Deep Security Center
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Application Control For Web Browser
1002996* - Application Control For Google Chrome Web Browser
DNS Client
1007297* - Microsoft Windows DNS Use After Free Vulnerability (CVE-2015-6125)
Microsoft Office
1007374 - Microsoft Office ASLR Bypass Vulnerability (CVE-2016-0012)
1007373 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0010)
1007375 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0035)
OpenSSL
1007328 - OpenSSL Certificate Missing PSS Parameter Denial Of Service Vulnerability (CVE-2015-3194)
SSL/TLS Server
1007379 - SLOTH - Security Losses From Obsolete And Truncated Transcript Hashes Attack On TLS Server
Web Application Common
1007170* - Identified Suspicious China Chopper Webshell Communication
Web Client Common
1006977* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5557)
1004715* - HTTP Web Client Decoding
1006073* - Heuristic Detection Of Malicious PDF Documents - 6
1007119* - Identified Malicious Adobe Flash SWF File - 2
1006882* - Identified Suspicious Obfuscated JavaScript - 4
1007368 - Microsoft DirectShow Heap Corruption Vulnerability (CVE-2016-0015)
1007364 - Microsoft Windows ASLR Bypass Vulnerability (CVE-2016-0008)
1007370 - Microsoft Windows DLL Loading Vulnerabilities Over WebDAV (MS16-007)
1007062 - Mozilla Firefox Arbitrary JavaScript Execution Vulnerability (CVE-2015-0802)
Web Client Internet Explorer/Edge
1007372 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0003)
1007378 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0024)
1007229* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6142)
1007244* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6159)
1007363 - Microsoft Internet Explorer Same Origin Policy Bypass Vulnerability (CVE-2016-0005)
1007362 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0002)
1007366 - Microsoft Silverlight Runtime Remote Code Execution Vulnerability (CVE-2016-0034)
Web Server RealVNC
1006884* - libvncserver Denial Of Service Vulnerability (CVE-2014-6054)
Windows Services RPC Client
1007369 - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
Integrity Monitoring Rules:
1003533* - Application - OpenSSH
1003354* - Mail Server - Sendmail
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Application Control For Web Browser
1002996* - Application Control For Google Chrome Web Browser
DNS Client
1007297* - Microsoft Windows DNS Use After Free Vulnerability (CVE-2015-6125)
Microsoft Office
1007374 - Microsoft Office ASLR Bypass Vulnerability (CVE-2016-0012)
1007373 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0010)
1007375 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0035)
OpenSSL
1007328 - OpenSSL Certificate Missing PSS Parameter Denial Of Service Vulnerability (CVE-2015-3194)
SSL/TLS Server
1007379 - SLOTH - Security Losses From Obsolete And Truncated Transcript Hashes Attack On TLS Server
Web Application Common
1007170* - Identified Suspicious China Chopper Webshell Communication
Web Client Common
1006977* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5557)
1004715* - HTTP Web Client Decoding
1006073* - Heuristic Detection Of Malicious PDF Documents - 6
1007119* - Identified Malicious Adobe Flash SWF File - 2
1006882* - Identified Suspicious Obfuscated JavaScript - 4
1007368 - Microsoft DirectShow Heap Corruption Vulnerability (CVE-2016-0015)
1007364 - Microsoft Windows ASLR Bypass Vulnerability (CVE-2016-0008)
1007370 - Microsoft Windows DLL Loading Vulnerabilities Over WebDAV (MS16-007)
1007062 - Mozilla Firefox Arbitrary JavaScript Execution Vulnerability (CVE-2015-0802)
Web Client Internet Explorer/Edge
1007372 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0003)
1007378 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0024)
1007229* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6142)
1007244* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6159)
1007363 - Microsoft Internet Explorer Same Origin Policy Bypass Vulnerability (CVE-2016-0005)
1007362 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0002)
1007366 - Microsoft Silverlight Runtime Remote Code Execution Vulnerability (CVE-2016-0034)
Web Server RealVNC
1006884* - libvncserver Denial Of Service Vulnerability (CVE-2014-6054)
Windows Services RPC Client
1007369 - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
Integrity Monitoring Rules:
1003533* - Application - OpenSSH
1003354* - Mail Server - Sendmail
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Application Control For Winny P2P
1003086* - Application Control For Winny
Web Application PHP Based
1007298* - Joomla Core Remote Code Execution Vulnerability (CVE-2015-8562)
Web Client Common
1007330 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-8651)
1007331 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8459)
1007332 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8460)
1007335 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8636)
1007343 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8645)
1007342 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-8644)
1007188* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7652)
1007333 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8634)
1007334 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8635)
1007336 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8638)
