LANDesk Antivirus detects this exploit with current definitions as Exploit.PHP.Agent.F.
I would encourage our customer base to consider some of the steps in the following article to further protect their systems against zero-day threats:
The best defense is a good.... defense.
thanks dave, is there a way to check to see if we have that signature downloaded? I know we can see all of the spyware defniitions we've downloaded in security and patch manager, but the the AV vulnerabilities are not listed the same way.
You can check the list of definitions here:
Here is the search for this particular vulnerability:
If your pattern files downloaded are later than the "Update Released" time listed on this website, you have that definition.
Microsoft are releasing an out of band patch for this exploit today - I've got to test it this week and get this out to our customer base beginning of next. How long will it take until we see this patch available via LANDesk patch manager?
That's awesome thanks Dave.
Drew, from my experience, LANDesk is pretty good in getting their patches not long after they are released. We have patches scheduled to download at night, and on a typical patch tuesday, the patches are available for download overnight and I have the deifnitions the following morning when I boot up. We actually just got out of an emergency patch meeting and we fully plan on being able to test and deploy by the end of the week.
Latest MS security blogs say the patch (MS10-002) will be released today approx 10:00 PST (UK 6PM). Hopefully LANDesk will make it available via Patch Manager shortly after.
Here is the LANDesk Bulletin covering the now released out of band patch:
This was created and released to our global content servers the same day Microsoft released the patch.
In addition to Patch content and Antivirus support, the LANDesk Antispyware product also contains definitions to combat the attacks as a result of this vulnerability.
Additional reading from Kaspersky - the company that provides the LANDesk Antivirus scanning engine.