NEWS FROM THE LAB - Thursday, November 7, 2013

DeepGuard 5 vs. the CVE-2013-3906 Zero-Day Exploit Posted by SecResponse @ 13:46 GMT

On Wednesday, we noted a zero-day vulnerability in the Microsoft Graphics component. The vulnerability is being actively exploited in targeted attacks using Word documents.

Long story short, here's a video of the exploit losing to our Internet Security:

DeepGuard 5 vs. Microsoft Graphic Component Zero-Day Exploit CVE-2013-3906

The Word document in the video has been used in real attacks and is one of the exploits analyzed by McAfee and Alient Vault. The attack has been recreated on an isolated test network with a vulnerable system running Office 2007 on 64-bit Windows 7. As the video demonstrates, the exploit interception feature in DeepGuard 5 (our behavioral engine) prevents the system from getting infected.

Moreover, DeepGuard would have proactively protected our customers from this zero-day exploit already prior to the Microsoft advisory and without us ever having seen the first samples.

Furthermore, we did not need to add or modify any DeepGuard detections — it blocked the current zero-day with the same set of detection rules as the previous Microsoft zero-day about a month ago.

That is the power of proactive, behavior-based exploit protection.

Post by — Timo*

*Editor's note: Timo is a Senior Researcher and our (justifiably) proud DeepGuard service owner. Kudos, Timo!