Rule Update
15-035 (November 24, 2015)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Server
1007137 - PowerDNS Recursor Remote Denial Of Service Vulnerability (CVE-2014-3614)
Microsoft Office
1007163 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-1683)
OpenSSL
1007072* - GNU Libtasn1 'decoding.c' Heap Buffer Overflow Vulnerability (CVE-2015-3622)
Suspicious Client Application Activity
1007116* - VMware vCenter Java JMX Server Insecure Configuration Java Code Execution Vulnerability
Web Application PHP Based
1007135* - WordPress XMLRPC 'system.multicall' Brute Force Amplification Attack
Web Client Common
1007193 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-7659)
1007187 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7651)
1007188 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7652)
1007189 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7653)
1007190 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7654)
1007195 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7663)
1007191 - Adobe Flash Player Use After Free Vulnerability - 1
1007192 - Adobe Flash Player Use After Free Vulnerability - 2
1007194 - Adobe Flash Player Use After Free Vulnerability - 3
1007196 - Adobe Flash Player Use After Free Vulnerability - 4
1007211 - Microsoft .NET Framework ASLR Security Bypass Vulnerability (CVE-2015-6115)
1007124 - Microsoft Office RTF Frmtxtbrl EIP Corruption Denial Of Service Vulnerability
1006294* - Microsoft Windows OLE Remote Code Execution Vulnerability Over WebDAV
Web Client Internet Explorer
1006868* - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1007098* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6045)
1007140* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6065)
Web Client SSL
1005040* - Identified Revoked Certificate Authority In SSL Traffic
Web Server Common
1007185 - Java Unserialize Remote Code Execution Vulnerability
Windows Services RPC Client
1007120 - SMB DLL Injection Exploit Detected
Windows Services RPC Server
1007134* - Batch File Uploaded On Network Share
1007066* - Remote Delete Job Through SMBv1 Protocol Detected
Integrity Monitoring Rules:
1002999* - Database Server - Microsoft SQL Server
1006803* - TMTR-0001: Suspicious Files Detected In Operating System Directories
1006800* - TMTR-0002: Suspicious Files Detected In Operating System Directories
1006798* - TMTR-0005: Suspicious Files Detected In Application Directories
1006797* - TMTR-0006: Suspicious Files Detected In Application Directories
1006796* - TMTR-0007: Suspicious Files Detected In Application Directories
1006805* - TMTR-0009: Suspicious Files Detected In System Folder
1006804* - TMTR-0010: Suspicious Files Detected In System Folder
1006795* - TMTR-0011: Suspicious Files Detected In System Folder
1006658* - TMTR-0012: Suspicious Files Detected In Temporary Directories
1006677* - TMTR-0013: Suspicious Files Detected In Windows Folder
1006799* - TMTR-0014: Suspicious Service Detected
1006683* - TMTR-0016: Suspicious Running Processes Detected
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DNS Server
1007137 - PowerDNS Recursor Remote Denial Of Service Vulnerability (CVE-2014-3614)
Microsoft Office
1007163 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-1683)
OpenSSL
1007072* - GNU Libtasn1 'decoding.c' Heap Buffer Overflow Vulnerability (CVE-2015-3622)
Suspicious Client Application Activity
1007116* - VMware vCenter Java JMX Server Insecure Configuration Java Code Execution Vulnerability
Web Application PHP Based
1007135* - WordPress XMLRPC 'system.multicall' Brute Force Amplification Attack
Web Client Common
1007193 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-7659)
1007187 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7651)
1007188 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7652)
1007189 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7653)
1007190 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7654)
1007195 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7663)
1007191 - Adobe Flash Player Use After Free Vulnerability - 1
1007192 - Adobe Flash Player Use After Free Vulnerability - 2
1007194 - Adobe Flash Player Use After Free Vulnerability - 3
1007196 - Adobe Flash Player Use After Free Vulnerability - 4
1007211 - Microsoft .NET Framework ASLR Security Bypass Vulnerability (CVE-2015-6115)
1007124 - Microsoft Office RTF Frmtxtbrl EIP Corruption Denial Of Service Vulnerability
1006294* - Microsoft Windows OLE Remote Code Execution Vulnerability Over WebDAV
Web Client Internet Explorer
1006868* - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1007098* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6045)
1007140* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6065)
Web Client SSL
1005040* - Identified Revoked Certificate Authority In SSL Traffic
Web Server Common
1007185 - Java Unserialize Remote Code Execution Vulnerability
Windows Services RPC Client
1007120 - SMB DLL Injection Exploit Detected
Windows Services RPC Server
1007134* - Batch File Uploaded On Network Share
1007066* - Remote Delete Job Through SMBv1 Protocol Detected
Integrity Monitoring Rules:
1002999* - Database Server - Microsoft SQL Server
1006803* - TMTR-0001: Suspicious Files Detected In Operating System Directories
1006800* - TMTR-0002: Suspicious Files Detected In Operating System Directories
1006798* - TMTR-0005: Suspicious Files Detected In Application Directories
1006797* - TMTR-0006: Suspicious Files Detected In Application Directories
1006796* - TMTR-0007: Suspicious Files Detected In Application Directories
1006805* - TMTR-0009: Suspicious Files Detected In System Folder
1006804* - TMTR-0010: Suspicious Files Detected In System Folder
1006795* - TMTR-0011: Suspicious Files Detected In System Folder
1006658* - TMTR-0012: Suspicious Files Detected In Temporary Directories
1006677* - TMTR-0013: Suspicious Files Detected In Windows Folder
1006799* - TMTR-0014: Suspicious Service Detected
1006683* - TMTR-0016: Suspicious Running Processes Detected
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.