FireEye Fixes MPS Flaw
Monday, December 14, 2015 @ 05:12 PM gHale
FireEye patched a vulnerability identified in its Malware Protection System (MPS), researchers said.
Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich developed a reliable exploit for a remote code execution (RCE) vulnerability affecting MPS. The researchers did not provide any technical details, but Ormandy did say the bug likely affected “every version ever shipped.”
The RCE vulnerability discovered Dec. 4 affected the company’s Network Security (NX), Email Security (EX), Malware Analysis (AX), and File Content Security (FX) products.
“FireEye had been engaged with and was supporting the Google Project Zero team prior to this discovery around the testing of our products. Due to the severity of the vulnerability discovered, we released an automated remediation to customers just 6 hours after notification, mitigating any customer exposure by (Dec. 5),” FireEye spokesman Kyrksen Storer said in a published report.
“We are thankful for the opportunity to support the Google team in this process, will continue to support their efforts, and fully support the broader security research community’s efforts to test and improve our products,” Storer added.