Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AKrause
Contributor

Created on ‎09-19-2012 01:45 AM

IPS signatures for IE vulnerability

Hello, are there any Fortiguard IPS signatures, which address the recent vulnerability in Microsoft Internet Explorer? http://technet.microsoft.com/en-us/security/advisory/2757760 best regards Andreas
2884
0 Kudos
7 REPLIES 7
AKrause
Contributor

Created on ‎09-19-2012 05:09 AM

news from the front: appropriate signature MS.IE.execCommand.Use.After.Free will be released in next IPS signature package (version 3.237).
1514
0 Kudos
RH2
New Contributor II

Created on ‎09-19-2012 04:23 PM

Be aware the default action is " allow"
1514
0 Kudos
AKrause
Contributor

Created on ‎09-20-2012 12:33 AM

Is there any site to test the effectiveness of this pattern?
1514
0 Kudos
uhchelpdesk
New Contributor
In response to AKrause

Created on ‎09-20-2012 01:54 PM

I too would like to be able to test this IPS signature
1514
0 Kudos
Secure_IT_BE_Nick
New Contributor III

Created on ‎09-21-2012 12:23 AM

Same strange thing here. I can see it in the IPS signatures but no way to enable it in the IPS UTM profile??

[link]https://www.secure-it.be[/link]

[link]https://www.secure-it.be[/link]
1514
0 Kudos
cmberry
New Contributor
In response to Secure_IT_BE_Nick

Created on ‎09-21-2012 05:34 AM

Same strange thing here. I can see it in the IPS signatures but no way to enable it in the IPS UTM profile??
You need to alter an existing or create a new IPS Sensor. Then you add a new IPS filter which includes the signature you are talking about, and change the action to " BLOCK" . UTM Profiles>Intrusion Protection>IPS Sensor>[select a profile from drop down]>create new ips filter>change radio button to " Signature" >type name of IE signature you' re talking about>and change the bullet to " BLOCK' . Make sure to move this filter rule ABOVE/BEFORE the other generic defualt enable, default action rules. Hope this helps!
Preview file
76 KB
1514
0 Kudos
Secure_IT_BE_Nick
New Contributor III

Created on ‎10-04-2012 02:28 AM

isting or create a new IPS Sensor. Then you add a new IPS filter which includes the signature you are talking about, and change the action to " BLOCK" . UTM Profiles>Intrusion Protection>IPS Sensor>[sel
Thx, still raises the question why this wasn' t blocked in the first place...

[link]https://www.secure-it.be[/link]

[link]https://www.secure-it.be[/link]
1514
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.