Rule Update

16-009 (April 12, 2016)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For File Sharing
1007463* - Application Control For Microsoft OneDrive


Backup Server IBM Tivoli Storage Manager FastBack Server
1007353 - IBM Tivoli Storage Manager FastBack Server Opcode 1301 Remote Code Execution Vulnerability
1007365 - IBM Tivoli Storage Manager FastBack Server Opcode 1335 Remote Code Execution Vulnerability


Microsoft Office
1007555 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0122)
1007556 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0127)
1007557 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0136)
1007560 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0139)


OpenSSL
1007072* - GNU Libtasn1 'decoding.c' Heap Buffer Overflow Vulnerability (CVE-2015-3622)


Port Mapper Windows
1001033* - Windows Port Mapper Decoder


Suspicious Client Application Activity
1007576 - Ransomware Cryptesla
1007577 - Ransomware Hydra
1007581 - Ransomware Lectool


Suspicious Server Application Activity
1007582 - Ransomware Lectool-1


Unix Samba Client
1007584 - SAMBA RPC Authentication Level Downgrade Vulnerability


Unix Samba Client DCERPC
1007586 - SAMBA RPC Authentication Level Downgrade Vulnerability - 1
1007585 - Unix Samba Client Port Mapper Decoder


Unix Samba Server DCERPC
1007593 - Identified SAMBA DCERPC AUTH LEVEL CONNECT Password Validate Request
1007588 - Unix Samba Server Port Mapper Decoder


Web Application Common
1000608* - Generic SQL Injection Prevention


Web Client Common
1007570 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2016-1018)
1007590 - Adobe Flash Player DLL Hijacking Vulnerability Over WebDAV (CVE-2016-1014)
1007564 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1012)
1007572* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2016-1019)
1007562 - Adobe Flash Player Security Bypass Vulnerability (CVE-2016-1006)
1007567 - Adobe Flash Player Type Confusion Vulnerability (CVE-2016-1015)
1007563 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1011)
1007565 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1013)
1007568 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1016)
1007569 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1017)
1006532* - Identified Malicious Adobe Flash SWF File - 1
1007591 - Microsoft Windows DLL Loading Vulnerabilities Over WebDAV (CVE-2016-0160 and CVE-2016-0148)
1007370* - Microsoft Windows DLL Loading Vulnerabilities Over WebDAV (MS16-007)
1007553 - Microsoft Windows Graphics Memory Corruption Vulnerability (CVE-2016-0145)
1007558 - Microsoft Windows OLE Remote Code Execution Vulnerability (CVE-2016-0153)
1007526 - Oracle Java SE Remote Code Execution Vulnerability (CVE-2016-0636)


Web Client Internet Explorer/Edge
1007551 - Microsoft Edge Elevation Of Privilege Vulnerability (CVE-2016-0158)
1007552 - Microsoft Edge Elevation Of Privilege Vulnerability (CVE-2016-0161)
1007548 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0155)
1007549 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0156)
1007550 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0157)
1007544 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0154)
1007545 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0159)
1007546 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0164)
1007547 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0166)
1007554 - Microsoft Windows MSXML Remote Code Execution Vulnerability (CVE-2016-0147)


Web Client SSL
1006606* - Identified Fraudulent Digital Certificate - 1


Web Server Miscellaneous
1004189* - RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass


Web Server Oracle Report Server
1000502* - Oracle Reports OS Command Injection Attempt


Windows Services RPC Client
1007566 - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-1014)
1007592 - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (CVE-2016-0160 and CVE-2016-0148)
1007369* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
1007531 - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128)


Windows Services RPC Client DCERPC
1007539 - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128) - 1
1007538 - Windows Client Port Mapper Decoder


Windows Services RPC Server DCERPC
1007561 - Identified Windows DCERPC AUTH LEVEL CONNECT Password Validate Request


Integrity Monitoring Rules:

1005041* - Malware - Suspicious Microsoft Windows Files Detected


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.