McAfee Labs

Patch Now: Simple Office ‘Protected View’ Bypass Could Have Big Impact

Protected View is a security feature of Microsoft Office. According to research from MWR Labs, Protected View mode is a strong application-level sandbox. In a real-world attack scenario, Office documents from the Internet, such as downloaded documents from browsers (Chrome, Edge, Internet Explorer), or attachments received on emails clients (such as Outlook), are opened by default in …

McAfee Labs, Security Connected

An Advance You Won’t Want to Miss: McAfee Adds Flash Exploit Detection to NSP 8.2

Adobe Flash vulnerabilities and exploits have worried users and security professionals for many years. The situation today remains serious. A quick search of the National Vulnerability Database shows 277 vulnerabilities reported in Flash Player since 2011. For Flash zero-day attacks (which means that there was no patch from Adobe when the vulnerability was exploited), researcher …

McAfee Labs

New Exploit of Sandworm Zero-Day Could Bypass Official Patch

Update of October 25: Some comments posted after we published this report suggest that our proof-of-concept exploit will trigger the UAC (User Account Control) on Windows. We did not observe this during our analysis.   During the last few days researchers at McAfee Labs have been actively investigating Sandworm, the Windows packager zero-day attack (CVE-2014-4114). …

McAfee Labs

Dropping Files Into Temp Folder Raises Security Concerns

Recently, the McAfee Advanced Exploit Detection System (AEDS) has delivered some interesting RTF files to our table. These RTFs have executables “attached” to the documents. Usually, some words in the documents try to convince users to click and run the attachments. The following figure shows the point at which a user clicks on the attachment. …

McAfee Labs

RTF Attack Takes Advantage of Multiple Exploits

This is a joint analysis by Haifei Li, Stanley Zhu, and Jun Xie of McAfee Labs Recently, the rich text format has provoked new interest in the security industry due to a critical RTF zero-day (CVE-2014-1761) exploit found in the wild. McAfee Labs has investigated this threat. As usual, we suggest our customers apply our …