Product Coverage and Mitigation for CVE-2014-1776 (Microsoft Internet Explorer)

By on

On April 26, Microsoft released Security Advisory 2963983 for Microsoft Internet Explorer. In-the-wild exploitation of this vulnerability has been observed across limited, targeted attacks. The flaw is specific to a use-after-free vulnerability in VGX.DLL (memory corruption). Successful exploitation can give an attacker the ability to run arbitrary code (via remote code execution). The flaw affects the following:

  • Microsoft Internet Explorer 6
  • Microsoft Internet Explorer 7
  • Microsoft Internet Explorer 8
  • Microsoft Internet Explorer 9
  • Microsoft Internet Explorer 10
  • Microsoft Internet Explorer 11

 

Current McAfee Product Coverage and Mitigation

  • McAfee Vulnerability Manager:  The FSL/MVM package of April 28 includes a vulnerability check to assess if your systems are at risk.
  • McAfee VirusScan (AV):  The 7423 DATs (release date April 29, 2014) provide coverage for perimeter/gateway products and the command-line scanner-based technologies.  Full detection capabilities, across all products, will be released in the 7428 DAT update (release date May 4, 2014).
  • McAfee Web Gateway (AV): The 7423 DATs (release date April 29, 2014) provide coverage.
  • McAfee Network Security Platform (NIPS): The UDS Release of April 28 contains detection.
    • Attack ID: 0x4512e700
    • Name: “UDS-HTTP: Microsoft Internet Explorer CMarkup Object Use-After-Free vulnerability”
  • McAfee Host Intrusion Prevention (HIPS):  Generic buffer overflow protection is expected to cover code execution exploits.
  • McAfee Next Generation Firewall (NGFW): Update package 579-5211 (released April 29, 2014) provides detection.
  • McAfee Application Control: McAfee Application Control provides coverage via the MP-CASP feature. Whitelisting will also prevent post exploitation behavior (ex: execution of dropped executables or the loading of dropped dlls.)

 

Resources

3 comments on “Product Coverage and Mitigation for CVE-2014-1776 (Microsoft Internet Explorer)

  • I wold like to know this McAfee release also secure firefox browser. because firefox browser close automatic after some time . message come on the screen . window find the problem online
    Thanks

    Reply
  • Hello

    Clarified coverage statements are above in the original blog text. For reference, the detection name in the DATs is "Exploit-CVE2014-1776".

    Thanks,

    Jim Walter

    Reply
  • Benoit Malenfant says:

    Your post on this blog states:

    McAfee VirusScan (AV): The 7423 DATs (release date April 29, 2014) detect known-exploits as “Exploit-CVE2014-1776″

    Yet, word I'm getting from my SAM is: "There will be (should be) detection in 7423 DAT file , but it would be restricted to Stinger and CLS, which has limited manual use. For VSE, it will come as I stated in my email."

    The "as I stated in my email" is:

    New Coverage Information
    • DATs – Exploit-CVE2014-1776 in the 7428 DATS, to be released May 04, 2014.

    So, question is: are your clients protected by DAT 7423 in VSE?

    Reply

Leave a Comment

Similar articles

5G has been nearly a decade in the making but has really dominated the mobile conversation in the last year or so. This isn’t surprising considering the potential benefits this new type of network will provide to organizations and users alike. However, just like with any new technological advancement, there are a lot of questions ...
Read Blog