DeepGuard 5 vs. Word RTF zero-day CVE-2014-1761

Now that we got our hands on a sample of the latest Word zero-day exploit (CVE-2014-1761), we can finally address a frequently asked question: does F-Secure protect against this threat? To find out the answer, I opened the exploit on a system protected with F-Secure Internet Security 2014, and here is the result:

Screenshot of DeepGuard 5 blocking CVE-2014-1761 exploit

IS2014 blocked the threat using the exploit interception feature introduced in DeepGuard version 5. The best part is that we did not need to add or modify anything — the zero-day was blocked by the exact same detection that was included already in the initial release of DeepGuard 5 in June 2013. This means that our users were protected against this threat long before we even got a sample, and also several months before the attack was reported by Microsoft. DeepGuard 5 shows the power of proactive, behavior based protection again (and again).

Microsoft will release a patch for the vulnerability on Tuesday April 8, 2014. In the meantime, you should check the mitigations and workarounds Microsoft recommends.

We have also added a generic detection Exploit:W32/CVE-2014-1761.A to detect the exploit before the document is opened.

Exploit SHA1: 200f7930de8d44fc2b00516f79033408ca39d610

Post by — Timo

On 04/04/14 At 09:36 PM

Read more: DeepGuard 5 vs. Word RTF zero-day CVE-2014-1761

Story added 5. April 2014, content source with full text you can find at link above.