Sophos XG Firewall v16.05 MR5 Hotfix released
Hi XG Community,
we’ve just released a hot-fix for XG Firewall v16.5 MR5 and above, that patches an IPS evasion vulnerability, revealed as part of recent public testing with a third party. The evasion technique in question will now be blocked by the XG Firewall IPS engine, for all users on v16.5 MR5 and above. This is an HTML based evasion technique, and is already blocked by the web protection features in the firewall, so any customers employing web protection in their XG Firewall are already fully protected from risk.
Firewalls already running v16.5 MR5 don’t need to do anything as the hot-fix has been applied automatically.
Any firewall running an earlier version of firmware should be upgraded to v16.5 MR5 as soon as possible to patch this vulnerability.
Instructions on how to update your firmware are included in this video:
Why are we releasing this as a hot-fix?
Normally we only issue hot fixes for the most critical issues. In this particular case, the vulnerability was discovered as part of public testing, which will be published, and this evasion technique will potentially receive much greater visibility than normal. As a result we decided to issue a hot-fix to minimize any potential risk to our customers.
Sr. Product Manager, XG Firewall