cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
epository
Level 10
Report Inappropriate Content
Message 51 of 59

Re: cve 2014-1776 IE Zero Day Exploit - Any News from McAfee??

You mean like the Mcafee security blog?  Not a lot of answers there either.  But a great idea for  100k  Mcafee admins worldwide to call the support number for answers.

Re: cve 2014-1776 IE Zero Day Exploit - Any News from McAfee??

There's just nothing that pleases you in this world is there?

epository
Level 10
Report Inappropriate Content
Message 53 of 59

Re: cve 2014-1776 IE Zero Day Exploit - Any News from McAfee??

Its just very few of ur posts have been informative..we need answers and not mcafee apologists asuring us all is well....I work for the DOD..my customer wants clear answers..Mcafees driblets of information were certainly incomplete and often misleading....do u disagree...do u think their security blog entry is chock full o' facts?  Do u think Mcafees response was timely when compared with Symantec?  I wouldooove to see ur defense.

Re: cve 2014-1776 IE Zero Day Exploit - Any News from McAfee??

I realise that and I am merely a user (consumer side though) like you so our purpose is merely to point people to where the info may be.   As far as we have been told the patch has been issued but I agree the wording attached to it is vague.   The portal would know best and if you can't find that info there, then I apologise but nothing I can do about that.

I did ask someone to lend a hand here.....and am hoping they do.

Re: cve 2014-1776 IE Zero Day Exploit - Any News from McAfee??

We are TESTING the out-of-band emergency update Microsoft release today.

Communication is key.  The SNS on 4/29 said nothing about the 7423 DAT ONLY working with CLS and Stinger.  After making a big stink, assuring my customers they were protected (see my previous message w/ SS)  until MS released a patch (whenever), spending hours of my time and theirs and my reputation....

Now the SNS released TODAY 5/1 says - "...7423...provide coverage for perimeter/gateway product and the csl.  Full detection capabilities across all products will be released in the 7428 DAT..."

Someone messed up and is not admitting it.  Poor communication!

Point Gun 2 Head

Pull Trigger

After checking and removing all bullets

Read all instructions 1st then Follow

Its not Rocket Surgery....I've been doin this crap for 30 years....and yeah people make mistakes but come on....either its covered or its not.


Re: cve 2014-1776 IE Zero Day Exploit - Any News from McAfee??

Well I'm not McAfee and I have asked them to post in this thread.

SafeBoot
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 57 of 59

Re: cve 2014-1776 IE Zero Day Exploit - Any News from McAfee??

epository - please calm down a bit and absolutely, don't slap the voulenteer moderators - this is NOT McAfee Support, in fact, with few exceptions McAfee people steer clear of this forum because its for customers, by customers - we don't control it, and in fact almost all moderation (in fact it might indeed be all) is handled by non-employees like Ex_Brit.

If you want formal, timely support, walk over to your RSAM, call your Platinum support engineer, or log a ticket with Gold Support - they will follow the SLA process your company has singed up to and get you the information you need.

If you want the advice and opinion of your fellow users, post here.

Looking at MTIS 67,68,69, HIPS users had zero day coverage thanks to BOP protection, and as others have said DATs will be released on May 4th which will identify specific use of this exploit - as it's not coverage for a piece of malware, there is a LOT more testing which needs to be done to ensure we don't blow your machines up by falsing.

Reading between the lines (and I could be wrong because) it would seem Symantec had to release a sig to get any protection, whereas McAfee HIPS was already protecting people? If that's true of course, all your angst was about communcation over something you were already protected from (If you use HIPS of course).

So far this looks like just another buffer overflow attack which HIPS has always given zero day coverage for.

Message was edited by: SafeBoot on 5/1/14 8:11:39 PM EDT
epository
Level 10
Report Inappropriate Content
Message 58 of 59

Re: cve 2014-1776 IE Zero Day Exploit - Any News from McAfee??

SafeBoot,

Thank you for your concern for my angst, however, I was getting called into meetings all day Monday fielding questions as to what protection EPO was going to be able to provide.

At that time, McAfee hadn't even acknowleged the threat....should I have told my customer to just "trust Mcafee" that HIPS is "expected" to catch it?  Do you think their response was timely and thorough and well-disseminated?

Now, as to your assertions that HIPS had everything under control...the Security Blog states that it is "EXPECTED" to catch it....it doesnt even give the signature number.

And yes, I like to crowdsource my information hence using this forum...because if I relied on McAfee's Security Blog, I would still not be able to give the customer much reassurance.  And the initial mention of the DAT 7423 omitted that it would not work with VSE 8.8.

So...the information you provided here is great, something I could actually tell the customer, but its a day late and a dollar short and really should have been posted on the Security Blog.

charlie_m
Level 7
Report Inappropriate Content
Message 59 of 59

Re: cve 2014-1776 IE Zero Day Exploit - Any News from McAfee??

There are two drivers included and fully exposed in dailyDATs:

  1. Exploit-SWF included since 7426.
  2. Exploit-CVE2014-1776 since 7428.

There is a third driver, SWF/Exploit-CVE-2014-1776 that will be unrestricted tomorrow/Friday, exposed to cls, Stinger and ODS today.


Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community