NIDS, AV & HIPS for MS Ofc memory corruptn vulner

https://www.csa.gov.sg/singcert/news/advisories-alerts/alert-on-microsoft-office-memory-corruption-vulnerability
Above is protected by McAfee NIDS/NIPS.

Q1:
Does McAfee AV & HIPS detect/protect against above CVE?

Q2:
Can I say in general NIDS/NIPS protect against CVEs (esp MS & Adobe vulnerabilities) but AV don't as AV deals with
malware & not CVEs.

Q3:
Can I safely say that if a vendor's NIDS detect/protect against the CVE, likely its HIPS will also provide the same?
In particular, referring to McAfee & TrendMicro's
sunhuxAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
1. Yes, User Defined Signature (UDS) has been created to detect this threat. See the KB55447 mentioned in below.
https://kc.mcafee.com/corporate/index?page=content&id=SNS1111

2. Both NIPS and HIPS can detect CVE. In fact, CVE gives specific vulnerability and the signature can be more customised to target patches to be developed and released timely to remediate the gap. Just see the security bulletin from McAfee.
https://www.mcafee.com/sg/threat-center/product-security-bulletins.aspx

3. They would as a family suite since the defence in depth principle apply to detect and block at network and endpoint layer. That said, the signature effort to develop for each preventive measures in the control device is not equatable.
- Let say, if the vulnerability is pertaining to a network threat like DDOS attack, the simplest is at network level to stop at web gateway, firewall and NIPS and HIPS will only have its host firewall only.
- But if it is a malware like ransomware the content of it may not be easily detected through traffic packet but the HIPS will be in better position to inspect. Network IOCs are most IP address/port (callback & source), URL, domain as compare to HIPS that goes for behavior based action and traces on the file, registry (windows) and memory ..

Trend micro has its bulletin (focus on CVE too) - https://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sunhuxAuthor Commented:
So in general Antivirus (for McAfee & Trendmicro) don't deal with CVEs, is this right?
0
btanExec ConsultantCommented:
Yes and No.
Yes, because CVE is pertaining to the vulnerability in an application or system or network protocol.

No, because CVE is generally also tagged as the virus signature. E.g. ClamAV has an instance on PDF vulnerability named as "PDF.Exploit.CVE_2014_8449".
In fact, you can extract such virus signature name from VT.
virustotal-search will extract CVE numbers from AV detection signatures and report them in column CVEs.
https://blog.didierstevens.com/?s=virustotal
1
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.