1. /
  2. Security Response/
  3. Symantec ThreatCon

ThreatCon

The ThreatCon is currently at Level 2: Elevated.

On October 14, 2014, Microsoft released its scheduled patch update for October 2014. This month's update covers vulnerabilities in the Microsoft Windows operating system, Internet Explorer, .NET Framework, Microsoft Office, Microsoft Developer Tools, Microsoft Office Services, Microsoft Office Web Apps. Eight security bulletins have been released to address these issues including the recent zero days published by multiple vendors for CVE-2014-4113, CVE-2014-4114 and CVE-2014-4148 being used in targeted attacks.

Customers are advised to install all applicable updates as soon as possible.

Microsoft Security Bulletin Summary for October 2014
https://technet.microsoft.com/library/security/ms14-oct

Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks
http://www.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploited-targeted-attacks

Symantec ThreatCon Rating

The Symantec ThreatCon rating is a measurement of the global threat exposure, delivered as part of Symantec DeepSight Threat Management System.
ThreatCon Level 2
Medium : Increased alertness
This condition applies when knowledge or the expectation of attack activity is present, without specific events occurring or when malicious code reaches a moderate risk rating. Under this condition, a careful examination of vulnerable and exposed systems is appropriate, security applications should be updated with new signatures and/or rules as soon as they become available and careful monitoring of logs is recommended. Changes to the security infrastructure are not required.

View ThreatCon Definitions

Symantec DeepSight Threat Management System

Symantec DeepSight Threat Management System tracks security events on a global basis, providing early warning of active attacks. With personalized notification triggers and expert analysis, the system enables enterprises to prioritize IT resources in order to better protect critical information assets against a potential attack. To track security threats, it continuously correlates IDS and firewall attack data from the security systems of over 20,000 partners in over 180 countries, plus virus statistics from the Symantec Digital Immune System and many other human intelligence resources. Experts at Symantec analyze the information to identify active attacks and deliver advanced warning with actionable analyses and countermeasures.
STAR Antimalware Protection Technologies