eyeTSecure Alert - Microsoft IE "Operation Aurora" Vulnerability - McAfee Security

McAfee VULNERABILITY UPDATE

McAfee hat ein Update zu Microsoft Internet Explorer "Operation Aurora" veröffentlicht, das wir an Sie weiterreichen.

Für Ihre Fragen steht Ihnen unser eyeTSecureXpert Service Team unter 0800 189 085 703 zur Verfügung

**VULNERABILITY UPDATE**

McAfee Labs identified a zero-day vulnerability in Microsoft Internet Explorer that was used as the entry point for “Operation Aurora” to exploit Google and at least 30 other companies.

Visit a special McAfee information site at
http://www.mcafee.com/operationaurora.

BACKGROUND

"Operation Aurora" was a coordinated attack which included a piece of computer code that exploits a vulnerability in Internet Explorer to gain access to computer systems.
This exploit is then extended to download and activate malware within the systems. The attack, which was initiated surreptitiously when targeted users accessed a malicious Web page (likely because they believed it to be reputable), ultimately connected those computer systems to a remote server. That connection was used to steal company intellectual property and, in Google's case, gain access to user accounts.
Microsoft has issued a security advisory
(http://www.microsoft.com/technet/security/advisory/979352.mspx)

and McAfee is working closely with Microsoft in this matter.

QUESTIONS & ANSWERS

What is McAfee doing to protect customers?
Researchers at McAfee Labs are delivering signature updates and advice on a continuous basis on the McAfee Labs blog at http://www.avertlabs.com/research/blog/ and at the McAfee Labs Threat Center at
http://www.mcafee.com/us/threat_center.

Could my organization be at risk of being infected?
The computer code that exploits the Microsoft Internet Explorer vulnerability has unfortunately been released publicly and is available on the Web. The public release significantly increases the possibility of widespread attacks using the vulnerability, putting Microsoft Internet Explorer users at potentially serious risk.

Microsoft is aware of the targeted attacks, primarily on Microsoft Internet Explorer 6, and lists the following combinations to be vulnerable: Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
How can I protect my organization?
For system protection, we recommend the following steps:
1. Ensure that your McAfee antivirus/antimalware is up to date with a .DAT file 5862 or greater.
2. Run a full system scan on your system or each system if your .DAT files were not at this level.
3. Turn your Microsoft Internet Explorer browser settings to HIGH and restrict browsing to known sites until Microsoft provides a patch for the Internet Explorer exploit.
4. Enable Artemis, McAfee’s real-time file reputation engine which protects against known, new, and emerging threats, on your endpoint products. If you do not know how to do this, please visit the McAfee KnowledgeBase at https://kc.mcafee.com to access a video tutorial and KB articles.
5. If you have the capability to log all outbound Web requests, do so for future forensics.
How can I tell if my systems are infected by Aurora?
If you are a McAfee VirusScan Engine customer, verify that you are using .DAT 5862 released on January 15, 2010 and perform a full scan on all machines within your enterprise, starting with most sensitive servers. If you detect the following signatures triggered — Exploit-Cornele, Roarur.dr or Roarur.dll — you very likely have an infected Aurora host.
If you believe you may have been infected by Aurora, contact McAfee Foundstone at http://www.foundstone.com/us/contact-form_911.aspx. McAfee is offering free, onsite Incident Response Services to qualified companies affected by Aurora.
For more information, go to the McAfee Aurora landing page at http://www.mcafee.com/operationaurora. contact your Support Account Manager (SAM), or visit McAfee Support via https://mysupport.mcafee.com.
ADDITIONAL RESOURCES

McAfee Labs Security Advisories

http://www.mcafee.com/us/threat_center/securityadvisory/signup.aspx

McAfee Labs Blog

http://www.avertlabs.com/research/blog/
McAfee WW CTO (George Kurtz) Blog
http://siblog.mcafee.com/cto/operation-%e2%80%9caurora%e2%80%9d-hit-google-others/
McAfee Labs Virus Information Library - Related Information
Exploit-Comele - http://vil.nai.com/vil/content/v_253210.htm
Roarur.dr - http://vil.nai.com/vil/content/v_253415.htm
Roarur.dll - http://vil.nai.com/vil/content/v_253416.htm
McAfee KnowledgeBase Article KB67957
http://kb.mcafee.com/agent/index?page=content&id=KB67957

e y e T secure Technologies GmbH
München ˇ Hamburg ˇ Birmingham
Hauptsitz: Karlstrasse 35, D-80333 München – Germany
Hamburg Regional-Office : Glockengießerwall 26, D-20095 Hamburg - Germany
EMEA: 69 Great Hampton Street, Birmingham West Midlands - B18 6EW United Kingdom
Registergericht: München HRB 161208 | St.-Nr.: 143/810/70631
USt.-IdNr.: DE 247333702 | Geschäftsführung: Dipl.-Ökonom Juan J. Davila-Castillo