04-28-2014 02:09 AM
Hello
Id like to share with You (sad) news about IE http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-v...
and response from Microsoft https://technet.microsoft.com/library/security/2963983
This is probably will be first issiue on Windows XP that will be never patched.
We are wating for 433 Thread prevention update ... I hope it will be realeased soon as a emergency update.
Regards
Slawek
04-28-2014 08:37 AM
Coverage to be provided in version 433
-Renato
04-28-2014 12:06 PM
Possible Emergency update. Will update thread accordingly.
04-28-2014 01:40 PM
Update is ready to dwonload!
04-28-2014 06:42 PM
slv wrote:
Hello
Id like to share with You (sad) news about IE http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-v...
and response from Microsoft https://technet.microsoft.com/library/security/2963983
This is probably will be first issiue on Windows XP that will be never patched.
We are wating for 433 Thread prevention update ... I hope it will be realeased soon as a emergency update.
Regards
Slawek
I'd like to point out that you can move towards mitigating this, even on XP, by installing EMET on your PC (http://support.microsoft.com/kb/2458544)
This allows you to "sandbox" critical processes (in this case, IE) from being exploited by this bug.
It's not perfect, but coupled with the content release by PA, you can certainly minimise your risk should you be in a position (like me) where you simply can't get rid of XP (completely) for whatever reason.
04-30-2014 01:57 PM
Palo Alto newbie here. If the signature has been downloaded and installed(we have threat prevention) with the default action of reset-client, does that mean my "inside" machines are protected from the exploit?
04-30-2014 03:46 PM
Hello ICarder,
Yes, if the default action is "reset-client", then PAN firewall will drop the connection and end machines are protected from the exploit.
Thanks
05-01-2014 06:10 AM
So how can you identify if the zero day is in your network? What is the remidiation for it and does the PA just alert for it or remove it?
05-01-2014 08:22 PM
As soon as PAN firewall will identify the signature of that packet, it will reset ( send TCP RST) the connection ( drop the collection). Also you will be able to see the same information under threat logs.
Thanks
05-03-2014 02:34 AM
Microsoft made a patch for XP http://blogs.technet.com/b/microsoft_blog/archive/2014/05/01/updating-internet-explorer-and-driving-... for this 0-day!
05-03-2014 09:27 AM
I'd like to create a custom app-ID signature to allow me to block all use of IE on the network... I'm having trouble with the regex for the user-agent string... anyone care to help? :smileyblush:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
