FireEye Fixes MPS Flaw

Monday, December 14, 2015 @ 05:12 PM gHale

FireEye patched a vulnerability identified in its Malware Protection System (MPS), researchers said.

Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich developed a reliable exploit for a remote code execution (RCE) vulnerability affecting MPS. The researchers did not provide any technical details, but Ormandy did say the bug likely affected “every version ever shipped.”

Attack Vector: Smart Coffee Makers
CCTV Cameras Form Botnet
IEI: Securing IIoT
Botnet Protects Against Malware

The RCE vulnerability discovered Dec. 4 affected the company’s Network Security (NX), Email Security (EX), Malware Analysis (AX), and File Content Security (FX) products.

“FireEye had been engaged with and was supporting the Google Project Zero team prior to this discovery around the testing of our products. Due to the severity of the vulnerability discovered, we released an automated remediation to customers just 6 hours after notification, mitigating any customer exposure by (Dec. 5),” FireEye spokesman Kyrksen Storer said in a published report.

“We are thankful for the opportunity to support the Google team in this process, will continue to support their efforts, and fully support the broader security research community’s efforts to test and improve our products,” Storer added.