Skip main navigation (Press Enter).

Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

SEP coverage for CVE-2020-0796

ins007Mar 12, 2020 09:48 PM

Hi All, Any idea on the coverage details, can see new Liveupdate per below OS Attack: Microsoft Server ...

John OwensMar 13, 2020 01:45 PM

Currently, IPS signatures only. The attack method does not lend itself to generic exploit AV signatures, ...

1. SEP coverage for CVE-2020-0796

Recommend
ins007
Posted Mar 12, 2020 09:48 PM

Reply Reply Privately
Hi All,

Any idea on the coverage details, can see new Liveupdate per below

OS Attack: Microsoft Server Message Block RCE CVE-2020-0796

https://www.broadcom.com/support/security-center/securityupdates/detail?fid=sep&pvid=sep14&year=2020&suid=CIDS_Enterprise_SEP_14-SU817-20200311.061

Thanks
2. RE: SEP coverage for CVE-2020-0796

Recommend
Broadcom Employee

John Owens
Posted Mar 13, 2020 01:45 PM

Reply Reply Privately
Currently, IPS signatures only. The attack method does not lend itself to generic exploit AV signatures, though research will continue

Sig ID 32098 (OS Attack: Microsoft Server Message Block RCE CVE-2020-0796) - blocking signature released in SU 817 - 20200311.061

Sig ID 32099 (Audit: Microsoft Compressed SMB Packet) - audit signature released in SU 817 - 20200311.061

There are no reports indicating that this vulnerability is being exploited in the wild.

I believe MS released a patch for this yesterday as well.

------------------------------
John Owens
Principal Product Support
Symantec
United States
------------------------------

Original Message

Copyright 2019. All rights reserved.

Powered by Higher Logic

Global message icon