https://live.paloaltonetworks.com/t5/advanced-threat-prevention/traps-cve-2019-0708/m-p/267207#M572 <P>Thanks Brandon for sharing an update.&nbsp;</P><P>Please do share outcome from your test.&nbsp;</P><P>Cheers,&nbsp;</P> Thu, 06 Jun 2019 04:59:39 GMT ChiragBhatt 2019-06-06T04:59:39Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/traps-cve-2019-0708/m-p/261353#M552 <P>Does Traps offer protection against&nbsp;<SPAN>CVE-2019-0708 ?</SPAN></P> Thu, 16 May 2019 12:58:06 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/traps-cve-2019-0708/m-p/261353#M552 JacobHusted 2019-05-16T12:58:06Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/traps-cve-2019-0708/m-p/261531#M555 <P>I've just opened a support case on this, I'll post when I hear back.</P> Fri, 17 May 2019 17:51:07 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/traps-cve-2019-0708/m-p/261531#M555 BrandonWright 2019-05-17T17:51:07Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/traps-cve-2019-0708/m-p/266656#M569 <P>Hi, Any reply from the Support team?&nbsp;</P> Wed, 05 Jun 2019 06:43:33 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/traps-cve-2019-0708/m-p/266656#M569 ChiragBhatt 2019-06-05T06:43:33Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/traps-cve-2019-0708/m-p/266881#M571 <P>Hello Chirag,</P><P>&nbsp;</P><P>I did receive a response, but it wasn't completely definitive.&nbsp; At the time that I opened the case, there was no PoC code available for CVE-2019-0708, but the TAC engineer did research on the exploit and stated that it should be covered by Traps Default protections given his understanding of how the exploit works.&nbsp;</P><P>&nbsp;</P><P>Now that there is exploit code available I plan on spinning up a windows VM with Traps to test this statement.&nbsp; I probably wont get to this until later this week.</P><BLOCKQUOTE><HR /></BLOCKQUOTE><P>&nbsp;</P> Wed, 05 Jun 2019 16:28:08 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/traps-cve-2019-0708/m-p/266881#M571 BrandonWright 2019-06-05T16:28:08Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/traps-cve-2019-0708/m-p/267207#M572 <P>Thanks Brandon for sharing an update.&nbsp;</P><P>Please do share outcome from your test.&nbsp;</P><P>Cheers,&nbsp;</P> Thu, 06 Jun 2019 04:59:39 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/traps-cve-2019-0708/m-p/267207#M572 ChiragBhatt 2019-06-06T04:59:39Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/traps-cve-2019-0708/m-p/268511#M585 <P>Hello All,</P><P>&nbsp;</P><P>So as of today, I was able to get some time to do some further testing.&nbsp; It looks like the default protection built-in to traps unfortunately doesn't seem to catch this.&nbsp; I'm still trying to determine if there is a configuration change (focusing on the Exploit Profiles) that will protect the process that is exploited as part of this CVE (CVE-2019-0708).</P><P>&nbsp;</P><P>The testing methodology that I have used is as follows:</P><P>1. Spun up a Windows 7 VM, and fired a PoC Crash exploit at the unpatched system.&nbsp; This resulted in a Blue Screen and the machine cratched.&nbsp; Presumably if someone modifies this Blue Screen PoC code to get their own RCE (Remote Code Execution), then they could get their code executing on a system without a Blue Screen.</P><P>&nbsp;</P><P>2.&nbsp; Next, I installed the latest Traps Agent on the Windows 7 VM, and rebooted.&nbsp; After the reboot, I fired the PoC crash exploit at the unpatched system yet again, and acheived the same result, with nothing being reported in the Traps Management Service.</P><P>&nbsp;</P><P>I plan on opening another support ticket to inquire now that there is PoC code available.&nbsp; I'll post the results of that here later.</P><P>&nbsp;</P><P>Thanks</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 11 Jun 2019 01:26:46 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/traps-cve-2019-0708/m-p/268511#M585 BrandonWright 2019-06-11T01:26:46Z