|
|
|
|
|
Microsoft Bulletin Update |
 |
|
|
|
 |
| Providing 24x7x365 remote security management, monitoring, and remediation for today's networks. |
|
| Did you know IPS customers already have Cisco IntelliShield search access? |
 |
| Register your free account here |
|
|
|
|
|
Your feedback makes our bulletin better! Please tell us what you love and what you would change at ips-news@cisco.com.
Please click here to view a web version of this bulletin.
Visit the Cisco Event Response for more information, analysis, and guidance on this month's
Microsoft Security Bulletin Release.
Please click here to download the latest IPS signature update package (sensor only).
Please click here to download the latest Cisco Security Manager (CSM) signature update package.
Download the S668 sensor package (sensor only).
|
Important Notes
|
| |
7.1(6)E4 Service Pack Release NEW
The 7.1(6)E4 service pack reverses the SMB protocol related inspection enhancements delivered as part of 7.1(5)E4 release and also addresses a Signature downgrade issue with SSM platforms.
Additionally, as part of this release new features have been added for HTTP Advanced decoding and Signature threat profiles (Signature templates).
This service pack contains the S648 signature level, but preserves any more recent signature levels installed on your sensor.
Cisco IPS 7.1(6)E4 is supported on the following platforms:
- IPS 4240
- IPS 4255
- IPS 4260
- IPS 4270-20
- IPS 4345
- IPS 4345-DC
- IPS 4360
- ASA 5500 AIP SSM-10
- ASA 5500 AIP SSM-20
- ASA 5500 AIP SSM-40
- ASA 5512-X IPS SSP
- ASA 5515-X IPS SSP
- ASA 5525-X IPS SSP
- ASA 5545-X IPS SSP
- ASA 5555-X IPS SSP
- ASA 5585-X IPS SSP-10
- ASA 5585-X IPS SSP-20
- ASA 5585-X IPS SSP-40
- ASA 5585-X IPS SSP-60
For additional details please see the following link
|
| |
IOS IPS Important Notice - UPDATED
IOS IPS customers running version 12.4T, 15.0M, or 15.1M - a critical software defect has been identified which may cause your router to reload and be stuck in a boot loop if IOS IPS signature version S639 or later is installed on the device. Recovery of impacted devices is possible only via a serial console connection through the device's ROMMON mode. For customers who are using IOS IPS signatures S638 or earlier, there is no issue. Customers wishing to upgrade the IOS IPS signature version to S639 or later must first be running a fixed version of IOS on the device prior to upgrading the IPS signatures. Fixed versions of IOS include: 15.2(4)M, 15.1(3)T4, 15.2(3)T1, 15.1(4)M5, 12.4(24)T8 and later. Please refer to defect CSCtz27137 for additional details and steps to recover impacted devices. If you need further assistance please contact Cisco TAC. |
| |
WARNING: CISCO.COM IP ADDRESS CHANGE IN AUTO UPDATE CONFIGURATION
The 7.0(8)E4 service pack changes the default value of Cisco server IP address from 198.133.219.25 to 72.163.4.161 in the Auto Update URL configuration. Firewall rules may need to be updated to allow sensor connectivity to this new IP Address if the Cisco.com Auto Updates have been configured on your sensor. |
| |
| |
| |
Supported Sensor Software Versions
|
Signature updates are currently tested on the following sensor software releases according to the terms
defined in the End-of-Sale Policy for Signature File Release on Intrusion Detection and Prevention (IDS/IPS) Sensors:
6.0(6) (Released: 29/MAR/2010)
6.2(4) (Released: 27/JUN/2011)
7.0(6) (Released: 13/SEP/2011) (upgrade soon!)
7.0(7) (Released: 31/JAN/2012) (upgrade soon!)
7.0(8) (Released: 29/MAY/2012) (new!)
7.1(3) (Released: 06/DEC/2011) (upgrade soon!)
7.1(4) (Released: 05/MAR/2012) (upgrade soon!)
