cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
catdaddy
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 11 of 29

Re: Microsoft breach

Jump to solution

Please kindly read the following topic from (Symantec) it is HERE

And most recently (April 28/2014....here

Message was edited by: catdaddy on 4/28/14 6:10:02 AM CDT
Cliff
McAfee Volunteer
epository
Level 10
Report Inappropriate Content
Message 12 of 29

Re: Microsoft breach

Jump to solution

Um....I have read this article and about 10 others....how does this even begin to address the issue? 

I am looking for McAfee to step up here.....not just stick its head in the sand like an ostrich.

The articles you linked are very general, and dont have much to do with McAfee...and the Flashplayer version is not the issue here.

I am not frustrated with you, but rather McAfee's unwillingness to even acknowlege the issue and give some sort of update.

So, thanks for the links, but informing my customer that the need to use complex passwords, pathc regularly,  and block .exe's in emails isn't exactly going to reassure them the threat has been mitigated.

catdaddy
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 13 of 29

Re: Microsoft breach

Jump to solution

Hi epository,

               Please know that I in no way was trying to be disrespectful. Also, never construed your comments to me as such, either. I sincerely meant to show that this a detection that is a recent one, and seemingly evolving. (In the Wild)

               Having said this..I agree fully that this is not associated with "Bloodhound.Exploit52"-ref Flash Player. I am confident that McAfee will have a Specific Detection Classification in short time. You could possibly expedite this process by either submitting said Detection to McAfee Labs, or possibly run the McAfee Getsusp Tool which can be found in the second link below my Signature.

                Please make certain you submit your Email Address under "Preferences", before scanning.

                After scanning,you should receive a notification , with a (Work Item #) informing you that the detection is being analyzed.

Respectfully,

Cliff
McAfee Volunteer
epository
Level 10
Report Inappropriate Content
Message 14 of 29

Re: Microsoft breach

Jump to solution

Symantec's definition for Bloodhound.Exploit.552 specifically references CVE 2014-1776 which is the exploit in question.  It uses a .swf file to run the Heap Feng Shui attack.

I dont have any samples as McAfee doesnt seem to have a definition for this nor has it released any news whatsoever as to what this exploit would trigger in HIPS.

There is just a total absence of information from McAfee on this subject.

We will try to mitigate this by blocking Flash, updating EMET, maybe a script to unregister the VML.dll...but Mcafee should be issuing some sort of response to at least show they are tracking this.

Its been 48 hours since it was released and they have said absolutely ZERO.....does anyone else find that unacceptable?

catdaddy
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 15 of 29

Re: Microsoft breach

Jump to solution

I see that you seemed to have taken the appropiate measures. I feel that I must "Step back " from this topic, as you were in very capable hands to begin with......

I might add that you may find this particular article in regards to the "Heapfengshui-Attack" interesting. HERE

Wishing you all the very best,

Message was edited by: catdaddy on 4/28/14 7:03:45 AM CDT
Cliff
McAfee Volunteer
Hayton
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 16 of 29

Re: Microsoft breach

Jump to solution

@epository

   If you're in a commercial environment this is perhaps not the best place to be looking for news of an official McAfee response to the vulnerability since you're posting to the Consumer section. I get the Advisories soon after they're released and I haven't seen anything yet; all I know is what FireEye and Microsoft have said about it.

Edit - I see you're also asking about this in GTI/Breaking Security News.

If an Advisory is released you will see it in https://community.mcafee.com/community/security/gti/mtis : to get an early indication of when this might be you should probably post a question in Business General Discussion.

Edit - FireEye state that this vulnerability can be countered by disabling the Flash plugin in Internet Explorer.

Message was edited by: Hayton on 28/04/14 13:15:02 IST

Message was edited by: Hayton on 28/04/14 13:26:33 IST

Re: Microsoft breach

Jump to solution

I'm sure they are aware of and have acted upon any such threat.   We would be the last to know about it as we have no more access to their database than you do.

Just because it's not up in the headlines doesn't mean they haven't acted upon it.

10 computers, are you using home products or Enterprise?

Re: Microsoft breach

Jump to solution

Bloodhound Exploit was mentioned...that has been around for years in many variants and McAfee has always patched that under various other names, Google will help there.

Message was edited by: Ex_Brit on 28/04/14 8:48:09 EDT AM
epository
Level 10
Report Inappropriate Content
Message 19 of 29

Re: Microsoft breach

Jump to solution

Sort of a moot point since McAfee hasnt bothered to address or even acknowlege the issue....I might as well be posting on the Home Depot forums for all the response McAfee has given this pretty high-profile exploit...I mean, they Washington Times is covering it.

Re: Microsoft breach

Jump to solution

You keep saying McAfee hasn't bothered to do anything, how do you know?  I certainly don't and asking the community will not get you an answer.  Plus you are posting in several spots. Please stick with 1 thread - this one:  https://community.mcafee.com/message/329378#329378

Originally you've been posting in Enterprise so you really should not be asking in the Consumer section anyway.  This area is for help with consumer software not threats.

Thread locked.

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community