Views:
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9844.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9844.pkg

Table of Contents
--------------------------
  New Filters - 4
  Modified Filters (logic changes) - 0
  Modified Filters (metadata changes only) - 1
  Removed Filters - 0
  New Filters:
  
    43434: HTTP: Microsoft Exchange Server DownloadDataFromUri Suspicious JSON Object Detected
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of a JSON object in Microsoft Exchange Server traffic.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Zero Day Initiative: ZDI-23-1579
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: November 02, 2023

    43435: HTTP: Microsoft Exchange CreateAttachmentFromUri Suspicious JSON Object Detected
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of a JSON object in Microsoft Exchange Server traffic.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Zero Day Initiative: ZDI-23-1581
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: November 02, 2023

    43437: HTTP: Microsoft Exchange Server DownloadDataFromOfficeMarketPlace Suspicious JSON Object
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of a JSON object in Microsoft Exchange Server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Zero Day Initiative: ZDI-23-1580
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: November 02, 2023

    43438: HTTP: Microsoft Exchange Server DownloadDataFromUri Suspicious Powershell Request Detected
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the presence of a suspicious Powershell request to Microsoft Exchange Server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Zero Day Initiative: ZDI-23-1579
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: November 02, 2023
      
  Modified Filters (logic changes): None

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 43364: HTTP: Microsoft Exchange Deserialization of Untrusted Data Vulnerability (ZDI-23-1578)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "43364: ZDI-CAN-22079: Zero Day Initiative Vulnerability (Microsoft Exchange)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: October 24, 2023
      - Last Modified Date: November 02, 2023

  Removed Filters: None
Keywords: Digital Vaccine #9844 OOB