As UTM uses Snort, it could be. They have updated their rules since Dec. 24th, as stated here
https://blog.talosintelligence.com/2020/01/snort-rules-cve-2019-19781.html

Best regards 

Alex 

That is Talos commercial ruleset afaik. Sophos might have not updated snort rules. I am waiting for some confirmation here. Check out: https://community.sophos.com/products/unified-threat-management/f/network-protection-firewall-nat-qos-ips/42099/sophos-utm-ips-rules

Thank for clarification. I was hoping Sophos is using a commercial ruleset too. Best case near up to date like other vendors. The information release from Sophos side is not very good in these cases. Every now and then such a security problem appears. And always the community is asking and the answer isn’t popping up instantly. Is that really only a long way of communication or do they test after the question has appeared. I hope it’s the communication.

Best regards 

Alex 

Thank for clarification. I was hoping Sophos is using a commercial ruleset too. Best case near up to date like other vendors. The information release from Sophos side is not very good in these cases. Every now and then such a security problem appears. And always the community is asking and the answer isn’t popping up instantly. Is that really only a long way of communication or do they test after the question has appeared. I hope it’s the communication.

Best regards 

Alex 

Alexander Busch said:

I was hoping Sophos is using a commercial ruleset too.

maybe they do. but I don't know this and this would be an important information. 

Best regards

Joerg