cancel
Showing results for 
Search instead for 
Did you mean: 

Umbrella & DNS - Forefront Attack

Greetings, Just yesterday my NSM began alerting on hundreds of attacks (FOREFRONT: Microsoft Forefront Threat Management Gateway Client Remote Code Execution Vulnerability). The traffic is outbound from our internal domain controllers/DNS to OpenDNS (Umbrella). Has anyone seen this before or have any information on why this suddenly started occurring? There have been no obvious changes that I can relate this to.
4 Replies

Re: Umbrella & DNS - Forefront Attack

We either have the same problem, yesterday began alerting about thousand of attacks "FOREFRONT: Microsoft Forefront Threat Management Gateway Client Remote Code Execution Vulnerability)

Reliable Contributor petermason
Reliable Contributor
Report Inappropriate Content
Message 3 of 5

Re: Umbrella & DNS - Forefront Attack

Hi User72197774 / Clevence,

 

I see that this signature was modified in this weeks SigSet, so it appears to have added another signature that is generating these alerts.

If you look at the alert data you should see what conditions are triggering the alert.

Follow the instructions in KB55743 to report it to support and have it corrected.

https://kc.mcafee.com/corporate/index?page=content&id=KB55743 

Regards

Peter

McAfee Employee fkazi04
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Umbrella & DNS - Forefront Attack

Hi,

Our signature team is working on this issue.

As a workaround, you can downgrade the signature set or disable the Signature. The fix should be available in the next signature release that is expected to be available on the upcoming Tuesday.

 

Otherwise, please reach out to the support team they will provide you private signature set that can be applied to the Sensor.

 

I hope this answers your question.

 

Regards,

Faizan 

 

Was my reply helpful?
If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Regards,
Faizan

Was my reply helpful?
If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Tsri
Level 8
Report Inappropriate Content
Message 5 of 5

Re: Umbrella & DNS - Forefront Attack

New sigset 10.8.1.2 has been released which has the fix for this signature.

Please install the same and then you can re-enabled this signature

 

For details review KB92188 (This article is viewable only by registered ServicePortal users)


Was my reply helpful?
If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Regards,


Tarang Sri

 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community