DeepGuard 5 vs. Word RTF zero-day CVE-2014-1761
Now that we got our hands on a sample of the latest Word zero-day exploit (CVE-2014-1761), we can finally address a frequently asked question: does F-Secure protect against this threat? To find out the answer, I opened the exploit on a system protected with F-Secure Internet Security 2014, and here is the result:
IS2014 blocked the threat using the exploit interception feature introduced in DeepGuard version 5. The best part is that we did not need to add or modify anything — the zero-day was blocked by the exact same detection that was included already in the initial release of DeepGuard 5 in June 2013. This means that our users were protected against this threat long before we even got a sample, and also several months before the attack was reported by Microsoft. DeepGuard 5 shows the power of proactive, behavior based protection again (and again).
We have also added a generic detection Exploit:W32/CVE-2014-1761.A to detect the exploit before the document is opened.
Exploit SHA1: 200f7930de8d44fc2b00516f79033408ca39d610
Post by — Timo
On 04/04/14 At 09:36 PM