Lots of news around about an IE exploit and articles say that NOD32 does not catch it.

http://www.heise.de/english/newsticker/news/120506

Is that accurate? If so, when will we get an update out to us?

Thanks,
Rob.

So far the only AV that I have read can block the IE exploit is AVG.

It's now moot. Microsoft has released the patch to fix it.

http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

Thanks for the link. I wouldn't say it is quite moot, some of our machines are not set to Auto Update from microsoft because one of the auto updates was breaking something else (i think a wireless driver).

I would feel better if my antivirus could prevent it. As i understand it, NOD32 v3 proxies all web pages, so it seems this type of exploit would be in its sweet spot.

I hope they are working on it despite Microsofts patch.

Also, I don't know when MS's patch will get to me, what does it take for everyone to get updated, a week or so?

Nod32 blocks that applications that are attempting to infect your system via the IE XML exploit; Antivirus software does nothing to close the exploit itself and any malware package could be using this exploit as its vector. I have seen several exploits using this vector get dropped on client machines today and yesterday, though.

If you want to lower your risk for this zero-day exploit and other buffer overruns, enable DEP and set it to OptOut or AlwayOn mode through the user interface or boot.ini file.

Just go to Windows Update, use the 'Custom' option and collect the patch for yourself, that's what I did.

In fact that's how I always do updates, I don't allow Automatic Updating.

Hello, NOD32 released an update for this on THE DAY of release.

JS/Exploit.CVE-2008-4844.A
NOD32 - v.3695 (20081216)

http://www.eset.com/joomla/index.php?searchword=JS%2FExploit.CVE-2008-4844.A&option=com_search&Itemid=5

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4844

More info here. (http://www.eset.com/threat-center/blog/?p=256)