Cisco is pleased to announce availability of the second Engine Update (E2) as well as the latest service packs for IPS 6.0 and 5.1 versioned sensors.

IMPORTANT NOTE: Beginning with S339, the E2 engine update MUST be installed prior to installing new signature updates.

The E2 update enhances the detection capabilities of Cisco IPS platforms with a number of new features and capabilities:

Cisco IPS Unified Communications Protection Pack
The Cisco IPS UC Protection Pack provides a new category of IPS signatures specifically designed to protect Cisco Unified Communications servers and infrastructure. With protections for the entire voice infrastructure, from operating systems to applications to protocols, the UC Protection Pack is a critical component of Cisco’s Secure UC Solution.

New P2P and “Fixed” All Ports Inspection Engines
The new P2P and Fixed Inspection engines provide comprehensive coverage for stealthy P2P filesharing applications, IM clients and botnets that communicate on a variety of ports to evade detection. Optimized engines provide both pre-configured as well as custom capabilities for all-port detection of malicious and suspicious traffic. Default configurations provide detection for all gnutella-based (TCP/UDP), morpheus, bittorrent, edonkey (TCP/UDP), kazaa (TCP/UDP), limewire, qtella, bearshare, phex, gnucleus, swapper, xolox, mutella, directconnect (TCP/UDP), ircdcc, soulseek, waste, winny and winmx clients.

META Engine and Universal Engine Enhancements
Enhancements to Cisco’s industry-leading META engine include additional operators for even broader event processing and ordering capabilities. Cisco Universal Engine, Service.Generic, adds additional support for TCP streams for enhanced detection of complex attacks on any protocol.

IMPORTANT E2 ENGINE UPDATE AND SERVICE PACK INSTALLATION NOTES
Beginning with S339, all signature updates will require that your sensors be updated with the E2 engine update. Updates can be downloaded automatically using Cisco Security Manager (CSM) or IPS Manager Express (IME). They can also be downloaded manually from the following locations:

IPS Version 6.x: http://www.cisco.com/cgi-bin/tablebuild.pl/ips6
IPS Version 5.1: http://www.cisco.com/cgi-bin/tablebuild.pl/ips5

NOTE: You must have an active Cisco Service for IPS contract to download this software.

6.0(5) and 5.1(8) Service pack updates are also being released to address a vulnerability in the IPS sensor software as well as other bug-fixes. These service packs include the E2 engine update and can also be downloaded using the methods described above. More information regarding the vulnerability is available at the following url: http://www.cisco.com/warp/public/707/cisco-sa-20080618-ips.shtml.

Please consult the table below for recommendations on upgrade paths:

Warning: Beginning with S339, signature updates will only be released for E2-level sensor software releases. These include: 5.1(7)E2, 5.1(8)E2, 6.0(4)E2, 6.0(5)E2 and 6.1(1)E2. Your sensors MUST be on one of these releases to receive further signature updates.

For more details regarding the E2 engine update and 6.0(5) and 5.1(8) service packs, refer to the readme files available at the download links listed above.