Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Gold

MS .ANI Exploit

Snort and ISS have had a signature for this since 2005. Lots of other products appear to detect this as of 2005 as well. Where is the Cisco sig? I found a default disabled/retired sig, (3718-0, Windows .ANI File DoS), but it doesn't appear to work against the latest exploits.

5 REPLIES
Cisco Employee

Re: MS .ANI Exploit

Signature 5442-0. Available since s137 (January 2005)

Linked and visible from MySDN:

http://tools.cisco.com/MySDN/Intelligence/viewThreat.x?threatId=5384

So far, this fires against all exploits I've seen.

New Member

Re: MS .ANI Exploit

Please check the My Self Defending Network link:

www.mysdn.com

It is currently at the top of the page and can be searched for. Here is the Cisco ID: 5384

Pleas use the MYSDN website for security information ther is some good info there.

Regards,

Ray

New Member

Re: MS .ANI Exploit

BTW:

Cisco Security Agent has shown to protect against this exploit. It offers some good protection against many DAY Zero exploits without the need for patching per exploit like many AV applications. It works well with AV and is not a replacement for AV.

Regards,

Ray

Blue

Re: MS .ANI Exploit

Hi Ray, where is this explained in detail? I'd like to show it to some folks.

I could not find it listed among the security bulletins here:

http://www.cisco.com/en/US/products/sw/secursw/ps5057/prod_bulletins_list.html

Thanks in advance

Tom

New Member

Re: MS .ANI Exploit

Ok well first off the signature has information you can review:

http://tools.cisco.com/MySDN/Intelligence/viewThreat.x?threatId=5384

Updated Microsoft advisory:

http://www.microsoft.com/technet/security/advisory/935423.mspx

Great eWEEK article with AWESOME links:

http://securitywatch.eweek.com/exploits_and_attacks/ani_zero_day_takes_new_turns_to_the_ubernasty.html?kc=EWEWEMNL040207EP37A

CSA info is not posted yet but it should be very shortly.

I hope this helps.

Ray

143
Views
20
Helpful
5
Replies
CreatePlease to create content