2 Replies Latest reply on Sep 26, 2013 5:24 PM by Hayton

    Internet Explorer Vulnerability

    catdaddy

      Given the latest Microsoft Window Update Debacle, and the yet to be "Fully" patched vulnerabilities in Internet Explorer 6-10..even to include Internet Explorer 11 (Windows 8). Is it safe to say we have full Product Coverage from McAfee Total Protection in regards to these possible exploits?

       

      It is my understanding that these issues were addressed by "Engine Version" 1654 on 9/20/2013.

       

      There has also been a Microsoft Security Advisory pertaining to "Adobe Flash Player"- Kb-2755801, hence have since been "Auto Updated by Adobe with the latest version being 11.8.800.175.

       

      The Vulnerabilities mentioned above, were discovered more than a month ago during the "Pwn2own" hacking contest, and all exploits were exposed to all "Browsers" I might mention that both Chrome-Firefox addressed these issues.

       

      Microsoft has issued a "Workaround-Fix-It" to temporarily add additional safety, until they have a remedy for the said vulnerability. I primarily utilize Internet Explorer 10-Fully updated, and have had no issues to date. I have chosen to not install the "Fix-it" as to date...have had no issues.

       

       

       

        • 1. Re: Internet Explorer Vulnerability
          exbrit

          They don't tell us what updates cover I'm afraid, so I can only assume that they are fully aware of them.

          1 of 1 people found this helpful
          • 2. Re: Internet Explorer Vulnerability
            Hayton

            No, McAfee pushes out Security Advisories at frequent intervals. You have to sign up to get them. Mostly the contents are intended for Corporate and Enterprise customers but they do say whenever a new DAT release covers a particular vulnerability. How that ties in with the recent move to engine updates for Consumer customers is not made clear, but if McAfee are updating for Enterprise they ought to be updating also for Consumer.

             

            The specific question in the post appears to be about CVE-2013-3893 which was the subject of a Microsoft Security Advisory on September 17 and a Microsoft Support article (2887505) on the 18th which includes the interim FixIt workaround.

             

            There is a McAfee blog about this vulnerability in Blog Central - "Product Coverage and Mitigation for CVE-2013-3893"

             

            And, as I was writing this reply, an email notification came in of a new McAfee security advisory (MTIS13-154)

             

            DAT files:                        Coverage will be provided as Exploit-CVE2013-3893 in the 7212 DATs, to be released September 30.

            Coverage is provided for related malware as BackDoor-FBFA in the 7188 DATs, released September 4.

             

             

            So, McAfee will provide cover for Windows vulnerabilities. Many of them are simple buffer overflows for which there is a generic detection capability.

            1 of 1 people found this helpful