McAfee Labs

Critical Office Zero-Day Attacks Detected in the Wild

At McAfee, we have put significant efforts in hunting attacks such as advanced persistent threats and “zero days.” Yesterday, we observed suspicious activities from some samples. After quick but in-depth research, this morning we have confirmed these samples are exploiting a vulnerability in Microsoft Windows and Office that is not yet patched. This blog post …

McAfee Labs

Patch Now: Simple Office ‘Protected View’ Bypass Could Have Big Impact

Protected View is a security feature of Microsoft Office. According to research from MWR Labs, Protected View mode is a strong application-level sandbox. In a real-world attack scenario, Office documents from the Internet, such as downloaded documents from browsers (Chrome, Edge, Internet Explorer), or attachments received on emails clients (such as Outlook), are opened by default in …

McAfee Labs, Security Connected

An Advance You Won’t Want to Miss: McAfee Adds Flash Exploit Detection to NSP 8.2

Adobe Flash vulnerabilities and exploits have worried users and security professionals for many years. The situation today remains serious. A quick search of the National Vulnerability Database shows 277 vulnerabilities reported in Flash Player since 2011. For Flash zero-day attacks (which means that there was no patch from Adobe when the vulnerability was exploited), researcher …

McAfee Labs

New Exploit of Sandworm Zero-Day Could Bypass Official Patch

Update of October 25: Some comments posted after we published this report suggest that our proof-of-concept exploit will trigger the UAC (User Account Control) on Windows. We did not observe this during our analysis.   During the last few days researchers at McAfee Labs have been actively investigating Sandworm, the Windows packager zero-day attack (CVE-2014-4114). …

McAfee Labs

Dropping Files Into Temp Folder Raises Security Concerns

Recently, the McAfee Advanced Exploit Detection System (AEDS) has delivered some interesting RTF files to our table. These RTFs have executables “attached” to the documents. Usually, some words in the documents try to convince users to click and run the attachments. The following figure shows the point at which a user clicks on the attachment. …

McAfee Labs

RTF Attack Takes Advantage of Multiple Exploits

This is a joint analysis by Haifei Li, Stanley Zhu, and Jun Xie of McAfee Labs Recently, the rich text format has provoked new interest in the security industry due to a critical RTF zero-day (CVE-2014-1761) exploit found in the wild. McAfee Labs has investigated this threat. As usual, we suggest our customers apply our …

McAfee Labs

Flash Zero-Day Vulnerability CVE-2014-0497 Lasts 84 Days

On February 4, Adobe released an out-of-band security update addressing a critical remote code execution vulnerability that is currently being exploited in the wild, according to the vendor’s blog post. Our research team quickly responded to this threat, and we have already provided various protections through our products. (For details, check here.) We have learned …

McAfee Labs

McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office

Last Thursday morning (October 31), our Advanced Exploit Detection System (AEDS), which we discussed in an earlier post, detected a suspicious sample targeting Microsoft Office. After some investigation, we confirmed this is a zero-day attack. Considering the importance of this incident, we shared our findings immediately with the Microsoft Security Response Center and worked closely …

McAfee Labs

New Zero-Day Attack Copies Earlier Flash Exploitation

Late on July 10, Microsoft released a blog post disclosing that they were aware of a zero-day attack in the wild. This attack exploits a previously unpatched Internet Explorer vulnerability (CVE-2013-3163). It’s interesting that the vulnerability was just patched in this month’s Patch Tuesday (July 9), which is perhaps only a coincidence. Although we do …

McAfee Labs

Tracking PDF Usage Poses a Security Problem

Update on May 2 Adobe has confirmed this vulnerability and has scheduled a patch release for May 14.   Looking back this year’s RSA Conference, you might have the feeling that the current threat landscape is primarily a series of advanced attacks. This concept includes well-known advanced persistent threats (APTs) and zero-day vulnerability exploits. To …