Rule Update

16-020 (June 28, 2016)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1007598* - Identified Possible Ransomware File Rename Activity Over Network Share
1006906* - Identified Usage Of PsExec Command Line Tool


NetBIOS Name Service
1007658 - Identified Too Many NBNS Response
1007700 - Identified WPAD NBNS Response From Suspicious Host


ODBC Server CitectSCADA
1002855* - CitectSCADA ODBC Server Remote Stack Buffer Overflow


Suspicious Client Application Activity
1007578* - Ransomware CryptFile


Unix CVS
1000511* - CVS Annotate Command Long Revision String Buffer Overflow


Web Client Common
1007678 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2016-4138)
1007697 - Adobe Flash Player DLL Hijacking Vulnerability Over WebDAV (CVE-2016-4140)
1007676 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-4136)
1007673 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4132)
1007674 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4133)
1007679 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4141)
1007687 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4150)
1007688 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4151)
1007689 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4152)
1007690 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4153)
1007691 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4154)
1007692 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4155)
1007693 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4156)
1007682 - Adobe Flash Player Type Confusion Vulnerability (CVE-2016-4144)
1007686 - Adobe Flash Player Type Confusion Vulnerability (CVE-2016-4149)
1007672 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4121)
1007680 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4142)
1007681 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4143)
1007683 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4146)
1007684 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4147)
1007685 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4148)
1007489* - Microsoft Windows OLE Memory Remote Code Execution Vulnerability (CVE-2016-0091)
1007490* - Microsoft Windows OLE Memory Remote Code Execution Vulnerability (CVE-2016-0092)


Web Client Internet Explorer/Edge
1007652* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0199)


Web Server Miscellaneous
1004007* - Adobe BlazeDS XML Injection And XML External Entity Injection Vulnerabilities
1007694 - Apache Struts REST Plugin DMI Remote Code Execution Vulnerability (CVE-2016-3087)
1007702 - Apache Struts REST Plugin Remote Code Execution Vulnerability (CVE-2016-4438)
1007701 - Apache Struts XSLTResult Remote Code Execution Vulnerability (CVE-2016-3082)


Windows Services RPC Client
1007695 - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-4140)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1002831* - Unix - Syslog