Internet Explorer 0 Day - Sept 17, 2012

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Internet Explorer 0 Day - Sept 17, 2012

L3 Networker

Is there a signature for the new IE 0 day yet?

There is a metasploit module out so.. that means there a working exploit 'in the wild' to base a sig on...

Normally I find the CVE and then look it up in Threat Vault which will give me the threats version number (eg: 839-1155) that I can confirm is installed on my FW.

However this time, I cant find a CVE number so Im asking here.

Thanks

1 accepted solution

Accepted Solutions

L4 Transporter

We will be releasing a signature in this evenings content update329 with threat id's 35017 and 35018

View solution in original post

18 REPLIES 18

L4 Transporter

We will be releasing a signature in this evenings content update329 with threat id's 35017 and 35018

thanks!

Has this update been made generally available yet?

Jason

I received the release notes of update 329 already. But we don not get the update itself... We tried with manual download and with scheduled download on the firewall. But the latest we get is 328? When will the 329 be available for download?


The update mail arrived 8 hours ago but I still dont see it in the dynamic updates section at https://support.paloaltonetworks.com (when logged in) - only previous versions (328 and older) is currently available.

Same here, Content update 329 was announced through email, but it's still not available on the support download page nor through the automatic update of the Firewall.

Our customers are waiting since the latest IE vuln. CVE-2012-4969 makes quite some noise in the media.

L0 Member

Hi everybody,

when looking into the dynamic updates section via https://support.paloaltonetworks.com I do not see update 329, yet. 328 is the latest named one.

In Panorama I do not see availability of 329 as well.

The PA's itself have already updated to 329-1511! Looking into the release news (direct link using webGUI):

https://updates.paloaltonetworks.com/updates/ReleaseNotes.aspx?type=si&versionNumber=329-1511&conten...

https://updates.paloaltonetworks.com/updates/ReleaseNotes.aspx?type=si&versionNumber=329-1511&conten...

Default-action 35017: reset-client

Default-action 35018: alert

That's hard to believe. I just forced an update check by hitting the check now button on the dyn. updates page of the FW. Still showing 328 as the latest one...

Can you send a screenshot ?

PA01.png

I have the same problem. But a lot crazier. We have one Cluster and one Device has the new 329 and one is still on 328. And when i perform a check the Box still say that 328 is the latest release. One Box performs the update at 1am (Version 329) and one at 2am (Version 328).

Pff, photoshoped 😉

Could it be some issue with the update servers?

The ip was recently changed and perhaps the new (or old) server(s) didnt get the update as it should and by that customers (or support.paloaltonetworks.com for that case) doesnt see or have the latest update available?

Because at least I would expect that when the mail is sent (or arrived 🙂 the update should be available on the updateservers (and in support.paloaltonetworks.com).

Heard about the IP change of the update servers, but ignored it.

We've been using updates.paloaltonetworks.com in our PAs in the past as well as today.

If I had faced update problems, I would have spend some time on hardcoding update IPs.

P.S.: I don't see 329-1511 in Panorama at all, too. As mentioned before.

L3 Networker

Content version 329-1511 had to be pulled due to a unexpected problems. An Emergency update containing the IE 0 day fix will be released soon.

  • 1 accepted solution
  • 6997 Views
  • 18 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!