NEWS FROM THE LAB - Thursday, November 26, 2009

Exploit Shield FTW Posted by Response @ 13:24 GMT

Microsoft published a Security Advisory on Monday for a vulnerability in Internet Explorer 6 and IE7 that could allow for remote code execution. IE8 is not affected.

Currently, there are no reports of this vulnerability being exploited in-the-wild.

Our Exploit Shield analysts have been looking into this case and based on their initial tests, the code that they tested doesn't work reliably, and is more likely to result in a crash (DoS) than Remote Code Execution (RCE) on an unprotected computer.

But how about a computer protected with our Exploit Shield technology? How does our Internet Security handle an exploit targeting CVE-2009-3672?

No problem at all. The exploit is blocked by our heuristics. No specific shield is required.

Our customers using Internet Security 2010 were protected against this exploit before it was even discovered. Nice.

The Flash animation below demonstrates:

  •  Real-time scanning is OFF
  •  Browsing protection with Exploit Shield is ON
  •  The exploit POC is opened
  •  Exploit Shield protects the browser


Updated to add: SANS Diary notes that the advisory is now updated to include mitigations and that workable exploits are starting to surface on the web.