website statistics
Forefront TMG - NIS Update for CVE-2011-3414 - Yuri Diogenes's Blog - Site Home - TechNet Blogs

Yuri Diogenes's Blog

Thoughts from a Senior Knowledge Engineer @ Microsoft Data Center, Devices & Enterprise Client – CSI (Solutions Group)

Forefront TMG - NIS Update for CVE-2011-3414

Forefront TMG - NIS Update for CVE-2011-3414

  • Comments 3
  • Likes

Hello folks and Happy New Year for you all !!

If you are running Forefront TMG 2010 and has NIS (Network Inspection System) enabled and updated, you probably notice a new signature that was released to assist you protecting against CVE-2011-3414 (part of MS11-100) as shown below:

image

Notice also that the response it is already setup to “Block” and it is already enabled. If you open the properties for this signature and review the Details tab you will see it is classified as a high business impact:

image

The good news is: if an attacker tries to exploit this vulnerability against a server that was not patched yet and the traffic is crossing TMG then NIS will identify the traffic and it will block it. Although you have this additional layer of protection to mitigate attempts to exploit this particular vulnerability, it is strongly recommended that you update your servers with MS11-100 as quick as possible (mainly the ones that are exposed to the Internet).

Stay Safe in 2012 and have a great year !

Comments
  • I found ours to be Disabled & Detect Only.  Our responses are set to microsoft defaults.  Version 10.99 released 12/30/2011.

  • You're right, in version 10.95 (the one I used in the blog post) the default  setting for the  signature was set to Enabled / Block. In version 10.99 (the latest version available), the default setting has changed to Disabled / Detect Only. I'm still checking why such change was done....will post the results here once I find out.

    Thanks for following up.

  • The change on 10.99 was:

    Signature classification changed from “Vulnerability” to “Policy”  to prevent this legitimate traffic from being blocked. New Policy signature information can be found at:

    www.microsoft.com/.../NIS.aspx

    You can still change it to block if you want to.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment