Tuesday, September 18, 2012 4:48 PM
I'm not sure that this is what it is actually called, but our IT Director read an article (actually several articles) about a "Zero-Day" vulnerability that he is very concerned about. We were recently infected with some sort of spam virus that was sending out emails and (to make a long story short), caused us to get blacklisted which created a huge 2 week long headache. The articles are suggesting an EMET deploy which is WAY above my head and/or to stop using Internet Explorer.
My question is, are there any actions being taken to protect from this, is it a legitimate concern, and would a fix come through a Windows Update/Forefront definition update?
Wednesday, September 19, 2012 5:50 AMThis question has been asked now over 13 hours and there is still no action or answer. I am realy astonished, how quick Moderaters are. Guys! we are waiting
- Edited by AMIKHAN Wednesday, September 19, 2012 5:51 AM
Wednesday, September 19, 2012 4:21 PM
Can you give a link to the thread youre talking about pls, i cant find it.
My FW has a sig for this but i want to make sure forefront has one too.
Normally when i check i search for the CVE (in this case: CVE-2012-4969) on the forefront site encyclopedia
Thursday, September 20, 2012 2:16 AMModerator
Don't worry. Keep your FEP with latest definition and it could protect your computers from this vulnerability.
Symantec could detect the exploit four components. FEP definitions also could detect them as:
Exploit.html -> Exploit:Win32/Dufmoh.A
Moh2010.swf -> Exploit:SWF/Dufmoh.A
The Protect.html -> Exploit:SWF/Dufmoh.B
Payload -> Backdoor:Win32/Poison.BR
On the other hand, Microsoft Security Advisory (2757760) update to v1.1 include Vulnerability CVE-2012-4969 and EMET workaround.
If there are more inquiries on this issue, please feel free to let us know.
TechNet Community Support
- Marked As Answer by Rick TanModerator Tuesday, September 25, 2012 3:02 AM
Thursday, September 20, 2012 7:55 PM
So, I dont run symantec, only forefront. does frorefront use symantec sigs? is there an eta for a forefront sig?
btw: good job on microsoft for geting a fixit out already and a patch comming tomorrow.
Friday, September 21, 2012 3:04 AMModerator