cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
grae
Level 7
Report Inappropriate Content
Message 1 of 8

Shadow Brokers Vulnerabilities

Hi Does anyone know if MVM has any signatures to look for Shadow Brokers vulnerabilities.

I know I can search for CVE's if they exist but rather than just look for CVE's and MS numbers it would be good to be able to have these vulnerabilities bunched together.

7 Replies
Reliable Contributor catdaddy
Reliable Contributor
Report Inappropriate Content
Message 2 of 8

Re: Shadow Brokers Vulnerabilities

Discussion successfully moved from Community Support to Vulnerability Manager (Foundstone)

Cliff
McAfee Volunteer
Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 3 of 8

Re: Shadow Brokers Vulnerabilities

grae
Level 7
Report Inappropriate Content
Message 4 of 8

Re: Shadow Brokers Vulnerabilities

I understand this, but for the ESTEEMAUDIT vulnerability there is currently no MS patch but we know it affects Win XP and Win2003 Server?

Should there not be a signature released that looks for the presence of both server version and presence of RDP services?

Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 5 of 8

Re: Shadow Brokers Vulnerabilities

"Of the three remaining exploits, "EnglishmanDentist", "EsteemAudit", and "ExplodingCan", none reproduces on supported platforms, which means that customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk. Customers still running prior versions of these products are encouraged to upgrade to a supported offering."

There should be a signature release; yet it doesn't appear MS will be releasing a patch for unsupported versions.

grae
Level 7
Report Inappropriate Content
Message 6 of 8

Re: Shadow Brokers Vulnerabilities

So MVM only looks for Vulnerabilities on supported OS's?

A vulnerability exists regardless of whether the system is supported or not?

Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 7 of 8

Re: Shadow Brokers Vulnerabilities

Not that familiar with McAfee Vulnerability Manager; rereading KB72224 - "... all appliances are directed to use the same Windows Update Server that is managed by McAfee. This server contains all approved patches for all MVM appliances...."  If you require a Microsoft patch/signature that is not on the update list, contact McAfee Technical Support. - they may be able to assist in the creation of a signature.

grae
Level 7
Report Inappropriate Content
Message 8 of 8

Re: Shadow Brokers Vulnerabilities

I'm not talking about patches on the MVM, I am asking about a signature used by the MVM to search the estate for the EsteemAudit vulnerability?

I have raised a support case with McAfee.