1007337 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8639)
1007338 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8640)
1007339 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8641)
1007340 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8642)
1007341 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8643)
1007344 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8646)
1007345 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8647)
1007346 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8648)
1007347 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8649)
1007348 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8650)
Integrity Monitoring Rules:
1006802* - TMTR-0003: Suspicious Files Detected In Operating System Directories
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Application Control For Winny P2P
1003086* - Application Control For Winny
Web Application PHP Based
1007298* - Joomla Core Remote Code Execution Vulnerability (CVE-2015-8562)
Web Client Common
1007330 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-8651)
1007331 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8459)
1007332 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8460)
1007335 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8636)
1007343 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8645)
1007342 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-8644)
1007188* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7652)
1007333 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8634)
1007334 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8635)
1007336 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8638)
1007337 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8639)
1007338 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8640)
1007339 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8641)
1007340 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8642)
1007341 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8643)
1007344 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8646)
1007345 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8647)
1007346 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8648)
1007347 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8649)
1007348 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8650)
Integrity Monitoring Rules:
1006802* - TMTR-0003: Suspicious Files Detected In Operating System Directories
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Client
1007297* - Microsoft Windows DNS Use After Free Vulnerability (CVE-2015-6125)
Web Client Common
1007319 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-8457)
1007316 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2015-8407)
1007313 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2015-8438)
1007310 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2015-8446)
1007323 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-8445)
1007317 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8060)
1007306 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8408)
1007304 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8418)
1007303 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8419)
1007308 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8443)
1007309 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8444)
1007312 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-8439)
1007325 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8043)
1007326 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8044)
1007327 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8046)
1007318 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8048)
1007305 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8414)
1007324 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8434)
1007302 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8435)
1007315 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8436)
1007314 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8437)
1007307 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8442)
1007311 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8447)
1007322 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8448)
1007321 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8449)
1007320 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8450)
1006532* - Identified Malicious Adobe Flash SWF File - 1
Web Client Internet Explorer/Edge
1007293 - Microsoft Internet Explorer COmWindowProxy Null Pointer Dereference Vulnerability
1007140* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6065)
1007156* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6085)
1007180* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6088)
Web Server Common
1000128* - HTTP Protocol Decoding
Windows Services RPC Server
1007125 - Remote Access Event Through SMBv1 Protocol Detected
1007121* - Remote Access Event Through SMBv2 Protocol Detected
Integrity Monitoring Rules:
1007295 - Application - chrony
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DNS Client
1007297* - Microsoft Windows DNS Use After Free Vulnerability (CVE-2015-6125)
Web Client Common
1007319 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-8457)
1007316 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2015-8407)
1007313 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2015-8438)
