Author Topic: Autosave problem Ms Word cve-2014-6333 kb3009710 (false positive?) (Read 2534 times)

Ok 1 · « **on:** November 17, 2014, 12:38:01 PM »

Hi,

We have a problem with the Ms Word autosave function in roaming profiles

The error is:

\\[servername]\Documents$\[USERNAME]\AppData\Roaming\Microsoft\Word\~WRA3880.wbk" is infected by "DOC:CVE-2014-6333 [Expl]" virus.

it has something to do with latest updates form Microsoft: MS14-069: Vulnerabilities in Microsoft Office could allow remote code execution: November 11, 2014 ( https://support.microsoft.com/kb/3009710?wa=wsignin1.0 )

For now we excluded the extensions because it is not possbile in network environment with roaming profiles to exclude the exact directory because %username% is not a wildcard in exclusions with the AEA console.

Here is a site i found in German: https://forum.avast.com/index.php?topic=160435.0 its same problem but on OSX

keywords: roaming profile, CVE-2014-6333, KB3009710, autosave, word, microsoft, avast

REDACTED · « **Reply #1 on:** November 17, 2014, 09:22:33 PM »

We are seeing the same thing. It'd be nice if we could exclude a particular vulnerability from being checked rather than a file type. Once the patch is applied this exploit doesn't work anymore, so we could just ignore it.

Milos · « **Reply #2 on:** November 18, 2014, 09:47:39 AM »

Hello,
detection was fixed and virus definitions are released.

Milos

Ok 1 · « **Reply #3 on:** November 18, 2014, 10:24:13 AM »

Thanks, problem is fixed indeed

Author Topic: Autosave problem Ms Word cve-2014-6333 kb3009710 (false positive?) (Read 2534 times)

Ok 1

Autosave problem Ms Word cve-2014-6333 kb3009710 (false positive?)

REDACTED

Re: Autosave problem Ms Word cve-2014-6333 kb3009710 (false positive?)

Milos

Re: Autosave problem Ms Word cve-2014-6333 kb3009710 (false positive?)

Ok 1

Re: Autosave problem Ms Word cve-2014-6333 kb3009710 (false positive?)