Sig 5572.0 Severity different between platforms?

p.mckay — Sun, 10 Mar 2019 09:35:36 GMT

Once again I am at a loss why in this release S186 does the signature 5572.0 have a difference in severities between versions.

Version 4x 5572. 0 Severity High

Version 5x 5572. 0 Severity Info

Re: Sig 5572.0 Severity different between platforms?

craiwill — Thu, 18 Aug 2005 19:20:42 GMT

In 4.x 5572-0 is the signature that detects the exploitation of the msdds.dll vulnerability. 5.x signature 5572-0 is a meta component of signatures 5572-1 and 5572-2 which use existing sigs in addition to 5572-0 to provide coverage for this vulnerability. By using existing signatures in addition to a simplified 5572-0 in 5.x we achieve the exact same coverage and use fewer sensor resources. You'll notice that the signatures that cover the vulnerability all have a severity rating of high.

topic Re: Sig 5572.0 Severity different between platforms? in Network Security

Sig 5572.0 Severity different between platforms?

Re: Sig 5572.0 Severity different between platforms?