7.1(5) (Released: 16/JUL/2012) (upgrade soon!)
7.1(6) (Released: 04/SEP/2012) (new!)
Please upgrade to one of these sensor software versions to ensure correct sensor operation and effective signature coverage.
|
|
| Release S668 - September 18, 2012 |
Release Summary
|
New Vulnerability and Exploit Protections
Microsoft Internet Explorer img Tag Processing Arbitrary Code Execution Vulnerability
Vulnerability Disclosed: 9/17/2012, CVSS Base: 6.8, Temporal: 5.8
Microsoft Internet Explorer contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
The vulnerability is due to an unspecified error in the way the affected software processes img arrays. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious website. If successful, the attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the user.
Functional code that demonstrates an exploit of this vulnerability is publicly available.
Microsoft has not confirmed the vulnerability and software updates are not available.
|
| |
| |
| |
* Inline sensor with Event Action Override set to "deny-packet-inline" at Risk Rating 90 (Cisco default configuration)
|
|
Sensor Update Information
|
Signature Updates
Signature updates may be downloaded automatically by Cisco Security Manager (CSM), IPS Manager Express (IME) and Cisco Security Monitoring, Analysis, and Response System (CS-MARS). The following links are for manual downloads.
Sensor Appliance Updates
IPS 4200-series sensors, IPS 4300-series sensors, IDSM2 Catalyst module, AIM-IPS module, ASA-AIP IPS modules
IOS IPS Updates
IOS IPS in Mainline and T-Train Releases prior to 12.4(11)T (Includes NEW Basic and Advanced Set)
IOS IPS in 12.4(11)T or later T-Train |
Cisco.com FTP Access Change
Cisco will no longer be distributing software that requires a contract or login credentials via ftp.cisco.com from October 2010. Most IPS users will not be affected unless you have manually configured this to download from ftp.cisco.com.
IPS software and signature updates will continue to be available from Cisco.com. These can be retrieved using the built-in authenticated download capabilities in the IDM, IME, MARS and CSM management and monitoring applications or manually from the Software Download area on Cisco.com. Please see the FAQ for more information on manually downloading updates from the Software Download area.
Please direct any questions or concerns regarding this change to ftp_download_feedback@cisco.com.
|
New Product Announcements
|
End of Life and End of Sale Announcements
|
Security Research Library
|
Increase your knowledge of today's vulnerabilities, tomorrow's threats, and the technology necessary to keep up.
Cisco Security Intelligence Operations
Comprehensive threat intelligence, analysis, and defense to help inform and protect organizations. |
Cyber Risk Reports
Weekly strategic intelligence product that highlights current security activity and mid- to long-range perspectives, also available as a podcast.  |
Cisco IntelliShield Alerts
Up-to-the-minute, actionable intelligence, in-depth vulnerability analysis, and highly reliable threat validation to assist in proactive prevention. |
Cisco Applied Mitigation Bulletins
Techniques that use Cisco product abilities to detect and mitigate the most important security events and vulnerabilities. |
Virus Watch
Current virus trends from SenderBase © |
Spam Watch
Current spam trends from SenderBase © |
Security Multimedia Library
Podcasts, video datasheets, webcasts and videos with solutions for today's problems. |
Cisco Security Intelligence Operations Best Practices
Guidance on specific technologies and problem sets to help organizations secure business applications and processes by identifying, preventing, and adapting to threats. |
Cisco Security Services
Professional services to support your Self-Defending Network. |
Cisco Security Solutions
Discover the breadth of Cisco solutions available to solve your organization's security issues. |
Cisco Security Blog
Collaborate with the Cisco Security Community and gain insights into emerging security threats, trends, and best practices.
|
|
|
|
This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document or materials linked from the document is at your own risk. Cisco reserves the right to change or update this document at any time.
Contacts | Feedback | Subscribe | Unsubscribe
Terms & Conditions | Privacy Statement | Trademarks of Cisco Systems Inc.
© 1992-2012 Cisco Systems Inc. All rights reserved.
|
|
|
