Current Sophos Anti Virus Definition detects new Security Advisory 4025685 vulnerabilities

Hi,

Microsoft has relased a new Security Advisory 4025685 - June 2017 security update release.

 

Below is the link:

technet.microsoft.com/.../4025685.aspx

I want to know that whether Sophos AV engine has released latest AV definition for mentioned below Bulletin or CVE-IDs, if yes what are the definitions number for the following:

 

1) MS08-067

2) MS09-050

3) MS10-061

4) MS14-068

5) MS17-013

6) CVE-2017-0222

7) CVE-2017-0267 

8) CVE-2017-0280

9) CVE-2017-7269

10) CVE-2017-8461

11) CVE-2017-8464

12) CVE-2017-8487

13) CVE-2017-8543

14) CVE-2017-8552

Please respond as early as possible because there are some critical businees running in some systems which has Sophos as an AV engine in it.

 

Thanks,

Vishek

  • Cna anyone answer my questions?

  • In reply to vishek verma:

    Hello Vishek,

    Our protection in Sophos Anti-Virus doesn't work like that. A vulnerability needs to be patched to fix it, which is why MS has released these patches. We suggest you apply all of these as soon as possible.

    What Sophos Anti-Virus does is detect malware that is known to use these vulnerabilities. Most of these new vulnerabilities have come to light because of information released by a group known as "The Shadow Brokers". This information was released several months ago and Sophos has been working to ensure we have protection for the malware included. For example some of the vulnerabilities patched by this release are used by malware tools with the names of EsteemAudit, ExplodingCan, and EnglishmanDentist. All of these and more we have already released protection for.

    As I said to ensure you are protected please follow the Microsoft advice and patch these vulnerabilities.

  • vishek verma

    Hi,

    Microsoft has relased a new Security Advisory 4025685 - June 2017 security update release.: technet.microsoft.com/.../4025685.aspx

     

    1) MS08-067

    2) MS09-050

    3) MS10-061

    4) MS14-068

    5) MS17-013

    6) CVE-2017-0222

    7) CVE-2017-0267 

    8) CVE-2017-0280

    9) CVE-2017-7269

    10) CVE-2017-8461

    11) CVE-2017-8464

    12) CVE-2017-8487

    13) CVE-2017-8543

    14) CVE-2017-8552 

     

    Vishek,

    These vulnerabilities listed above are in Microsoft software. In this situation, Microsoft provided patches to fix issues in their software.

    Sophos products do not fix the issues in programs and applications of software companies.  Sophos and it's products/services prevent malware from exploiting these issues or causing them.  Sophos provides patches and updates to it's own software.

    In other words: Microsoft, Apple, Google, Ubuntu, RedHat, and other operating systems companies make computers/devices work.  Sophos and other security software companies prevent malicious software from infecting computers/devices and crashing them.