Hi Does anyone know if MVM has any signatures to look for Shadow Brokers vulnerabilities.
I know I can search for CVE's if they exist but rather than just look for CVE's and MS numbers it would be good to be able to have these vulnerabilities bunched together.
Since this vulnerability was noted back in March Microsoft Claims To Have Patched Shadow Brokers-Exposed Windows Flaws -- Redmondmag.com
MVM should have an updated MS list: KB McAfee Corporate KB - MVM Approved Microsoft Update List contains patches not installed on the Vulne...
I understand this, but for the ESTEEMAUDIT vulnerability there is currently no MS patch but we know it affects Win XP and Win2003 Server?
Should there not be a signature released that looks for the presence of both server version and presence of RDP services?
"Of the three remaining exploits, "EnglishmanDentist", "EsteemAudit", and "ExplodingCan", none reproduces on supported platforms, which means that customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk. Customers still running prior versions of these products are encouraged to upgrade to a supported offering."
There should be a signature release; yet it doesn't appear MS will be releasing a patch for unsupported versions.
Not that familiar with McAfee Vulnerability Manager; rereading KB72224 - "... all appliances are directed to use the same Windows Update Server that is managed by McAfee. This server contains all approved patches for all MVM appliances...." If you require a Microsoft patch/signature that is not on the update list, contact McAfee Technical Support. - they may be able to assist in the creation of a signature.
I'm not talking about patches on the MVM, I am asking about a signature used by the MVM to search the estate for the EsteemAudit vulnerability?
I have raised a support case with McAfee.