Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    As the blog post says, the exploit is very unstable and unreliable. So far we've only gotten it to crash. We'll be testing more platforms.

    office-exploit.png
     
  2. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,660
    Location:
    Mexico
    Thank you. :thumb:
     
  3. Nizarawi

    Nizarawi Registered Member

    Joined:
    May 26, 2008
    Posts:
    137
    with the beta version of kapserksy 2016
    can't run firefox

    Error : Couldn't load XPCOM
     
  4. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Can anybody else replicate this? Under what OS?
     
  5. Nizarawi

    Nizarawi Registered Member

    Joined:
    May 26, 2008
    Posts:
    137
    Win7 x64
     
  6. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,892
    Location:
    Hollow Earth - Telos
    I had a lot of problems using MBAE with chrome 32. I just went to chrome 64 and activated the chrome shield that i deactivated because of many problems with chrome 32. So far all the problems are gone that i had with chrome 32. Will see if it stays that way.
     
  7. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    We've fixed one bug that was apparent with Chrome. Instead of waiting for 1.08 we'll release a new version of 1.07 this week. The auto-upgrade has been delayed until this new 1.07 version is ready.
     
  8. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    862
    Would MBAE have been able to mitigate against MS15-078?
     
  9. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes, most likely with Layer3 mitigations as it is a kernel exploit.
     
  10. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,067
    Last edited: Jul 21, 2015
  11. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
  12. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,748
    I am still running v1.07.1.1007 Premium, and haven't received the autoupdate, as yet.
     
  13. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes that's because we haven't released 1.07 in the auto-upgrade channel yet. If the new 1014 build proofs itself as stable as we think it is we will release it later this week or early next week to the auto-upgrade channel.
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,397
    Location:
    The Netherlands
    I might be misunderstanding, but don't kernel exploits normally defeat all security tools? And what do you think about this one, do you think that MBAE can block such an exploit attack on Chrome? This exploit is a bit confusing to me, because it can not only be used for privilege escalation, but also for remote code execution.

    http://blog.trendmicro.com/trendlab...s-another-windows-zero-day-ms-releases-patch/
     
  15. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes they do, including MBAE. But, as with Duqu, most implementations of the exploit will result in a malicious action in user-land by Word, Adobe, etc and those malicious actions are typically blocked by Layer3.

    It is basically the same as with the original Duqu. MBAE didn't detect the kernel exploit (naturally) but it prevented the infection as most of the times weaponized kernel exploits still need to download and exec something. Simply popping the calculator is nice, but it is not useful in a real attack scenario. But of course a skilled attacker could target MBAE or any other product specifically after executing the shellcode and bypass it. That's why the best solution for such kernel exploits is to patch.
     
  16. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    windows.10 pro mbea 1014.no flyout.not shielded.using chome but just checked and not working for me...
     
  17. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,067
    @ ZeroVulnLabs
    I have no idea why you always ignore my questions.
    Thanks for your arrogance Mr. Pedro Bustamante..............

    -----------------------

    Thank you! :thumb:
     
  18. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    no.problems.i just happen to be testing win.10
     
  19. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Sorry I missed that. I though I had already answered the question but it turns out it was here, not to you specifically.
     
  20. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,748
    I decided to manually update.

    However, after launching the update at 11:30 pm as per the first screenshot, my system locked up due to a popup from SpyShelter which I have added to this snapshot recently.

    ScreenShot_MBAE_v1.07.1.1014_install_01.gif

    After forcing a soft reboot, I started over. See second screenshot.

    ScreenShot_MBAE_v1.07.1.1014_install_02.gif

    This time upgrade install was completed. However, the systray icon was missing after the update. This still happens regularly. It returns with the next reboot, usually.

    ScreenShot_MBAE_v1.07.1.1014_install_07.gif

    ScreenShot_MBAE_v1.07.1.1014_install_08.gif
     
  21. crapbag

    crapbag Registered Member

    Joined:
    Mar 14, 2011
    Posts:
    145
    Can I ask how often MBAE checks for updates?

    I'm a premium user and I like the product but I've had to uninstall and reinstall to get the newest version from the Malwarebytes site. I've had to do this a few times and just did it today from v1.06.1.1019 to v1.07.

    Some kind of 'Force Check' option would be great.
     
  22. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,067
    Thank you.
     
  23. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,067
    Multiple choices.........
     
  24. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,067
    Simply download from our here. You can install on top of your existing installation.
    In a week or two we'll start activating the automatic upgrades, so if you prefer not to do anything, simply relax and wait for your MBAE to upgrade itself.

    https://forums.malwarebytes.org/index.php?/topic/170015-malwarebytes-anti-exploit-10711014/
     
  25. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,067

    Attached Files:

    Last edited: Jul 21, 2015
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.