1007310 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2015-8446)
1007323 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-8445)
1007317 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8060)
1007306 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8408)
1007304 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8418)
1007303 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8419)
1007308 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8443)
1007309 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8444)
1007312 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-8439)
1007325 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8043)
1007326 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8044)
1007327 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8046)
1007318 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8048)
1007305 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8414)
1007324 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8434)
1007302 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8435)
1007315 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8436)
1007314 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8437)
1007307 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8442)
1007311 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8447)
1007322 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8448)
1007321 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8449)
1007320 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8450)
1006532* - Identified Malicious Adobe Flash SWF File - 1
Web Client Internet Explorer/Edge
1007293 - Microsoft Internet Explorer COmWindowProxy Null Pointer Dereference Vulnerability
1007140* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6065)
1007156* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6085)
1007180* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6088)
Web Server Common
1000128* - HTTP Protocol Decoding
Windows Services RPC Server
1007125 - Remote Access Event Through SMBv1 Protocol Detected
1007121* - Remote Access Event Through SMBv2 Protocol Detected
Integrity Monitoring Rules:
1007295 - Application - chrony
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Client
1007299 - Identified DNS Response With Low TTL Value
1007297 - Microsoft Windows DNS Use After Free Vulnerability (CVE-2015-6125)
Web Application PHP Based
1007298 - Joomla Core Remote Code Execution Vulnerability (CVE-2015-8562)
Web Client Common
1006070* - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2014-0515) - 1
1007211* - Microsoft .NET Framework ASLR Security Bypass Vulnerability (CVE-2015-6115)
1007161* - Microsoft Windows Graphics Memory Remote Code Execution Vulnerability (CVE-2015-6104)
Web Client Internet Explorer/Edge
1007224* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6083)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DNS Client
1007299 - Identified DNS Response With Low TTL Value
1007297 - Microsoft Windows DNS Use After Free Vulnerability (CVE-2015-6125)
Web Application PHP Based
1007298 - Joomla Core Remote Code Execution Vulnerability (CVE-2015-8562)
Web Client Common
1006070* - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2014-0515) - 1
1007211* - Microsoft .NET Framework ASLR Security Bypass Vulnerability (CVE-2015-6115)
1007161* - Microsoft Windows Graphics Memory Remote Code Execution Vulnerability (CVE-2015-6104)
Web Client Internet Explorer/Edge
1007224* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6083)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Server
1007137* - PowerDNS Recursor Remote Denial Of Service Vulnerability (CVE-2014-3614)
Mail Client Windows
1007203 - TMTR-0002: PRORAT SMTP Request
Microsoft Office
1006624* - Microsoft Office Component Use After Free Vulnerability (CVE-2015-1642)
1007279 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6040)
1007280 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6118)
1007281 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6122)
1007282 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6124)
1007283 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6177)
1007291 - Microsoft Office Multiple Insecure Library Loading Vulnerabilities
1007251 - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-6172)
Suspicious Client Application Activity
1007181 - TMTR-0001: PRORAT HTTP Request
1007182 - TMTR-0003: PRORAT HTTP Request
1005294* - TMTR-0004: GHOST RAT HTTP Request
1007197 - TMTR-0005: GHOST RAT TCP Connection Detected
1007184 - TMTR-0006: BUTERAT HTTP Request
1007186 - TMTR-0007: STRAT HTTP Request
1007199 - TMTR-0008: STRAT HTTP Request
1007198 - TMTR-0009: STRAT HTTP Request
1007200 - TMTR-0010: FAKEM RAT TCP Connection
1007201 - TMTR-0011: FAKEM RAT TCP Request
1007205 - TMTR-0012: FAKEM RAT TCP Connection
1007206 - TMTR-0013: FAKEMRAT HTTP Request
1007207 - TMTR-0014: NJRAT TCP Connection
1007202 - TMTR-0015: PSYRAT HTTP Request
1007208 - TMTR-0016: SPLINTER RAT TCP Connection
1007209 - TMTR-0017: ZIYAZO RAT BKDR Connection
Web Client Common
1006824* - Adobe Flash ActionScript3 ByteArray Use After Free Vulnerability
1006903* - Adobe Font Driver Memory Corruption Vulnerability (CVE-2015-2426)
1007063* - Foxit Reader PNG Conversion Arbitrary Code Execution Vulnerability
1007119* - Identified Malicious Adobe Flash SWF File - 2
