New Filters: 43434: HTTP: Microsoft Exchange Server DownloadDataFromUri Suspicious JSON Object Detected - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects the usage of a JSON object in Microsoft Exchange Server traffic. - Deployment: Not enabled by default in any deployment. - References: - Zero Day Initiative: ZDI-23-1579 - Classification: Security Policy - Other - Protocol: HTTP - Platform: Windows Server Application or Service - Release Date: November 02, 2023 43435: HTTP: Microsoft Exchange CreateAttachmentFromUri Suspicious JSON Object Detected - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects the usage of a JSON object in Microsoft Exchange Server traffic. - Deployment: Not enabled by default in any deployment. - References: - Zero Day Initiative: ZDI-23-1581 - Classification: Security Policy - Other - Protocol: HTTP - Platform: Windows Server Application or Service - Release Date: November 02, 2023 43437: HTTP: Microsoft Exchange Server DownloadDataFromOfficeMarketPlace Suspicious JSON Object - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects the usage of a JSON object in Microsoft Exchange Server. - Deployment: Not enabled by default in any deployment. - References: - Zero Day Initiative: ZDI-23-1580 - Classification: Security Policy - Other - Protocol: HTTP - Platform: Windows Server Application or Service - Release Date: November 02, 2023 43438: HTTP: Microsoft Exchange Server DownloadDataFromUri Suspicious Powershell Request Detected - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects the presence of a suspicious Powershell request to Microsoft Exchange Server. - Deployment: Not enabled by default in any deployment. - References: - Zero Day Initiative: ZDI-23-1579 - Classification: Security Policy - Other - Protocol: HTTP - Platform: Windows Server Application or Service - Release Date: November 02, 2023 Modified Filters (logic changes): None Modified Filters (metadata changes only): * = Enabled in Default deployments * 43364: HTTP: Microsoft Exchange Deserialization of Untrusted Data Vulnerability (ZDI-23-1578) - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Name changed from "43364: ZDI-CAN-22079: Zero Day Initiative Vulnerability (Microsoft Exchange)". - Description updated. - Vulnerability references updated. - Release Date: October 24, 2023 - Last Modified Date: November 02, 2023 Removed Filters: None

Digital Vaccine #9844 OOB

Product / Version includes:

TippingPoint Digital VaccineAll

Last updated: 2023/11/03

Solution ID: KA-0015570

Category: Configure , Troubleshoot , Deploy

Summary

Digital Vaccine #9844 OOB November 2, 2023

System Requirements

The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.

The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9844.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9844.pkg

Table of Contents
--------------------------
  New Filters - 4
  Modified Filters (logic changes) - 0
  Modified Filters (metadata changes only) - 1
  Removed Filters - 0

  New Filters:
  
    43434: HTTP: Microsoft Exchange Server DownloadDataFromUri Suspicious JSON Object Detected
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of a JSON object in Microsoft Exchange Server traffic.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Zero Day Initiative: ZDI-23-1579
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: November 02, 2023

    43435: HTTP: Microsoft Exchange CreateAttachmentFromUri Suspicious JSON Object Detected
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of a JSON object in Microsoft Exchange Server traffic.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Zero Day Initiative: ZDI-23-1581
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: November 02, 2023

    43437: HTTP: Microsoft Exchange Server DownloadDataFromOfficeMarketPlace Suspicious JSON Object
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of a JSON object in Microsoft Exchange Server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Zero Day Initiative: ZDI-23-1580
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: November 02, 2023

    43438: HTTP: Microsoft Exchange Server DownloadDataFromUri Suspicious Powershell Request Detected
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the presence of a suspicious Powershell request to Microsoft Exchange Server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Zero Day Initiative: ZDI-23-1579
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: November 02, 2023
      
  Modified Filters (logic changes): None

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 43364: HTTP: Microsoft Exchange Deserialization of Untrusted Data Vulnerability (ZDI-23-1578)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "43364: ZDI-CAN-22079: Zero Day Initiative Vulnerability (Microsoft Exchange)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: October 24, 2023
      - Last Modified Date: November 02, 2023

  Removed Filters: None

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Digital Vaccine #9844 OOB

Digital Vaccine #9844 OOB

Product / Version includes:

Summary