Comments on: McAfee Coverage of the Microsoft Emergency Release http://blogs.mcafee.com/mcafee-labs/mcafee-coverage-of-the-microsoft-emergency-release Tue, 29 Nov 2011 07:51:20 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Daniel http://blogs.mcafee.com/mcafee-labs/mcafee-coverage-of-the-microsoft-emergency-release/comment-page-1#comment-19303 Daniel Mon, 03 Nov 2008 14:30:45 +0000 http://www.labs.com/research/blog/?p=732#comment-19303 After testing a PoC vulnerability exploit against a Windows XP computer with SP3 and DEP enabled, I found that VirusScan 8.x buffer overflow protection also blocks the exploit attack. After testing a PoC vulnerability exploit against a Windows XP computer with SP3 and DEP enabled, I found that VirusScan 8.x buffer overflow protection also blocks the exploit attack.

]]> By: Nathan http://blogs.mcafee.com/mcafee-labs/mcafee-coverage-of-the-microsoft-emergency-release/comment-page-1#comment-19300 Nathan Fri, 24 Oct 2008 16:25:11 +0000 http://www.labs.com/research/blog/?p=732#comment-19300 After testing with PoC vulnerability code for this issue, I have found that existing HIPS signatures cover this issue with signature ID 3768, "Windows Server Service Buffer Overflow Vulnerability (Tighter Security)", resulting in a Prevent action by default. This is due to the similarity between MS08-067 and the MS06-040 this signature originally covered. After testing with PoC vulnerability code for this issue, I have found that existing HIPS signatures cover this issue with signature ID 3768, “Windows Server Service Buffer Overflow Vulnerability (Tighter Security)”, resulting in a Prevent action by default.

This is due to the similarity between MS08-067 and the MS06-040 this signature originally covered.

]]>