Um....I have read this article and about 10 others....how does this even begin to address the issue?
I am looking for McAfee to step up here.....not just stick its head in the sand like an ostrich.
The articles you linked are very general, and dont have much to do with McAfee...and the Flashplayer version is not the issue here.
I am not frustrated with you, but rather McAfee's unwillingness to even acknowlege the issue and give some sort of update.
So, thanks for the links, but informing my customer that the need to use complex passwords, pathc regularly, and block .exe's in emails isn't exactly going to reassure them the threat has been mitigated.
Hi epository,
Please know that I in no way was trying to be disrespectful. Also, never construed your comments to me as such, either. I sincerely meant to show that this a detection that is a recent one, and seemingly evolving. (In the Wild)
Having said this..I agree fully that this is not associated with "Bloodhound.Exploit52"-ref Flash Player. I am confident that McAfee will have a Specific Detection Classification in short time. You could possibly expedite this process by either submitting said Detection to McAfee Labs, or possibly run the McAfee Getsusp Tool which can be found in the second link below my Signature.
Please make certain you submit your Email Address under "Preferences", before scanning.
After scanning,you should receive a notification , with a (Work Item #) informing you that the detection is being analyzed.
Respectfully,
Symantec's definition for Bloodhound.Exploit.552 specifically references CVE 2014-1776 which is the exploit in question. It uses a .swf file to run the Heap Feng Shui attack.
I dont have any samples as McAfee doesnt seem to have a definition for this nor has it released any news whatsoever as to what this exploit would trigger in HIPS.
There is just a total absence of information from McAfee on this subject.
We will try to mitigate this by blocking Flash, updating EMET, maybe a script to unregister the VML.dll...but Mcafee should be issuing some sort of response to at least show they are tracking this.
Its been 48 hours since it was released and they have said absolutely ZERO.....does anyone else find that unacceptable?
I see that you seemed to have taken the appropiate measures. I feel that I must "Step back " from this topic, as you were in very capable hands to begin with......
I might add that you may find this particular article in regards to the "Heapfengshui-Attack" interesting. HERE
Wishing you all the very best,
Message was edited by: catdaddy on 4/28/14 7:03:45 AM CDT@epository
If you're in a commercial environment this is perhaps not the best place to be looking for news of an official McAfee response to the vulnerability since you're posting to the Consumer section. I get the Advisories soon after they're released and I haven't seen anything yet; all I know is what FireEye and Microsoft have said about it.
Edit - I see you're also asking about this in GTI/Breaking Security News.
If an Advisory is released you will see it in https://community.mcafee.com/community/security/gti/mtis : to get an early indication of when this might be you should probably post a question in Business General Discussion.
Edit - FireEye state that this vulnerability can be countered by disabling the Flash plugin in Internet Explorer.
Message was edited by: Hayton on 28/04/14 13:15:02 IST
Message was edited by: Hayton on 28/04/14 13:26:33 ISTI'm sure they are aware of and have acted upon any such threat. We would be the last to know about it as we have no more access to their database than you do.
Just because it's not up in the headlines doesn't mean they haven't acted upon it.
10 computers, are you using home products or Enterprise?
Bloodhound Exploit was mentioned...that has been around for years in many variants and McAfee has always patched that under various other names, Google will help there.
Message was edited by: Ex_Brit on 28/04/14 8:48:09 EDT AMSort of a moot point since McAfee hasnt bothered to address or even acknowlege the issue....I might as well be posting on the Home Depot forums for all the response McAfee has given this pretty high-profile exploit...I mean, they Washington Times is covering it.
You keep saying McAfee hasn't bothered to do anything, how do you know? I certainly don't and asking the community will not get you an answer. Plus you are posting in several spots. Please stick with 1 thread - this one: https://community.mcafee.com/message/329378#329378
Originally you've been posting in Enterprise so you really should not be asking in the Consumer section anyway. This area is for help with consumer software not threats.
Thread locked.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: