On April 26, Microsoft released Security Advisory 2963983 for Microsoft Internet Explorer. In-the-wild exploitation of this vulnerability has been observed across limited, targeted attacks. The flaw is specific to a use-after-free vulnerability in VGX.DLL (memory corruption). Successful exploitation can give an attacker the ability to run arbitrary code (via remote code execution). The flaw affects the following:
- Microsoft Internet Explorer 6
- Microsoft Internet Explorer 7
- Microsoft Internet Explorer 8
- Microsoft Internet Explorer 9
- Microsoft Internet Explorer 10
- Microsoft Internet Explorer 11
Current McAfee Product Coverage and Mitigation
- McAfee Vulnerability Manager: The FSL/MVM package of April 28 includes a vulnerability check to assess if your systems are at risk.
- McAfee VirusScan (AV): The 7423 DATs (release date April 29, 2014) provide coverage for perimeter/gateway products and the command-line scanner-based technologies. Full detection capabilities, across all products, will be released in the 7428 DAT update (release date May 4, 2014).
- McAfee Web Gateway (AV): The 7423 DATs (release date April 29, 2014) provide coverage.
- McAfee Network Security Platform (NIPS): The UDS Release of April 28 contains detection.
- Attack ID: 0x4512e700
- Name: “UDS-HTTP: Microsoft Internet Explorer CMarkup Object Use-After-Free vulnerability”
- McAfee Host Intrusion Prevention (HIPS): Generic buffer overflow protection is expected to cover code execution exploits.
- McAfee Next Generation Firewall (NGFW): Update package 579-5211 (released April 29, 2014) provides detection.
- McAfee Application Control: McAfee Application Control provides coverage via the MP-CASP feature. Whitelisting will also prevent post exploitation behavior (ex: execution of dropped executables or the loading of dropped dlls.)
Resources
- https://technet.microsoft.com/library/security/2963983
- http://blogs.technet.com/b/srd/archive/2014/04/26/more-details-about-security-advisory-2963983-ie-0day.aspx
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1776
- http://www.kb.cert.org/vuls/id/222929
The post Product Coverage and Mitigation for CVE-2014-1776 (Microsoft Internet Explorer) appeared first on McAfee.