Rule Update

17-040 (August 22, 2017)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1008558 - Identified Windows Search Protocol Network Traffic Over SMB
1008560 - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8620)


DCERPC Services - Client
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
1008407 - Skype Insecure Library Loading Vulnerability Over Network Share (CVE-2017-6517)


Web Application PHP Based
1008524 - PHP INI Parsing Stack Buffer Overflow Vulnerability (CVE-2017-11628)


Web Client Common
1008408 - Skype Insecure Library Loading Vulnerability Over WebDAV (CVE-2017-6517)


Web Client Internet Explorer/Edge
1008547 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8652)
1008531 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8603)


Web Server Apache
1008519* - Apache HTTP Server Denial Of Service Vulnerability (CVE-2017-7668)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.