Now that we got our hands on a sample of the latest Word zero-day exploit (CVE-2014-1761), we can finally address a frequently asked question: does F-Secure protect against this threat? To find out the answer, I opened the exploit on a system protected with F-Secure Internet Security 2014, and here is the result:
![Screenshot of DeepGuard 5 blocking CVE-2014-1761 exploit]()
IS2014 blocked the threat using the exploit interception feature introduced in DeepGuard version 5. The best part is that we did not need to add or modify anything the zero-day was blocked by the exact same detection that was included already in the initial release of DeepGuard 5 in June 2013. This means that our users were protected against this threat long before we even got a sample, and also several months before the attack was reported by Microsoft. DeepGuard 5 shows the power of proactive, behavior based protection again (and again).
Microsoft will release a patch for the vulnerability on Tuesday April 8, 2014. In the meantime, you should check the mitigations and workarounds Microsoft recommends.
We have also added a generic detection Exploit:W32/CVE-2014-1761.A to detect the exploit before the document is opened.
Exploit SHA1: 200f7930de8d44fc2b00516f79033408ca39d610
Post by Timo
IS2014 blocked the threat using the exploit interception feature introduced in DeepGuard version 5. The best part is that we did not need to add or modify anything the zero-day was blocked by the exact same detection that was included already in the initial release of DeepGuard 5 in June 2013. This means that our users were protected against this threat long before we even got a sample, and also several months before the attack was reported by Microsoft. DeepGuard 5 shows the power of proactive, behavior based protection again (and again).
Microsoft will release a patch for the vulnerability on Tuesday April 8, 2014. In the meantime, you should check the mitigations and workarounds Microsoft recommends.
We have also added a generic detection Exploit:W32/CVE-2014-1761.A to detect the exploit before the document is opened.
Exploit SHA1: 200f7930de8d44fc2b00516f79033408ca39d610
Post by Timo
On 04/04/14 At 09:36 PM