RELEASE NOTES FOR UPDATE PACKAGE 1216-5242

RELEASE DATE:    Friday January 17, 2020
MD5 CHECKSUM:    85c158b01c23d2c202de0d656f6d7119
SHA1 CHECKSUM:    6a2e4f221742cee46dfabcc04081dc99082733e3
SHA256 CHECKSUM:    4c68c68e998c729bea80c13079d00879f0d14fbcc7a4e5414d605b9971f3df89

UPDATE CRITICALITY:    HIGH

MINIMUM SOFTWARE VERSIONS
- Forcepoint NGFW Security Management Center:    5.10.1.10027
- Forcepoint NGFW:    5.5.1.9848

This update package improves the detection capabilities of the Forcepoint NGFW system.

List of detected attacks in this update package:
Risk levelDescriptionReferenceVulnerability
High     An attempt to exploit a vulnerability in Microsoft Windows detected     CVE-2020-0601     Microsoft-Windows-CryptoAPI-Spoofing-Vulnerability
High     An attempt to exploit a vulnerability in Oracle JDeveloper ADF Faces detected     CVE-2019-2904     Oracle-JDeveloper-ADF-Faces-Insecure-Deserialization
High     An attempt to exploit a vulnerability in Microsoft Office SharePoint Server detected.     CVE-2019-1070     Microsoft-Office-SharePoint-Server-Cross-Site-Scripting
High     An attempt to exploit a vulnerability in ELOG Project ELOG detected     CVE-2019-3995     Elog-Project-Elog-Show_Uploader_JSON-Null-Pointer-Dereference
High     An attempt to exploit a vulnerability in Microsoft Internet Explorer detected     CVE-2019-1429     Microsoft-Internet-Explorer-toJSON-Use-After-Free

Detected Attacks
Other Changes

DETECTED ATTACKS

NEW DETECTED ATTACKS:

HTTP Client Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Oracle-JDeveloper-ADF-Faces-Insecure-Deserialization CVE-2019-2904 HTTP_CS-Oracle-JDeveloper-ADF-Faces-Insecure-Deserialization Potential Compromise

HTTP Normalized Request-Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Microsoft-Office-SharePoint-Server-Cross-Site-Scripting CVE-2019-1070 HTTP_CRL-Microsoft-Office-SharePoint-Server-Cross-Site-Scripting Suspected Compromise
High Elog-Project-Elog-Show_Uploader_JSON-Null-Pointer-Dereference CVE-2019-3995 HTTP_CRL-Elog-Project-Elog-Show_Uploader_JSON-Null-Pointer-Dereference Suspected Compromise

TLS Server Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Microsoft-Windows-CryptoAPI-Spoofing-Vulnerability CVE-2020-0601 TLS_SS-Microsoft-Windows-CryptoAPI-Spoofing-Vulnerability Suspected Compromise

Text File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Microsoft-Internet-Explorer-toJSON-Use-After-Free CVE-2019-1429 File-Text_Microsoft-Internet-Explorer-toJSON-Use-After-Free Potential Compromise

