Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

CVE-2020-1472 IPS Signatures

  • 1.  CVE-2020-1472 IPS Signatures

    Posted Sep 15, 2020 07:54 AM

    Hi

    Is Broadcom working on an IPS signature for CVE-2020-1472? It was not listed in the latest Symantec response to  Microsoft Monthly Security bulletins.

    Symantec Endpoint Response to Microsoft Monthly Security Bulletins



    NVD



    ------------------------------
    Syscom AS
    ------------------------------


  • 2.  RE: CVE-2020-1472 IPS Signatures

    Broadcom Employee
    Posted Sep 15, 2020 10:26 AM

    Hello Torb, 

    Coverage does not exist as it is deemed not feasible at this point.

    We suggest applying the patch as soon as you can.

    Thanks,



    ------------------------------
    John Owens
    Principal Product Support
    Symantec
    United States
    ------------------------------

    Original Message


  • 3.  RE: CVE-2020-1472 IPS Signatures

    Broadcom Employee
    Posted Sep 16, 2020 10:04 AM
    Update to this:  

    Symantec is investigating the possibility of IPS coverage for CVE-2020-1472. There is no ETA on when this investigation will be complete. Our suggestion is to patch as quickly as possible. I will update this thread once the investigation is complete.

    ------------------------------
    John Owens
    Principal Product Support
    Symantec
    United States
    ------------------------------

    Original Message


  • 4.  RE: CVE-2020-1472 IPS Signatures

    Posted Sep 16, 2020 11:35 AM

    Hi John

     

    Do you perhaps know if there will be coverage for CVE-2020-1596 as well ?

     




    Original Message


  • 5.  RE: CVE-2020-1472 IPS Signatures

    Broadcom Employee
    Posted Sep 16, 2020 12:56 PM

    Hi Hendrikvr123,

    I am not aware of anything for  CVE-2020-1596

    Thanks,



    ------------------------------
    John Owens
    Principal Product Support
    Symantec
    United States
    ------------------------------

    Original Message


  • 6.  RE: CVE-2020-1472 IPS Signatures

    Posted Sep 21, 2020 08:35 AM

    Hi John,

    Please confirm if Symantec releases signature / definition for     CVE-2020-1472 IPS Signatures


    Original Message


  • 7.  RE: CVE-2020-1472 IPS Signatures

    Broadcom Employee
    Posted Sep 21, 2020 12:53 PM
    I will have an update on this later this afternoon.

    ------------------------------
    John Owens
    Principal Product Support
    Symantec
    United States
    ------------------------------

    Original Message


  • 8.  RE: CVE-2020-1472 IPS Signatures

    Broadcom Employee
    Posted Sep 22, 2020 10:50 AM
    We will be releasing IPS signature 32577 (OS Attack: Microsoft Netlogon CVE-2020-1472) today. As soon as I have confirmation of it being released and what revision I will post an update here.

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Enterprise Division (SED)
    Symantec
    United States
    ------------------------------

    Original Message


  • 9.  RE: CVE-2020-1472 IPS Signatures
    Best Answer

    Broadcom Employee
    Posted Sep 22, 2020 06:20 PM
    Hello. Looks like 09/22/20 rev 061 has posted for all versions. This will include IPS signature 32577 (OS Attack: Microsoft Netlogon CVE-2020-1472). 




    Original Message


  • 10.  RE: CVE-2020-1472 IPS Signatures

    Posted Oct 06, 2020 12:47 PM
    Any coverage from SEP/SONAR?
    Original Message


  • 11.  RE: CVE-2020-1472 IPS Signatures

    Broadcom Employee
    Posted Oct 06, 2020 12:48 PM
    No. Only IPS.  The others were not feasible for this exploit.

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Enterprise Division (SED)
    Symantec
    United States
    ------------------------------

    Original Message


  • 12.  RE: CVE-2020-1472 IPS Signatures

    Posted Nov 08, 2020 06:02 PM
    Hi John,

    May I know IPS signature 32577 (OS Attack: Microsoft Netlogon CVE-2020-1472) is it released?
    Where can I find the IPS Signatures on my SEPM ?
    Thank you.
    Original Message


  • 13.  RE: CVE-2020-1472 IPS Signatures

    Broadcom Employee
    Posted Nov 09, 2020 11:30 AM
    Yes. It was released in 09/22/20 rev 061 IPS Content back in September.

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Enterprise Division (SED)
    Symantec
    United States
    ------------------------------

    Original Message