This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Version 9 vulnerabilities - Article ID: 118424 (Tavis Ormandy)

In the article 118424 there is a number of vulnerabilities listed which affect version 9 of sophos. All but one of these state they are fixed in version 9.x.

The one which doesn't, is in relation to the sophos_detoured_x64.dll ASLR bypass vulnerability, which states it affects 9.X and 10.X however Fixed in version only lists version 10.X products.

Based on this I beliieve customers running the latest version 9.X of sophos are subject to this vulnerability and if so are there any plans to release an update to version 9 to resolve this? I realise there is the option to disable detours at an OS level but is this the only option to mitigate this vulnerability for customers running version 9?

For completeness, I am running Windows 7 x64, with Sophos AV 9.77, Detection Engine 3.37.2.

Many Thanks in advance

This thread was automatically locked due to age.

Parents

0 QC over 12 years ago

Hello Surry,
I've already forgotten what changed from 9.7 to 10.0 :smileywink:, the latter now out for slightly over one year. As there have been (significant) changes with the detours from 9.7 to 10.x it might harder to make the necessary changes in 9.x.
Nevertheless you have certainly a point here. So let's see what Sophos says.
Christian
:35261
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 12 years ago

Hello Surry,
I've already forgotten what changed from 9.7 to 10.0 :smileywink:, the latter now out for slightly over one year. As there have been (significant) changes with the detours from 9.7 to 10.x it might harder to make the necessary changes in 9.x.
Nevertheless you have certainly a point here. So let's see what Sophos says.
Christian
:35261
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data