- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-18-2012 08:53 AM
Is there a signature for the new IE 0 day yet?
There is a metasploit module out so.. that means there a working exploit 'in the wild' to base a sig on...
Normally I find the CVE and then look it up in Threat Vault which will give me the threats version number (eg: 839-1155) that I can confirm is installed on my FW.
However this time, I cant find a CVE number so Im asking here.
Thanks
09-18-2012 10:38 AM
We will be releasing a signature in this evenings content update329 with threat id's 35017 and 35018
09-18-2012 10:38 AM
We will be releasing a signature in this evenings content update329 with threat id's 35017 and 35018
09-18-2012 05:32 PM
Has this update been made generally available yet?
Jason
09-18-2012 10:19 PM
I received the release notes of update 329 already. But we don not get the update itself... We tried with manual download and with scheduled download on the firewall. But the latest we get is 328? When will the 329 be available for download?
09-18-2012 10:36 PM
The update mail arrived 8 hours ago but I still dont see it in the dynamic updates section at https://support.paloaltonetworks.com (when logged in) - only previous versions (328 and older) is currently available.
09-18-2012 11:01 PM
Same here, Content update 329 was announced through email, but it's still not available on the support download page nor through the automatic update of the Firewall.
Our customers are waiting since the latest IE vuln. CVE-2012-4969 makes quite some noise in the media.
09-18-2012 11:15 PM
Hi everybody,
when looking into the dynamic updates section via https://support.paloaltonetworks.com I do not see update 329, yet. 328 is the latest named one.
In Panorama I do not see availability of 329 as well.
The PA's itself have already updated to 329-1511! Looking into the release news (direct link using webGUI):
Default-action 35017: reset-client
Default-action 35018: alert
09-18-2012 11:29 PM
That's hard to believe. I just forced an update check by hitting the check now button on the dyn. updates page of the FW. Still showing 328 as the latest one...
Can you send a screenshot ?
09-18-2012 11:47 PM
I have the same problem. But a lot crazier. We have one Cluster and one Device has the new 329 and one is still on 328. And when i perform a check the Box still say that 328 is the latest release. One Box performs the update at 1am (Version 329) and one at 2am (Version 328).
09-18-2012 11:54 PM
Could it be some issue with the update servers?
The ip was recently changed and perhaps the new (or old) server(s) didnt get the update as it should and by that customers (or support.paloaltonetworks.com for that case) doesnt see or have the latest update available?
Because at least I would expect that when the mail is sent (or arrived 🙂 the update should be available on the updateservers (and in support.paloaltonetworks.com).
09-18-2012 11:58 PM
Heard about the IP change of the update servers, but ignored it.
We've been using updates.paloaltonetworks.com in our PAs in the past as well as today.
If I had faced update problems, I would have spend some time on hardcoding update IPs.
P.S.: I don't see 329-1511 in Panorama at all, too. As mentioned before.
09-19-2012 12:04 AM
Content version 329-1511 had to be pulled due to a unexpected problems. An Emergency update containing the IE 0 day fix will be released soon.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!