Endpoint Protection

Expand all | Collapse all

CVE-2020-1472 IPS Signatures

Jump to Best Answer
  • 1.  CVE-2020-1472 IPS Signatures

    Posted 09-15-2020 07:54 AM

    Hi

    Is Broadcom working on an IPS signature for CVE-2020-1472? It was not listed in the latest Symantec response to  Microsoft Monthly Security bulletins.

    Symantec Endpoint Response to Microsoft Monthly Security Bulletins



    NVD



    ------------------------------
    Syscom AS
    ------------------------------


  • 2.  RE: CVE-2020-1472 IPS Signatures

    Broadcom Employee
    Posted 09-15-2020 10:26 AM

    Hello Torb,

    Coverage does not exist as it is deemed not feasible at this point.

    We suggest applying the patch as soon as you can.

    Thanks,



    ------------------------------
    John Owens
    Principal Product Support
    Symantec
    United States
    ------------------------------



  • 3.  RE: CVE-2020-1472 IPS Signatures

    Broadcom Employee
    Posted 09-16-2020 10:04 AM
    Update to this:

    Symantec is investigating the possibility of IPS coverage for CVE-2020-1472. There is no ETA on when this investigation will be complete. Our suggestion is to patch as quickly as possible. I will update this thread once the investigation is complete.

    ------------------------------
    John Owens
    Principal Product Support
    Symantec
    United States
    ------------------------------



  • 4.  RE: CVE-2020-1472 IPS Signatures

    Posted 09-16-2020 11:35 AM

    Hi John

     

    Do you perhaps know if there will be coverage for CVE-2020-1596 as well ?

     






  • 5.  RE: CVE-2020-1472 IPS Signatures

    Broadcom Employee
    Posted 09-16-2020 12:56 PM

    Hi Hendrikvr123,

    I am not aware of anything for  CVE-2020-1596

    Thanks,



    ------------------------------
    John Owens
    Principal Product Support
    Symantec
    United States
    ------------------------------



  • 6.  RE: CVE-2020-1472 IPS Signatures

    Posted 09-21-2020 08:35 AM

    Hi John,

    Please confirm if Symantec releases signature / definition for
    CVE-2020-1472 IPS Signatures




  • 7.  RE: CVE-2020-1472 IPS Signatures

    Broadcom Employee
    Posted 09-21-2020 12:53 PM
    I will have an update on this later this afternoon.

    ------------------------------
    John Owens
    Principal Product Support
    Symantec
    United States
    ------------------------------



  • 8.  RE: CVE-2020-1472 IPS Signatures

    Broadcom Employee
    Posted 09-22-2020 10:50 AM
    We will be releasing IPS signature 32577 (OS Attack: Microsoft Netlogon CVE-2020-1472) today. As soon as I have confirmation of it being released and what revision I will post an update here.

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Enterprise Division (SED)
    Symantec
    United States
    ------------------------------



  • 9.  RE: CVE-2020-1472 IPS Signatures
    Best Answer

    Broadcom Employee
    Posted 09-22-2020 06:20 PM
    Hello. Looks like 09/22/20 rev 061 has posted for all versions. This will include IPS signature 32577 (OS Attack: Microsoft Netlogon CVE-2020-1472). 






  • 10.  RE: CVE-2020-1472 IPS Signatures

    Posted 10-06-2020 12:47 PM
    Any coverage from SEP/SONAR?


  • 11.  RE: CVE-2020-1472 IPS Signatures

    Broadcom Employee
    Posted 10-06-2020 12:48 PM
    No. Only IPS.  The others were not feasible for this exploit.

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Enterprise Division (SED)
    Symantec
    United States
    ------------------------------



  • 12.  RE: CVE-2020-1472 IPS Signatures

    Posted 11-08-2020 06:02 PM
    Hi John,

    May I know IPS signature 32577 (OS Attack: Microsoft Netlogon CVE-2020-1472) is it released?
    Where can I find the IPS Signatures on my SEPM ?
    Thank you.



  • 13.  RE: CVE-2020-1472 IPS Signatures

    Broadcom Employee
    Posted 11-09-2020 11:30 AM
    Yes. It was released in 09/22/20 rev 061 IPS Content back in September.

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Enterprise Division (SED)
    Symantec
    United States
    ------------------------------