Newsfeed
Nachrichtenbote
Now that we got our hands on a sample of the latest Word zero-day exploit (CVE-2014-1761), we can finally address a frequently asked question: does F-Secure protect against this threat? To find out the answer, I opened the exploit on a system protected with F-Secure Internet Security 2014, and here is the result:
IS2014 blocked the threat using the exploit interception feature introduced in DeepGuard version 5. The best part is that we did not need to add or modify anything the zero-day was blocked by the exact same detection that was included already in the initial release of DeepGuard 5 in June 2013. This means that our users were protected against this threat long before we even got a sample, and also several months before the attack was reported by Microsoft. DeepGuard 5 shows the power of proactive, behavior based protection [URL='http://www.f-secure.com/weblog/archives/00002637.html']again (and again).
Microsoft will release a patch for the vulnerability on Tuesday April 8, 2014. In the meantime, you should check the mitigations and workarounds Microsoft recommends.
We have also added a generic detection Exploit:W32/CVE-2014-1761.A to detect the exploit before the document is opened.
Exploit SHA1: 200f7930de8d44fc2b00516f79033408ca39d610
Post by Timo
On 04/04/14 At 09:36 PM
[/URL]
Weiterlesen...
IS2014 blocked the threat using the exploit interception feature introduced in DeepGuard version 5. The best part is that we did not need to add or modify anything the zero-day was blocked by the exact same detection that was included already in the initial release of DeepGuard 5 in June 2013. This means that our users were protected against this threat long before we even got a sample, and also several months before the attack was reported by Microsoft. DeepGuard 5 shows the power of proactive, behavior based protection [URL='http://www.f-secure.com/weblog/archives/00002637.html']again (and again).
Microsoft will release a patch for the vulnerability on Tuesday April 8, 2014. In the meantime, you should check the mitigations and workarounds Microsoft recommends.
We have also added a generic detection Exploit:W32/CVE-2014-1761.A to detect the exploit before the document is opened.
Exploit SHA1: 200f7930de8d44fc2b00516f79033408ca39d610
Post by Timo
On 04/04/14 At 09:36 PM
[/URL]
Weiterlesen...