Release notes for update package 1824-5242

This update package improves the detection capabilities of the Forcepoint NGFW system.

RELEASE DATE:    Tuesday January 14, 2025
MD5 CHECKSUM:    5761e81b41fe8e56561ecbc6d98cb683
SHA1 CHECKSUM:    43fe38f8b04e21e0709b9f1ced77d94fdc347d10
SHA256 CHECKSUM:    5abe1752bba39d324ffd1f62b4b889e93a9b603fa81b70db3cc2a86945de4ad9


UPDATE CRITICALITY:    HIGH

MINIMUM SOFTWARE VERSIONS
- Forcepoint NGFW Security Management Center:    6.10.1.11125
- Forcepoint NGFW:    6.8.1.24103

List of detected attacks in this update package:

Risk levelDescriptionReferenceVulnerability
High     An attempt to exploit a vulnerability in Microsoft Office detected     CVE-2025-21365     Microsoft-Office-Remote-Code-Execution-CVE-2025-21365
High     An attempt to exploit a vulnerability in Microsoft Windows detected     CVE-2025-21269     Windows-HTML-Platforms-Security-Feature-Bypass-CVE-2025-21269
High     An attempt to exploit a vulnerability in Microsoft Windows detected     CVE-2025-21269     Windows-HTML-Platforms-Security-Feature-Bypass-CVE-2025-21269
High     An attempt to exploit a vulnerability in Microsoft Windows detected     CVE-2025-21268     Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21268
High     An attempt to exploit a vulnerability in Microsoft Windows detected     CVE-2025-21219     Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21219
High     An attempt to exploit a vulnerability in Microsoft Windows detected     CVE-2025-21219     Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21219
High     An attempt to exploit a vulnerability in Microsoft Windows detected     CVE-2025-21219     Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21219
High     An attempt to exploit a vulnerability in Microsoft Windows detected     CVE-2025-21189     Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21189
High     An attempt to exploit a vulnerability in Microsoft Windows detected     CVE-2025-21189     Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21189
High     An attempt to exploit a vulnerability in Microsoft Windows detected     CVE-2025-21189     Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21189
High     An attempt to exploit a vulnerability in Netis routers     CVE-2024-48456     Netis-Router-Unauthenticated-Password-Change
High     An attempt to exploit a vulnerability in Pandora FMS detected     CVE-2024-11320     Pandora-FMS-Authenticated-Command-Injection-CVE-2024-11320
High     An attempt to exploit a vulnerability in AJ-Report detected     CVE-2024-7314     AJ-Report-Authentication-Bypass-CVE-2024-7314
High     An attempt to exploit a vulnerability in AJ-Report detected     CVE-2024-7314     AJ-Report-Authentication-Bypass-CVE-2024-7314

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Normalized Request-Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High AJ-Report-Authentication-Bypass-CVE-2024-7314 CVE-2024-7314 HTTP_CRL-AJ-Report-Remote-Code-Execution-CVE-2024-7314 Suspected Compromise
High AJ-Report-Authentication-Bypass-CVE-2024-7314 CVE-2024-7314 HTTP_CRL-AJ-Report-Potential-Authentication-Bypass-CVE-2024-7314 Potential Compromise
High Netis-Router-Unauthenticated-Password-Change CVE-2024-48456 HTTP_CRL-Netis-Router-Unauthenticated-Password-Change Potential Compromise
High Pandora-FMS-Authenticated-Command-Injection-CVE-2024-11320 CVE-2024-11320 HTTP_CRL-Pandora-FMS-Authenticated-Command-Injection-CVE-2024-11320 Suspected Compromise

Text File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21189 CVE-2025-21189 File-Text_Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21189 Potential Compromise
High Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21189 CVE-2025-21189 File-Text_Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21189-2 Suspected Compromise
High Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21219 CVE-2025-21219 File-Text_Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21219 Potential Compromise
High Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21219 CVE-2025-21219 File-Text_Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21219-2 Suspected Compromise
High Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21268 CVE-2025-21268 File-Text_Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21268 Potential Compromise
High Windows-HTML-Platforms-Security-Feature-Bypass-CVE-2025-21269 CVE-2025-21269 File-Text_Windows-HTML-Platforms-Security-Feature-Bypass-CVE-2025-21269 Potential Compromise

