×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
hafcanadian
Former Member
Message 1 of 29

Microsoft breach

Jump to solution

I noted in Reuters this afternoon an article about a large breach of Microsoft products via IE, and that MS was scrambling to provide protection for its operating systems customers, with the exception of Windows XP.  One of my computers still uses XP, but hasn't been turned on today.   When I went to check for McAfee updates on my Vista computer, I couldn't get McAfee to respond when selecting either the desktop shortcut or from the Programs folder.  The icon had disappeared from the taskbar.   I turned off the internet modem and restarted the Vista computer and it took forever to get fully back up.  But this time the McAfee loaded and was responsive.  Updates were current.

So I went back on the internet, rechecked for updates and all was fine, and so came here.  I'm asking if McAfee's Personal Firewall Plus, via MSN subscription, includes adjustments and protection from hacker attacks such as this most recent one affecting IE users.  Most importantly, since Microsoft no longer supports patching of their XP products, does my McAfee PFPlus take on that task so my XP computer can still be used online?

Thanks,

hafcanadian

1 Solution

Accepted Solutions
exbrit
MVP
MVP
Message 29 of 29

Re: Microsoft breach

Jump to solution

I also heard back from my contact at McAfee Labs.

These are 2 documents that were published yesterday on this topic.

http://blogs.mcafee.com/mcafee-labs/product-coverage-mitigation-cve-2014-1776-microsoft-internet-exp...

https://community.mcafee.com/docs/DOC-5897 (McAfee Labs Security Advisory: MTIS14-066)

Customers subscribed to the MTIS Advisories would have got an mail with McAfee Product coverage.

At which juncture and as this is someone else's thread that had previously been marked as answered, I will now lock it.

.

Message was edited by: Ex_Brit on 29/04/14 6:28:58 EDT AM

View solution in original post

28 Replies
Hayton
Reliable Contributor
Reliable Contributor
Message 2 of 29

Re: Microsoft breach

Jump to solution

You're referring to CVE-2014-1776. This is a remote code execution vulnerability affecting IE6 to IE11,and Microsoft issued this advisory about it yesterday. According to Brian Krebs the exploit uses a Flash exploitation technique to bypass Windows security protections, and EMET 4.1 should be of some use in preventing it from being successful (although maybe not on XP).

When they issue a fix for it, of course, it won't be issued to XP users (except for any government or large organisation which has paid huge amounts for special treatment).

Continuing to run XP will become more risky as time goes on, even with McAfee protection. You might be okay a while longer if you use a browser other than IE and only visit a limited number of trusted websites

exbrit
MVP
MVP
Message 3 of 29

Re: Microsoft breach

Jump to solution

Yes it provides the latest protection updates.   Nothing however is perfect no matter what brand, but as long as you are careful where you surf and what you download you should be OK and most importantly, keep all aspects of Windows up to date.

Vista should be SP2 and your Internet Explorer version should be 9 (whether ot not you use IE it's important to keep it and all its add-ons up to date).

XP should be SP3 and have IE8 installed.  Once again though you may choose to use another browser, that's your choice.

Microsoft stopped supporting XP on 14 April but did provide several patches for it on the update Tuesday as it's called, 8 April.    McAfee will continue to support XP SP3 until sometime in 2015.

hafcanadian
Former Member
Message 4 of 29

Re: Microsoft breach

Jump to solution

I've had both Windows/Microsoft and McAfee set for automatic updates for some time, though it occasionally bogs down Vista if it updates while I'm doing something else.  It can really slow down what I do on XP, so I recently went to manual McAfee updates on that one, running them between tasks as alerted to their availability.

So I'm going to presume that MSN Explorer is no more secure than IE, since I understand it to be basically a user-friendly mask over the underlying IE?  How about Windows Live? Bummer because we've used MSN since 1995 and haven't seen a browser we like better.  Of note here is that our McAfee is by way of our MSN subscription.

I may just fix it all by going MAC to replace the old 2002 Dell XP - the Safari browser on our iPad isn't all that bad though we still like MSN Explorer, and relatives have been pushing me to switch to MAC for several years anyway.  Just hate having to take time away from life to learn new stuff again.  On the other hand, the XP and Vista are so slow compared to MAC, life's time is increasingly lost bigtime there.

hafcanadian

(nice avatar Peter!)

Hayton
Reliable Contributor
Reliable Contributor
Message 5 of 29

Re: Microsoft breach

Jump to solution

Ex_Brit wrote:

McAfee will continue to support XP SP3 until sometime in 2015.

McAfee and many other anti-virus product vendors. Here is the latest list of those vendors from AVTest :

the-end-is-nigh-for-windows-xp-these-anti-virus-software-products-will-continue-to-protect-xp-after

No end of support announced; support available for at least 2 more years (1)

(1) These manufacturers have not yet announced the cancellation of their support for these products on Windows XP systems but have instead stated that they will continue to provide support for this platform for at least two more years.

Hayton
Reliable Contributor
Reliable Contributor
Message 6 of 29

Re: Microsoft breach

Jump to solution

hafcanadian wrote:

So I'm going to presume that MSN Explorer is no more secure than IE, since I understand it to be basically a user-friendly mask over the underlying IE? 

MSN Explorer is just a graphics-enhanced version of internet Explorer. Both use the Trident layout engine. MSN Explorer can be considered an Internet Explorer shell - an alternative interface for IE - so any security vulnerabilities found in IE will generally also apply to MSN Explorer.

epository
Former Member
Message 7 of 29

Re: Microsoft breach

Jump to solution

symantec is reporting it has a signature for it via signature Bloodhound.Exploit.552........but McAfee is saying absolutely nothing....ridiculous.

catdaddy
MVP
MVP
Message 8 of 29

Re: Microsoft breach

Jump to solution

Hi epository,

            Welcome to the McAfee Communities. This particular exploit is generally associated with Add-ons being out of date, Adobe Flash Player in particular. Please make certain you are current and up to date with all of your Window Updates as well.

               To include Internet Explorer as well, even if you choose to not use it, for Mcafee does.

             Try running a Full Scan as well. There are also Superb Free tools recommended, listed under the last link in my Signature.

                All the very Best,

Cliff
McAfee Volunteer
exbrit
MVP
MVP
Message 9 of 29

Re: Microsoft breach

Jump to solution

Every A/V company calls these threats by different names for proprietary reasons, so who know if McAfee has it covered or not.  Without the original detection name(s) I wouldn't be able to check.

Here's the main labs page http://www.mcafee.com/us/mcafee-labs.aspx

All I know is the McAfee is now almost top of the A/V polls for protection http://www.av-comparatives.org/wp-content/uploads/2014/04/avc_fdt_201403_en.pdf

That all said,NO A/V is perfect nor maintains to be. no matter what brand.

The answer here is, if you don't like IE switch to another browser.

Message was edited by: Ex_Brit on 28/04/14 6:24:43 EDT AM
epository
Former Member
Message 10 of 29

Re: Microsoft breach

Jump to solution

I dont expect McAfee to have a solution within 30 seconds of a Zero-Day...but I at least expect its Threat Center to acknowleged it like TrendMicro and Symantec.

So suggestions to not use IE....not really viable since I work in an environment over 10 computers.

Upgrade Adobe Flash....not exactly how the exploit works.

So, informed and viable suggestions are welcome.

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community