I read about these newer forms of malware at https://www.zdnet.com/article/microsoft-warns-about-astaroth-malware-campaign/ and wondering what protections does SEP 14.x have for malware using fileless and living-off-the-land techniques. Thanks.
A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code.
The vulnerability is due to insufficient validation of dynamically loaded modules. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows filesystem. A successful exploit could allow the attacker to execute the code with the privileges of the AMP service.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
Security Impact Rating: Medium