LIST OF OTHER CHANGES

NEW OBJECTS:
TypeName
CategoryOracle JDeveloper
CategoryELOG
IPListAmazon_ROUTE53_HEALTHCHECKS_ap-south-1
IPListAmazon_ROUTE53_HEALTHCHECKS_ap-northeast-2
IPListAmazon_ROUTE53_HEALTHCHECKS_eu-west-3
IPListAmazon_ROUTE53_HEALTHCHECKS_us-east-2
IPListAmazon_ROUTE53_HEALTHCHECKS_me-south-1
IPListAmazon_ROUTE53_HEALTHCHECKS_eu-north-1
IPListAmazon_ROUTE53_HEALTHCHECKS_eu-west-2
IPListAmazon_ROUTE53_HEALTHCHECKS_eu-central-1
IPListAmazon_ROUTE53_HEALTHCHECKS_ca-central-1
IPListAmazon_ROUTE53_HEALTHCHECKS_ap-east-1
IPListAmazon_ROUTE53_HEALTHCHECKS_ap-northeast-3
UPDATED OBJECTS:
TypeNameChanges
Network ElementTOR exit nodes
IPListAmazon_EC2_ca-central-1
IPListAmazon_EC2_me-south-1
IPListAmazon_EC2_ap-southeast-1
IPListAmazon_ROUTE53_HEALTHCHECKS_us-west-1
IPListAmazon_EC2_ap-southeast-2
IPListAmazon_AMAZON_ap-northeast-2
IPListAmazon_EC2_us-east-1
IPListAmazon_AMAZON_eu-west-2
IPListAmazon_EC2_eu-west-1
IPListAmazon_ROUTE53_HEALTHCHECKS_ap-northeast-1
IPListAmazon_AMAZON_us-east-1
IPListAmazon_EC2_eu-west-3
IPListAmazon_API_GATEWAY_us-west-1
IPListAmazon_AMAZON_me-south-1
IPListAmazon_AMAZON_us-west-2
IPListAmazon_EC2_ap-south-1
IPListAmazon_AMAZON_ca-central-1
IPListAmazon_AMAZON_eu-central-1
IPListAmazon_ROUTE53_HEALTHCHECKS_ap-southeast-1
IPListAmazon_EC2_eu-north-1
IPListAmazon_EC2_eu-central-1
IPListAmazon_EC2_ap-northeast-3
IPListAmazon_ROUTE53_HEALTHCHECKS_us-west-2
IPListAmazon_AMAZON_eu-west-1
IPListAmazon_AMAZON_ap-east-1
IPListAmazon_AMAZON_eu-north-1
IPListAmazon_ROUTE53_HEALTHCHECKS_us-east-1
IPListAmazon_ROUTE53_HEALTHCHECKS_sa-east-1
IPListAmazon_AMAZON_us-west-1
IPListAmazon_EC2_ap-northeast-2
IPListAmazon_AMAZON_ap-south-1
IPListAmazon_AMAZON_ap-southeast-2
IPListAmazon_EC2_ap-northeast-1
IPListAmazon_EC2_us-west-2
IPListAmazon_ROUTE53_HEALTHCHECKS_ap-southeast-2
IPListAmazon_AMAZON_sa-east-1
IPListAmazon_EC2_ap-east-1
IPListAmazon_EC2_eu-west-2
IPListAmazon_AMAZON_ap-northeast-3
IPListAmazon_AMAZON_eu-west-3
IPListAmazon_EC2_us-west-1
IPListAmazon_EC2_us-east-2
IPListAmazon_AMAZON_us-east-2
IPListAmazon_EC2_sa-east-1
IPListAmazon_ROUTE53_HEALTHCHECKS_eu-west-1
IPListAmazon_AMAZON_ap-northeast-1
IPListAmazon_AMAZON_ap-southeast-1
IPListAmazon_API_GATEWAY
IPListTOR relay nodes IP Address List
IPListAmazon_EC2
IPListTOR exit nodes IP Address List
IPListAmazon_ROUTE53_HEALTHCHECKS
IPListAmazon_AMAZON

ACTIVATING THE UPDATE PACKAGE

1.    Ensure that the SHA256 checksum of the update package are correct.
2.    Open Admin Tools in the SMC GUI client.
3.    Right-click on the Updates folder and select "Import Update Packages".
4.    Right-click on the imported package and select Activate.
5.    Reinstall the system policy to take the changes into use. Custom policies may require manual updating.

DISCLAIMER AND COPYRIGHT

The information in this document is provided only for educational purposes and for the convenience of Forcepoint customers. The information contained herein is subject to change without notice, and is provided "AS IS" without guarantee or warranty as to the accuracy or applicability of the information to any specific situation, circumstance, or system configuration - use at your own risk. Forcepoint does not warrant or endorse any third-party products described herein. Forcepoint™ is a trademark of Forcepoint, LLC. SureView®, ThreatSeeker®, Triton®, Sidewinder®, and Stonesoft® are registered trademarks of Forcepoint, LLC. Raytheon® is a registered trademark of Raytheon Company. All other trademarks and registered trademarks are the property of their respective owners. Copyright © 2000-2020 Forcepoint LLC. All rights reserved.