i had also logged a case with McAfee support regarding this cve 2014-1776, and tried to call them, been put on hold for a long time, no respond from them.
Yes the support portal would be the best ones to push on this question. I realise they are busy. The examples I posted were merely to show that McAfee does act quickly on such things as such exploits are nothing new....I'm sure they are working on this one as we speak. Anyway, I'm on the consumer side and only a volunteer here, so I can only hope that someone from the company chimes in here.
Ex_Brit & Haydon...
I guess that is the exact point - there isn't a posting on the threat advisory web site that they are working on this. As it turns out my account rep directed me to the McAfee Labs Security Advisories mailing list. I was just looking for an acknowledgment from McAfee that they are working on this. Its sort of tough telling management 'I think McAfee is looking at this'... Now that I am on the mailing list hopefully I will get that information I need for questions I'm being asked about this. It would be helpful if they put the 'we are looking into this' on their web site too to prevent this sort of discussion.
I'm afraid I don't know anyone who deals with Enterprise/Consumer advisories so can't pull strings, sorry.
I will try someone who deals with the antivirus database to see if they know anything, however.
Message was edited by: Ex_Brit on 28/04/14 10:41:39 EDT AM
Well, nearly 72 hours in and Symantec has a signature, but McAfee apparenly cant be bothered to even acknowlege the issue....but don't worry, the have the "I Love You" virus well in hand.
I'll play Devil's advocate here.
McAfee isn't the only one without a peep about a signature (as of Apr28th)
Adobe have issued an Advisory. Curiously, they give a different CVE reference - CVE-2014-0515
So just apply the emergency Flash update.
Message was edited by: Hayton on 28/04/14 20:20:11 ISTMessage was edited by: Hayton on 28/04/14 20:24:31 IST
Unless I am mistaken, these are two separate zero-days... One for IE and one for Flash, no?
Just apply the emergency Flash update.
Of course. My mistake. It's been one of those days Their Advisory says the notification came from Kaspersky, and the CVE number is different (which I did at least notice). So this is still open awaiting word from McAfee.