Host IPS 8.0 Signature Coverage for CVE-2014-4114.

Related Microsoft MS14-060 security update.

 

McAfee has tested the following Host IPS 8.0 custom signature, which can be created to protect against this vulnerability:

 

Rule {

Class Program

Id 4001

level 4

Executable { Include { -path "*\\POWERPNT.EXE"  } { -path "*\\excel.EXE"  } { -path "*\\winword.EXE"  } }

Target_Executable { Include { -path "*\\InfDefaultInstall.exe" }}

directives program:run

}

 

Please copy this custom signature into the Expert IPS SubRule properties syntax when creating a new custom signature for this vulnerability.