Forefront TMG - NIS Update for CVE-2011-3414

Hello folks and Happy New Year for you all !!

If you are running Forefront TMG 2010 and has NIS (Network Inspection System) enabled and updated, you probably notice a new signature that was released to assist you protecting against CVE-2011-3414 (part of MS11-100) as shown below:

image

Notice also that the response it is already setup to “Block” and it is already enabled. If you open the properties for this signature and review the Details tab you will see it is classified as a high business impact:

image

The good news is: if an attacker tries to exploit this vulnerability against a server that was not patched yet and the traffic is crossing TMG then NIS will identify the traffic and it will block it. Although you have this additional layer of protection to mitigate attempts to exploit this particular vulnerability, it is strongly recommended that you update your servers with MS11-100 as quick as possible (mainly the ones that are exposed to the Internet).

Stay Safe in 2012 and have a great year !