McAfee Coverage of the Microsoft Emergency Release
Thursday October 23, 2008 at 1:50 pm CST
Posted by David Marcus
Due to the MS08-067 out-of-cycle release from Microsoft today we are in the process of releasing emergency DATs/coverage updates for many of our products and technologies. We are also working on an emergency Security Advisory as well.
Current state for each of the content areas is as follows:
Malware - Emergency DAT cut and testing in progress. ETA of 2 - 3 hours.
HIPS - Generic buffer overflow should provide coverage.
Intrushield - Partial existing coverage. Additional emergency sigset releasing today.
Foundstone - Emergency signatures being released today.
V-Flash - Emergency signatures being released today.
MNAC - Emergency signatures being released today.
VirusScan Enterprise BOP - Should provide coverage for the buffer overflow.
We will continue to monitor this critical event to provide the most comprehensive coverage we can.
October 24th, 2008 at 08:25
After testing with PoC vulnerability code for this issue, I have found that existing HIPS signatures cover this issue with signature ID 3768, “Windows Server Service Buffer Overflow Vulnerability (Tighter Security)”, resulting in a Prevent action by default.
This is due to the similarity between MS08-067 and the MS06-040 this signature originally covered.
October 24th, 2008 at 10:18
[...] and Spy-Agent.da.dll are now detected using the current 5414 DATs. SeeDave’s blog for McAfee’s [...]
October 27th, 2008 at 11:57
[...] and Spy-Agent.da.dll are now detected using the current 5414 DATs. See Dave’s blog for McAfee’s [...]
November 3rd, 2008 at 06:30
After testing a PoC vulnerability exploit against a Windows XP computer with SP3 and DEP enabled, I found that VirusScan 8.x buffer overflow protection also blocks the exploit attack.
December 16th, 2008 at 17:28
[...] According to Dave Marcus, director of security research and communications for McAfee’s Avert Labs (as noted in a piece today on cnet) IE users can potentially get infected in two ways. First, when [...]
December 16th, 2008 at 21:41
[...] The risk is believed to be widespread, given that IE 7 is the latest version of Microsoft’s browser and is bundled with XP service pack 3 and also Vista, said Dave Marcus, director of security research and communications for McAfee’s Avert Labs. [...]
December 16th, 2008 at 21:56
[...] The risk is believed to be widespread, given that IE 7 is the latest version of Microsoft’s browser and is bundled with XP service pack 3 and also Vista, said Dave Marcus, director of security research and communications for McAfee’s Avert Labs. [...]
December 16th, 2008 at 23:57
[...] According to Dave Marcus, director of security research and communications for McAfee’s Avert Labs (as noted in a piece today on cnet) IE users can potentially get infected in two ways. First, when [...]
December 17th, 2008 at 00:23
[...] The risk is believed to be widespread, given that IE 7 is the latest version of Microsoft’s browser and is bundled with XP service pack 3 and also Vista, said Dave Marcus, director of security research and communications for McAfee’s Avert Labs. [...]
December 17th, 2008 at 16:06
[...] pack 3 şi Vista, a spus Dave Marcus, Director of Security Research and Communications, de la Avert Labs, din cadrul [...]