On December 19, 2018, Microsoft announced CVE-2018-8652 which details a remote code execution vulnerability affecting Internet Explorer. Using a specially designed Website, an attacker could exploit this vulnerability to take control of a remote system, including reading and writing data and creating user accounts.
While this vulnerability is known to have been exploited prior to the public announcement, customers running Symantec Endpoint Protection 14.0 RU1 or later had zero-day protection against this exploit if they had Memory Exploit Mitigation (MEM) configured in their environment. MEM provides protection against this exploit through the following mitigation techniques:
All SEP customers, including those running versions of SEP prior to 14.0 RU1, are now protected against the vulnerability using newly published heuristic detection and IPS signatures (Exp.CVE-2018-8653 and Web Attack: Microsoft Internet Explorer CVE-2018-8653 Activity). Symantec advises customers that the best way to ensure zero-day protection against similar attacks is to deploy the latest version of SEP and to enable all protection capabilities. It is also recommended to apply all vendor patches as soon as possible.
For additional information on configuring MEM, please see Hardening Windows clients against memory tampering attacks with a Memory Exploit Mitigation policy.