Poison Ivy Zero-Day Vulnerability
-
Tuesday, September 18, 2012 4:48 PM
I'm not sure that this is what it is actually called, but our IT Director read an article (actually several articles) about a "Zero-Day" vulnerability that he is very concerned about. We were recently infected with some sort of spam virus that was sending out emails and (to make a long story short), caused us to get blacklisted which created a huge 2 week long headache. The articles are suggesting an EMET deploy which is WAY above my head and/or to stop using Internet Explorer.
My question is, are there any actions being taken to protect from this, is it a legitimate concern, and would a fix come through a Windows Update/Forefront definition update?
All Replies
-
Wednesday, September 19, 2012 5:50 AMThis question has been asked now over 13 hours and there is still no action or answer. I am realy astonished, how quick Moderaters are. Guys! we are waiting
MAK
- Edited by AMIKHAN Wednesday, September 19, 2012 5:51 AM
-
Wednesday, September 19, 2012 4:21 PM
AMIKHAN:
Can you give a link to the thread youre talking about pls, i cant find it.
My FW has a sig for this but i want to make sure forefront has one too.
Normally when i check i search for the CVE (in this case: CVE-2012-4969) on the forefront site encyclopedia
http://www.microsoft.com/security/portal/Definitions/ADL.aspx
-
Thursday, September 20, 2012 2:16 AMModerator
Hi,
Don't worry. Keep your FEP with latest definition and it could protect your computers from this vulnerability.
Symantec could detect the exploit four components. FEP definitions also could detect them as:
Exploit.html -> Exploit:Win32/Dufmoh.A
Moh2010.swf -> Exploit:SWF/Dufmoh.A
The Protect.html -> Exploit:SWF/Dufmoh.B
Payload -> Backdoor:Win32/Poison.BR
http://www.symantec.com/connect/blogs/new-internet-explorer-zero-day-vulnerability-exploited-wildOn the other hand, Microsoft Security Advisory (2757760) update to v1.1 include Vulnerability CVE-2012-4969 and EMET workaround.
http://technet.microsoft.com/en-us/security/advisory/2757760If there are more inquiries on this issue, please feel free to let us know.
Regards
Rick Tan
TechNet Community Support
- Marked As Answer by Rick TanModerator Tuesday, September 25, 2012 3:02 AM
-
Thursday, September 20, 2012 7:55 PM
Thanks Rick
So, I dont run symantec, only forefront. does frorefront use symantec sigs? is there an eta for a forefront sig?
btw: good job on microsoft for geting a fixit out already and a patch comming tomorrow.
-
Friday, September 21, 2012 3:04 AMModerator
Hi,
FEP have already added exploit detection into definitions by itself not by Symantec.
Regards
Rick Tan
TechNet Community Support
.png)
