Internet Explorer 0 Day - Sept 17, 2012

Reply
Not applicable

Re: Internet Explorer 0 Day - Sept 17, 2012

I have the same problem. But a lot crazier. We have one Cluster and one Device has the new 329 and one is still on 328. And when i perform a check the Box still say that 328 is the latest release. One Box performs the update at 1am (Version 329) and one at 2am (Version 328).

L6 Presenter

Re: Internet Explorer 0 Day - Sept 17, 2012

Pff, photoshoped ;-)

L6 Presenter

Re: Internet Explorer 0 Day - Sept 17, 2012

Could it be some issue with the update servers?

The ip was recently changed and perhaps the new (or old) server(s) didnt get the update as it should and by that customers (or support.paloaltonetworks.com for that case) doesnt see or have the latest update available?

Because at least I would expect that when the mail is sent (or arrived :-) the update should be available on the updateservers (and in support.paloaltonetworks.com).

L0 Member

Re: Internet Explorer 0 Day - Sept 17, 2012

Heard about the IP change of the update servers, but ignored it.

We've been using updates.paloaltonetworks.com in our PAs in the past as well as today.

If I had faced update problems, I would have spend some time on hardcoding update IPs.

P.S.: I don't see 329-1511 in Panorama at all, too. As mentioned before.

Highlighted
L3 Networker

Re: Internet Explorer 0 Day - Sept 17, 2012

Content version 329-1511 had to be pulled due to a unexpected problems. An Emergency update containing the IE 0 day fix will be released soon.

Not applicable

Re: Internet Explorer 0 Day - Sept 17, 2012

update 330-1516 available now

L4 Transporter

Re: Internet Explorer 0 Day - Sept 17, 2012

Thanks, downloaded and installed just fine !

L0 Member

Re: Internet Explorer 0 Day - Sept 17, 2012

Hi everybody,

thanks for the update. Anyway, I've got a question: Why are there two threat-ids obviously covering the same vulnerability? How do they differ and how do I have to interpret the different default actions?

The background of my question is that I'm not really sure what will happen if the vulnerability protection profile is configured to apply the "default" action for all "critical" threats --> will it execute "reset-client" or only "alert" or both?

PS: Sorry for asking, I'm aware that maybe this is a (dumb) newbie question...

L6 Presenter

Re: Internet Explorer 0 Day - Sept 17, 2012

Good question...

My current guess is that both will fire since they have the same info:

https://threatvault.paloaltonetworks.com/Home/ThreatDetail/35017

https://threatvault.paloaltonetworks.com/Home/ThreatDetail/35018

so first it will reset-client and then it will log (alert)... but that sounds odd because if default action is reset-client then logging is included in that - isnt it?

Or if someone wants just to monitor/log if/when such packets are seen then they would set this manually to alert wouldnt they?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!