On February 19, Microsoft released Security Advisory (2934088) for Microsoft Internet Explorer. This vulnerability was previously reported, by 3rd parties, during the 2nd week of February 2014. In-the-wild exploitation has been observed (at least) back to early January 2014.
Specifically, the flaw is a use-after-free condition during Internet Explorer’s processing of specific CMarkup objects.
We are currently analyzing details and indicators. Watch this space for updates, indicators, and more information about this threat.
Current McAfee product coverage and mitigation:
- McAfee Vulnerability Manager: The FSL/MVM package of February 13 includes a vulnerability check to assess if your systems are at risk.
- McAfee Application Control: Run-Time Control locks down systems and provides protection in the form of Execution Control and Memory Protection.
- McAfee VirusScan: Coverage for known, associated, malware is provided in the 7350 DATs (February 15) as “Exploit-SWF” and the 7354 DATs (February 19) as “Exploit-CVE2014-0322″ and “Backdoor-FBSR”.
- McAfee Web Gateway: Coverage for known, associated, malware is provided in the 7350 DATs (February 15) as “Exploit-SWF” and the 7354 DATs (February 19) as “Exploit-CVE2014-0322″ and “Backdoor-FBSR”.
- McAfee GTI / Web / URL Reputation-enabled Controls: McAfee products with GTI enabled will block/identify malicious IP/Domain/URL traffic associated with this threat.
- Microsoft Advisory: http://technet.microsoft.com/en-us/security/advisory/2934088
- Microsoft Fixit / KB: https://support.microsoft.com/kb/2934088
- OSVDB: http://osvdb.org/103354
- NVD: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0322&cid=2
- US-CERT: http://www.kb.cert.org/vuls/id/732479