Descrição

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1009801* - Microsoft Windows NTLM Elevation Of Privilege Vulnerability (CVE-2019-1040)
1008179* - Restrict File Extensions For Rename Activity Over Network Share


DNS Client
1010771 - DNSmasq DNSSEC Out Of Bounds Write Vulnerability (CVE-2020-25683)
1010784 - DNSmasq DNSSEC Out Of Bounds Write Vulnerability (CVE-2020-25687)
1010766* - Identified Non Existing DNS Resource Record (RR) Types In DNS Traffic


Database Microsoft SQL
1008759* - Microsoft SQL Server 'EXECUTE AS' Privilege Escalation Vulnerability


Directory Server LDAP
1010754* - Microsoft Windows NTLM Elevation Of Privilege Vulnerability Over LDAP (CVE-2019-1040)


Microsoft Office
1010785 - Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability (CVE-2021-24070)
1010786 - Microsoft Excel XLSX File Parsing Use-After-Free Remote Code Execution Vulnerability (CVE-2021-24067)


Suspicious Client Application Activity
1010741* - Identified HTTP Backdoor Python FreakOut A Runtime Detection


Suspicious Client Ransomware Activity
1010792 - Identified Cobalt Strike Default Self-signed SSL/TLS Certificate


Suspicious Server Application Activity
1008918* - Identified Memcached Amplified Reflected Response


Web Application Common
1005933* - Identified Directory Traversal Sequence In Uri Query Parameter


Web Application Ruby Based
1008574* - Ruby On Rails Development Web Console Code Execution Vulnerability (CVE-2015-3224)


Web Client Common
1010760* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-09) - 1
1010790 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-09) - 3
1010787 - Microsoft Windows Camera Codec Pack Image Processing Out-Of-Bounds Write Vulnerability (CVE-2021-24081)
1010788 - Microsoft Windows Camera Codec Pack Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2021-24091)
1004226* - Microsoft Windows Help Centre Malformed Escape Sequences Vulnerability
1006582* - Microsoft Windows Help Centre Malformed Escape Sequences Vulnerability (CVE-2010-1885)
1010789 - Microsoft Windows WAB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2021-24083)


Web Client SSL
1006296* - Detected SSLv3 Response (ATT&CK T1032)
1006298* - Identified CBC Based Cipher Suite In SSLv3 Request (ATT&CK T1032)


Web Server Apache
1010751 - Proxifier Proxy Client


Web Server Common
1010737* - CMS Made Simple 'Showtime2' Reflected Cross Site Scripting Vulnerability (CVE-2020-20138)
1010736* - Cisco Data Center Network Manager Authentication Bypass Vulnerability (CVE-2019-15977)
1010769 - Identified Kubernetes Namespace API Requests
1010477* - Java Unserialize Remote Code Execution Vulnerability - 1


Web Server HTTPS
1010795 - Joomla CMS Cross-Site Scripting Vulnerability (CVE-2021-23124)
1010772 - Microsoft Exchange Remote Code Execution Vulnerability (CVE-2020-17132)


Web Server Miscellaneous
1008610* - Block Object-Graph Navigation Language (OGNL) Expressions Initiation In Apache Struts HTTP Request
1004874* - TimThumb Plugin Remote Code Execution Vulnerability


Web Server SharePoint
1010764* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-24072)
1010794 - Microsoft SharePoint Workflow Deserialization Of Untrusted Data Remote Code Execution Vulnerability (CVE-2021-24066)


Windows Services RPC Server DCERPC
1008479* - Identified Usage Of WMI Execute Methods - Server


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1003631* - DNS Server - Microsoft Windows