This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Protected against ms12-020

Hi,

Since the IPS rule set in html isn't updated for quite a while. Can anyone tell me if there is any protection included for the recent ms12-020 exploit?

Kind regards!

This thread was automatically locked due to age.

0 Scott_Klassen over 13 years ago

Since a snort rule was only created for this vulnerability yesterday as a VRT rule, so no it is not included in the most recently deployed pattern update. The rule will need to be reviewed and vetted before we would add it to the patterns that we push out for IPS. No ETA on when or if it will be included.

We try to do as much testing as possible with snort rules as they can be prone to false positives, which have the possibility of causing even more disruption than the vulnerability itself would.

Microsoft has released a patch for this vulnerability which should be deployed to your windows based systems. http://technet.microsoft.com/en-us/security/bulletin/ms12-020.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 13 years ago

I have always advocated rdp NOT be exposed to the internet. it has been easily crackable for years and plus the fact that it runs as a kernel service that just makes this kind of bug so easy to exploit. My advice? use the vpn inside of your astaro and then rdp over that. IMO anyone who exposes rdp directly to the internet is asking to get pwned.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel