I have recently deployed a couple of IPS sensors. The sensor alarmed on sig 5561/0 (Windows SMTP Overflow).
From the link, the signature was updated in June 2008. The CVE is dated 2004 and Microsoft issued patches in 2004. Why is Cisco updating signatures for 4 year old vulnerabilities?
Is this latest release/update for a new vulnerability?
It was not a new vulnerability. The updated signature released in S339 coincides with the E2 engine release. 5561-0 is a meta-engine signature and the "update" that was done at the S339 release was to explicitly set a "all components required" flag to true.
Any change that changes the signature xml results in a revision/update.
Hope that helps.