Other Binary File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21189 CVE-2025-21189 File-Binary_Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21189 Potential Compromise
High Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21219 CVE-2025-21219 File-Binary_Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21219 Potential Compromise
High Windows-HTML-Platforms-Security-Feature-Bypass-CVE-2025-21269 CVE-2025-21269 File-Binary_Windows-HTML-Platforms-Security-Feature-Bypass-CVE-2025-21269 Potential Compromise

Zip File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Microsoft-Office-Remote-Code-Execution-CVE-2025-21365 CVE-2025-21365 File-Zip_Microsoft-Office-Remote-Code-Execution-CVE-2025-21365 Potential Compromise

Updated detected attacks:

UDP Packet Unknown

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Linux-Kernel-TIPC-Fragment-Handling-Use-After-Free-CVE-2024-36886 CVE-2024-36886 Generic_UDP-Linux-Kernel-TIPC-Fragment-Handling-Use-After-Free-CVE-2024-36886 Potential Compromise
Detection mechanism updated

TCP Client Stream Unknown

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Apache-Couchdb-Erlang-RCE CVE-2022-24706 Generic_CS-Apache-Couchdb-Erlang-RCE Suspected Compromise
Fingerprint regexp changed

LIST OF OTHER CHANGES:

New objects:

TypeName
CategoryAJ-Report
CategoryMS2025
CategoryMS2025-01
CategoryCVE2025
SituationAnalyzer_WebSocket-Connection-Flood

Updated objects:

TypeNameChanges
SituationURL_List-DNS-Over-HTTPS
Detection mechanism updated
IPListRwanda
IPListSomalia
IPListYemen
IPListIraq
IPListSaudi Arabia
IPListIran
IPListCyprus
IPListTanzania
IPListArmenia
IPListKenya
IPListDR Congo
IPListUganda
IPListSeychelles
IPListJordan
IPListLebanon
IPListKuwait
IPListOman
IPListQatar
IPListBahrain
IPListUnited Arab Emirates
IPListIsrael
IPListTürkiye
IPListEgypt
IPListGreece
IPListEstonia
IPListLatvia
IPListAzerbaijan
IPListLithuania
IPListSvalbard and Jan Mayen
IPListGeorgia
IPListMoldova
IPListBelarus
IPListFinland
IPListUkraine
IPListNorth Macedonia
IPListHungary
IPListBulgaria
IPListAlbania
IPListPoland
IPListRomania
IPListZambia
IPListMalawi
IPListBotswana
IPListMauritius
IPListRéunion
IPListSouth Africa
IPListMayotte
IPListMozambique
IPListMadagascar
IPListAfghanistan
IPListPakistan
IPListBangladesh
IPListTurkmenistan
IPListTajikistan
IPListSri Lanka
IPListBhutan
IPListIndia
IPListMaldives
IPListNepal
IPListMyanmar
IPListUzbekistan
IPListKazakhstan
IPListKyrgyzstan
IPListPalau
IPListVietnam
IPListThailand
IPListIndonesia
IPListLaos
IPListTaiwan
IPListPhilippines
IPListMalaysia
IPListChina
IPListHong Kong
IPListBrunei
IPListMacao
IPListCambodia
IPListSouth Korea
IPListJapan
IPListNorth Korea
IPListSingapore
IPListRussia
IPListMongolia
IPListAustralia
IPListChristmas Island
IPListPapua New Guinea
IPListNew Zealand
IPListFiji
IPListCameroon
IPListSenegal
IPListPortugal
IPListIvory Coast
IPListGhana
IPListNigeria
IPListBurkina Faso
IPListSierra Leone
IPListGibraltar
IPListWestern Sahara
IPListTunisia
IPListSpain
IPListMorocco
IPListMalta
IPListAlgeria
IPListDenmark
IPListIceland
IPListUnited Kingdom
IPListSwitzerland
IPListSweden
IPListThe Netherlands
IPListAustria
IPListBelgium
IPListGermany
IPListLuxembourg
IPListIreland
IPListMonaco
IPListFrance
IPListAndorra
IPListLiechtenstein
IPListJersey
IPListIsle of Man
IPListGuernsey
IPListSlovakia
IPListCzechia
IPListNorway
IPListItaly
IPListSlovenia
IPListMontenegro
IPListCroatia
IPListBosnia and Herzegovina
IPListAngola
IPListNamibia
IPListBarbados
IPListGuyana
IPListFrench Guiana
IPListGreenland
IPListParaguay
IPListUruguay
IPListBrazil
IPListFalkland Islands
IPListJamaica
IPListDominican Republic
IPListMartinique
IPListBahamas
IPListBermuda
IPListAnguilla
IPListTrinidad and Tobago
IPListSt Kitts and Nevis
IPListDominica
IPListAntigua and Barbuda
IPListSaint Lucia
IPListAruba
IPListBritish Virgin Islands
IPListSt Vincent and Grenadines
IPListMontserrat
IPListSaint Martin
IPListGuadeloupe
IPListCayman Islands
IPListBelize
IPListEl Salvador
IPListGuatemala
IPListHonduras
IPListNicaragua
IPListCosta Rica
IPListVenezuela
IPListEcuador
IPListColombia
IPListPanama
IPListHaiti
IPListArgentina
IPListChile
IPListBolivia
IPListPeru
IPListMexico
IPListFrench Polynesia
IPListPitcairn Islands
IPListNorthern Mariana Islands
IPListGuam
IPListPuerto Rico
IPListU.S. Virgin Islands
IPListCanada
IPListUnited States
IPListSerbia
IPListAntarctica
IPListSint Maarten
IPListTOR exit nodes IP Address List
IPListAmazon AMAZON
IPListAmazon S3
IPListAmazon EC2
IPListTOR relay nodes IP Address List
IPListAmazon AMAZON ap-southeast-1
IPListAmazon S3 ap-southeast-1
IPListAmazon EC2 ap-southeast-1
IPListNordVPN Servers IP Address List
IPListGoogle Cloud IP Address List for europe-west12
IPListAmazon AMAZON eu-west-1
IPListAmazon S3 eu-west-1
IPListAmazon EC2 eu-west-1
IPListForcepoint Drop IP Address List
IPListAmazon AMAZON us-west-2
IPListAmazon EC2 us-west-2
IPListGoogle Cloud IP Address List for asia-northeast3
IPListGoogle Cloud IP Address List for asia-south2
IPListGoogle Cloud IP Address List for europe-west1
IPListGoogle Cloud IP Address List for northamerica-northeast2
IPListGoogle Cloud IP Address List for southamerica-west1
SituationFile-Zip_Shared-Variables
SituationFile-Member-Name_Shared-Variables
Fingerprint regexp changed
ApplicationTOR
ApplicationDNS-Over-HTTPS
ApplicationNordVPN

HOW TO IMPORT AND ACTIVATE THE DYNAMIC UPDATE PACKAGE

  1. Download the dynamic update package, then make sure that the checksums for the original files and the files that you have downloaded match.
  2. In the Management Client, select Menu > File > Import > Import Update Packages.
  3. Browse to the file, select it, then click Import.
  4. Select  Configuration, then browse to Administration > Other Elements > Updates.
  5. Right-click the imported dynamic update package, then select Activate.
  6. When the activation is finished, refresh the policy on all NGFW Engines. If your policy uses a custom template, you might need to edit the policy.

DISCLAIMER AND COPYRIGHT

Copyright © 2025 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.