Since the IPS rule set in html isn't updated for quite a while. Can anyone tell me if there is any protection included for the recent ms12-020 exploit?
Since a snort rule was only created for this vulnerability yesterday as a VRT rule, so no it is not included in the most recently deployed pattern update. The rule will need to be reviewed and vetted before we would add it to the patterns that we push out for IPS. No ETA on when or if it will be included.
We try to do as much testing as possible with snort rules as they can be prone to false positives, which have the possibility of causing even more disruption than the vulnerability itself would.
Since a snort rule was only created for this vulnerability yesterday as a VRT rule, so no it is not included in the most recently deployed pattern update. The rule will need to be reviewed and vetted before we would add it to the patterns that we push out for IPS. No ETA on when or if it will be included.
We try to do as much testing as possible with snort rules as they can be prone to false positives, which have the possibility of causing even more disruption than the vulnerability itself would.
