Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I looked into this exploit a bit more, and it specifically looks for .cab files. https://snort.org/rule_docs/1-16295Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and Kaspersky Personal Security Suite 1.1 allows remote attackers to exec...
I can confirm one of these IP's is a windows update server. So there's no way Meraki can tell us that this isn't a false positive.. because well there's no way microsoft's windows update server is sending us KasperSky Exploits. "vip0x008.map2ssl.hwc...
I mean, I highly doubt any of us are using Russian anti-virus software in our organizations, so it probably is safe to whitelist. But it is annoying that you can't create any exemptions for specific hosts, that you either whitelist the entire signat...
Can confirm our organization is getting this as well. Got a bunch of alerts for that buffer overflow relating to AKAMAI Technologies. Also getting these other ones that look like this, but not as many: vip0x008.map2.ssl.hwcdn.net
