Does SEP protect against last security vulnerability in Java 6u41 ?
Created: 08 Mar 2013 | Updated: 08 Mar 2013 | 4 comments
This issue has been solved. See solution.
Hello all,
I would know if SEP 12.1 detect attack against Java 6 update 41/ Java 7 udpate 15 which have a vulnerability (CVE-2013-1493) ? May be by using anti-intrusion ?
Thanks.
Operating Systems:
Discussion Filed Under:
Comments 4 Comments • Jump to latest comment
Yes, it does, please see this blog for full details
https://www-secure.symantec.com/connect/blogs/late...
A brief synopsis:
As seen in figure 1, the initial stage of the attack involves a target visiting a compromised site that hosts a malicious JAR file, detected by Symantec as Trojan.Maljava.B. The JAR file contains the exploit CVE-2013-1493 which, if successful, downloads a file called svchost.jpg that is actually an MZ executable, detected by Symantec as Trojan.Dropper. This executable then acts as a loader for the dropped appmgmt.dll file, detected as Trojan.Naid. An intrusion prevention (IPS) update due to be released later today will contain the following detection for the malicious JAR file.
Web Attack: Malicious Java Download 4
Symantec is currently investigating further protections for this zero-day and will provide an update to this blog when possible. To protect against potential zero-day threats, Symantec recommends that you use the latest STAR Malware Protection Technologies to ensure the best possible protection is in place.
SEP Knowledge Base
Endpoint SWAT
Thanks Brian81 for this quick answer.
DCourtel.
End User Support Technician
Publish Third Party Applications in Wsus : http://wsuspackagepublisher.codeplex.com/
Glad to help.
SEP Knowledge Base
Endpoint SWAT
Please note that IPS signatures are an excellent defense against the code that exploits these Java vulnerabilities. If you have not already deployed IPS in your environment, please consider doing so as a matter of priority. Relying on traditional AV signatures is fighting with one arm tied behind your back.
With thanks and best regards,
Mick
Would you like to reply?
Login or Register to post your comment.