This update package improves the detection capabilities of the Forcepoint NGFW system.
| RELEASE DATE: | Thursday March 26, 2020 |
| MD5 CHECKSUM: | 9a2499a19abd6c4e09f7888665b8aa21 |
| SHA1 CHECKSUM: | 2f2b14edcbe7590787910df94aefb88316230d59 |
| SHA256 CHECKSUM: | b2937355fb57c531e9935988d0b0e9611c4f68fa66b5f5218697929bce1e5b2f |
UPDATE CRITICALITY: MODERATE
MINIMUM SOFTWARE VERSIONS
| - Forcepoint NGFW Security Management Center: | 5.10.1.10027 |
| - Forcepoint NGFW: | 5.5.1.9848 |
Jump to: Detected Attacks Other Changes
DETECTED ATTACKS
Updated detected attacks:
HTTP Normalized Request-Line
| Risk | Vulnerability/Situation | References | Related Fingerprint | Situation Type | Change Description |
|---|
| High |
Microsoft-Exchange-Validation-Key-Remote-Code-Execution |
CVE-2020-0688 |
HTTP_CRL-Microsoft-Exchange-Validation-Key-Remote-Code-Execution |
Suspected Compromise |
| Category tag situation Suspected Compromise added |
| Category tag situation Potential Compromise removed |
|
LIST OF OTHER CHANGES:
Updated objects:
| Type | Name | Changes |
|---|
| Network Element | TOR exit nodes |
|
| Situation | Analyzer_Microsoft-Windows-HTTP2-Window_Update-Flood-Denial-of-Service |
| Severity: 7->5 |
| Description has changed |
| Category tag situation Potential Denial of Service added |
| Category tag situation Suspected Compromise removed |
| Parameter alarm_threshold changed |
|
| Situation | Analyzer_Microsoft-Windows-HTTP2-Resource-Loop-Denial-Of-Serice |
| Parameter alarm_threshold changed |
|
| Situation | Analyzer_Microsoft-Windows-HTTP2-Reset-Flood-Denial-of-Service |
| Parameter alarm_threshold changed |
|
| Situation | Analyzer_Microsoft-Windows-HTTP2-Ping-Flood-Denial-of-Service |
| Parameter alarm_threshold changed |
|
| IPList | Amazon AMAZON eu-west-2 |
|
| IPList | Amazon AMAZON cn-northwest-1 |
|
| IPList | Amazon AMAZON eu-central-1 |
|
| IPList | Amazon EC2 cn-northwest-1 |
|
| IPList | TOR relay nodes IP Address List |
|
| IPList | Amazon EC2 |
|
| IPList | Microsoft Office 365 Skype for Business Online and Microsoft Teams |
|
| IPList | TOR exit nodes IP Address List |
|
| IPList | Amazon AMAZON |
|
ACTIVATING THE UPDATE PACKAGE
- Ensure that the SHA256 checksum of the update package are correct.
- Open Admin Tools in the SMC GUI client.
- Right-click on the Updates folder and select "Import Update Packages".
- Right-click on the imported package and select Activate.
- Reinstall the system policy to take the changes into use. Custom policies may require manual updating.
DISCLAIMER AND COPYRIGHT
The information in this document is provided only for educational purposes and for the convenience of Forcepoint customers. The information contained herein is subject to change without notice, and is provided "AS IS" without guarantee or warranty as to the accuracy or applicability of the information to any specific situation, circumstance, or system configuration - use at your own risk. Forcepoint does not warrant or endorse any third-party products described herein.
Forcepoint™ is a trademark of Forcepoint, LLC. SureView®, ThreatSeeker®, Triton®, Sidewinder®, and Stonesoft® are registered trademarks of Forcepoint, LLC. Raytheon® is a registered trademark of Raytheon Company. All other trademarks and registered trademarks are the property of their respective owners.
Copyright © 2000-2020 Forcepoint LLC. All rights reserved.