https://live.paloaltonetworks.com/t5/general-topics/about-microsoft-vulnerability/m-p/33772#M24782 <HTML><HEAD></HEAD><BODY><P>Also bear in mind that with server to client vulnerability signature this could be triggered by an attempt by the outside client to use the exploit to compromise the server.&nbsp; Thus you would not find anything on the server itself but should try to identify the client side of the transaction.</P></BODY></HTML> Sat, 07 Mar 2015 12:35:28 GMT pulukas 2015-03-07T12:35:28Z https://live.paloaltonetworks.com/t5/general-topics/about-microsoft-vulnerability/m-p/33770#M24780 <HTML><HEAD></HEAD><BODY><P>Hello all,</P><P></P><P>My customers PA-3020 detected&nbsp; a few&nbsp; Microsoft Vulnerability Threat coming from Inside ( Web server ) to Outside&nbsp; ( Internet ) . </P><P>We investigated the cause of this , but could not replicate the issue and finding the cause of it. </P><P>We scanned web server for malware , corrupt jpeg files but it was clean. </P><P></P><P>Detected Vulnerabilities are :</P><P><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><BR /></SPAN></SPAN></P><P><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';">Microsoft Windows Paint JPEG Integer Overflow Vulnerability(32831)</SPAN></SPAN></P><P><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';">Microsoft DirectShow JPEG Parsing Memory Corruption Vulnerability(36396)</SPAN></SPAN></P><P><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';">Microsoft Windows Paint JPEG Integer Overflow Vulnerability(32831)</SPAN></SPAN></P><P></P><P></P><P> PA-3020 log details: </P><P></P><P><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';">actionflags: 0x0<BR /> type: THREAT<BR /> subtype: vulnerability<BR /> config_ver: 1<BR /> time_generated: 2015/02/27 08:10:38</SPAN></P><P><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';">flags: 0x400000<BR /> proto: tcp<BR /> action: alert<BR /> cpadding: 0<BR /> threatid: Microsoft Windows Paint JPEG Integer Overflow Vulnerability(32831)<BR /> category: any<BR /> contenttype: <BR /> behavior: 0x0500000000000000000000000000000000000000000000000000000000000000<BR /> severity: critical<BR /> direction: server-to-client</SPAN></SPAN></P><P><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><BR /></SPAN></SPAN></P><P><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><BR /></SPAN></SPAN></P><P><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><BR /></SPAN></SPAN></P><P><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';">actionflags: 0x0<BR /> type: THREAT<BR /> subtype: vulnerability<BR /> config_ver: 1</SPAN></SPAN></SPAN></P><P><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';">proto: tcp<BR /> action: alert<BR /> cpadding: 0<BR /> threatid: Microsoft DirectShow JPEG Parsing Memory Corruption Vulnerability(36396)<BR /> category: any<BR /> contenttype: <BR /> behavior: 0x0500000000000000000000000000000000000000000000000000000000000000<BR /> severity: critica l<BR /> direction: server-to-client<BR /> misc: </SPAN></SPAN></SPAN></P><P><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><BR /></SPAN></SPAN></P><P><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><BR /></SPAN></SPAN></P><P><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><BR /></SPAN></SPAN></P><P></P><P>Could this be a false positive from PA-3020 ? </P><P></P><P>Has someone seen a similar alert&nbsp; on their Palo Alto firewall ? </P><P></P><P></P><P></P><P>Thank you .</P><P></P><P>Adrian</P><P></P><P></P><P></P><P><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><BR /></SPAN></SPAN></P><P><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><SPAN lang="EN-US" style="font-size: 12.0pt; font-family: 'ＭＳ Ｐゴシック';"><BR /></SPAN></SPAN></P></BODY></HTML> Fri, 06 Mar 2015 08:06:59 GMT https://live.paloaltonetworks.com/t5/general-topics/about-microsoft-vulnerability/m-p/33770#M24780 AdiAINS1982 2015-03-06T08:06:59Z https://live.paloaltonetworks.com/t5/general-topics/about-microsoft-vulnerability/m-p/33771#M24781 <HTML><HEAD></HEAD><BODY><P>Hello Adrian,</P><P></P><P>It looks, the server response is matchingwith PAN firewall's signature database. The direction of the Vulnerability is showing "server-to-Client".</P><P></P><P>You may check the details of those individual threatID from: <A href="https://threatvault.paloaltonetworks.com/" title="https://threatvault.paloaltonetworks.com/">https://threatvault.paloaltonetworks.com/</A></P><P></P><P>A reference document for threat log direction <A href="https://live.paloaltonetworks.com/docs/DOC-1140">Threat Logs Show Inverted/Reversed Direction for Source and Destination IP Addresses</A></P><P></P><P>Hope this helps.</P><P></P><P>Thanks</P></BODY></HTML> Fri, 06 Mar 2015 09:15:47 GMT https://live.paloaltonetworks.com/t5/general-topics/about-microsoft-vulnerability/m-p/33771#M24781 HULK 2015-03-06T09:15:47Z https://live.paloaltonetworks.com/t5/general-topics/about-microsoft-vulnerability/m-p/33772#M24782 <HTML><HEAD></HEAD><BODY><P>Also bear in mind that with server to client vulnerability signature this could be triggered by an attempt by the outside client to use the exploit to compromise the server.&nbsp; Thus you would not find anything on the server itself but should try to identify the client side of the transaction.</P></BODY></HTML> Sat, 07 Mar 2015 12:35:28 GMT https://live.paloaltonetworks.com/t5/general-topics/about-microsoft-vulnerability/m-p/33772#M24782 pulukas 2015-03-07T12:35:28Z