, the CVE-2014-1776 vulnerability is due to the way Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The successful exploitation of the vulnerability allows an attacker to execute arbitrary code in the context of the current user, allowing the attacker to run code on a victim system if the user visits a website under the control of the attacker.

Users can be lured into opening specially crafted webpages using the Internet Explorer by clickable links sent through emails or instant messages. The Adobe Flash file embedded in these malicious sites will then be used to bypass Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) protections on the target system. While attacks are only known against three IE versions 9 to 11, the underlying flaws exists in all versions of IE in use today, from IE 6 through to IE11.

“This vulnerability may linger unpatched in many systems for some time, as it is the first vulnerability affecting Windows XP systems that will not be patched. This means that for the millions of users still using this particular operating system, they will be left with a security hole that will never be fully fixed. The risk of using unsupported OS such as Windows XP is real, and this vulnerability is proof of that. We strongly encourage Windows XP users to migrate to a supported OS as soon as they can, and ensure their systems are protected as they plan for the migration," comments , Macky Cruz , Security Focus Lead, Trend Micro Inc.

Users can reduce risk from this vulnerability by disabling or removing the Flash Player from IE whenever possible. In addition, Microsoft has also indicated some workarounds as part of their security advisory including the Enhanced Protected Mode for IE 10 and 11, deemed as one of the easiest workarounds in the advisory by Trend Micro security experts.

Protecting unprotected and under-protected systems

The end of support for any software, OS or not, leaves organizations more vulnerable to threats, but there are some solutions that can help address or mitigate this dilemma including:

  • Virtual Patching: With the ability to “virtually patch" affected systems before actual patches are made available, virtual patching complements traditional patch management strategies reducing the risks to companies. Another benefit is that it can “virtually patch" unsupported applications. For example, Trend Micro Deep Security has been supporting Windows 2000 vulnerabilities even beyond its end of support.
  • Enhanced Mitigation Experience Toolkit (EMET): Trend Micro threat security experts recommends using the EMET toolkit which prevents software vulnerabilities from being exploited through several security mitigation technologies, thereby reducing exploits from this vulnerability.


Cyber threats can have profound effects on companies. Trend Micro urges all IE users to stay vigilant and migrate away from Windows XP to a supported operating system, while ensuring their systems are always protected as they prepare for enterprise-wide migration.

For latest updates on CVE-2014-1776, please visit: http://blog.trendmicro.com/trendlabs-security-intelligence/internet-explorer-zero-day-hits-all-versions-in-use/

About Trend Micro

Trend Micro Incorporated, a global leader in security software, strives to make the world safe for exchanging digital information. Built on 25 years of experience, our solutions for consumers, businesses and governments provide layered data security to protect information on mobile devices, endpoints, gateways, servers and the cloud. Trend Micro enables the smart protection of information, with innovative security technology that is simple to deploy and manage, and fits an evolving ecosystem. All of our solutions are powered by cloud-based global threat intelligence, the Trend Micro™ Smart Protection Network™ infrastructure, and are supported by over 1,200 threat experts around the globe. For more information, visit TrendMicro.com.


Connect with us on