Showing results for 
Search instead for 
Did you mean: 
Level 7

Can HIPS 7.03 detect MS08-067 activity?

I'm implementing HIPS703, with EPO4 and VSE 8.5i and 8.7i. Can anyone explain how to get HIPS to flag attempts at exploiting a particular vulnerability, in this case MS08-067?
0 Kudos
1 Reply
Level 7


Just in case anyone else is trying to get this going

Event Category: Belongs to: Host Intrusion
Threat Name: Equals: 3961

Searching for the rule in your IPS Rules in EPO doesn't help much, because the name doesn't include the MS KB#(KB958644), Bulletin Number(MS08-067), nor the generic CVE#(CVE-2008-4250). The description contains the CVE#, but there is no way to search on this, AFIAK.

The name of the threat is "Vulnerability in Server Service Could Allow Remote Code Execution", ID is 3961. If you create a query with the above filters(Event Category and Threat Name), you will see any attempts to exploit MS08-067.
0 Kudos