1007277 - Microsoft Windows Graphics Memory Corruption Vulnerability (CVE-2015-6106)
1007249 - Microsoft Windows Graphics Memory Corruption Vulnerability (CVE-2015-6107)
1007250 - Microsoft Windows Integer Underflow Vulnerability (CVE-2015-6130)
1007284 - Microsoft Windows Library Loading Elevation Of Privilege Vulnerability (CVE-2015-6133)
1007287 - Microsoft Windows Library Loading Remote Code Execution Vulnerability (CVE-2015-6128)
1007288 - Microsoft Windows Library Loading Remote Code Execution Vulnerability (CVE-2015-6132)
1007285 - Microsoft Windows Media Center Information Disclosure Vulnerability (CVE-2015-6127)
1007047* - Windows Media Center Remote Code Execution Vulnerability
Web Client Internet Explorer/Edge
1007276 - Microsoft Edge Elevation of Privilege Vulnerability (CVE-2015-6170)
1007248 - Microsoft Edge Memory Corruption Vulnerability (CVE-2015-6168)
1007227 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6140)
1007229 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6142)
1007234 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6148)
1007239 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6153)
1007240 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6154)
1007241 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6155)
1007243 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6158)
1007244 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6159)
1007275 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6157)
1007147* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6075)
1007224 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6083)
1007273 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6134)
1007228 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6141)
1007230 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6143)
1007231 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6145)
1007232 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6146)
1007233 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6147)
1007235 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6149)
1007236 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6150)
1007238 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6152)
1007242 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6156)
1007245 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6160)
1007246 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6162)
1007274 - Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability (CVE-2015-6135)
1007225 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6136)
1007237 - Microsoft Internet Explorer and Edge Memory Corruption Vulnerability (CVE-2015-6151)
Web Client SSL
1005040* - Identified Revoked Certificate Authority In SSL Traffic
Web Server Common
1007185* - Java Unserialize Remote Code Execution Vulnerability
Web Server IIS
1004396* - IIS Repeated Parameter Request Denial Of Service Vulnerability
Web Server SAP
1004831* - SAP Management Console OSExecute Payload Execution
Windows Services RPC Server
1007064* - Executable File Uploaded On System32 Folder Through SMB Share
1006906* - Identified Usage Of PsExec Command Line Tool
Integrity Monitoring Rules:
1006802* - TMTR-0003: Suspicious Files Detected In Operating System Directories
1006801* - TMTR-0004: Suspicious Files Detected In Operating System Directories
1006682* - TMTR-0008: Suspicious Files Detected In Application Directories
1007210 - TMTR-0018: Suspicious Files Detected In User Profile Directory
1007214 - TMTR-0019: Suspicious Files Detected In System Drivers Directory
1007215 - TMTR-0020: Suspicious Directories Detected In System Drive
1007216 - TMTR-0021: Suspicious Files Detected In System Drive
1007217 - TMTR-0022: Suspicious Files Detected In Recycle Bin
1007218 - TMTR-0023: Suspicious Changes In NTLM Settings
1007219 - TMTR-0024: Suspicious Files Detected In C Drive
1007221 - TMTR-0026: Suspicious Files Detected In Program FIles Folder
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DNS Server
1007137* - PowerDNS Recursor Remote Denial Of Service Vulnerability (CVE-2014-3614)
Mail Client Windows
1007203 - TMTR-0002: PRORAT SMTP Request
Microsoft Office
1006624* - Microsoft Office Component Use After Free Vulnerability (CVE-2015-1642)
1007279 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6040)
1007280 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6118)
1007281 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6122)
1007282 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6124)
1007283 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6177)
1007291 - Microsoft Office Multiple Insecure Library Loading Vulnerabilities
1007251 - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-6172)
Suspicious Client Application Activity
1007181 - TMTR-0001: PRORAT HTTP Request
1007182 - TMTR-0003: PRORAT HTTP Request
1005294* - TMTR-0004: GHOST RAT HTTP Request
1007197 - TMTR-0005: GHOST RAT TCP Connection Detected
1007184 - TMTR-0006: BUTERAT HTTP Request
1007186 - TMTR-0007: STRAT HTTP Request
1007199 - TMTR-0008: STRAT HTTP Request
1007198 - TMTR-0009: STRAT HTTP Request
1007200 - TMTR-0010: FAKEM RAT TCP Connection
1007201 - TMTR-0011: FAKEM RAT TCP Request
1007205 - TMTR-0012: FAKEM RAT TCP Connection
1007206 - TMTR-0013: FAKEMRAT HTTP Request
1007207 - TMTR-0014: NJRAT TCP Connection
1007202 - TMTR-0015: PSYRAT HTTP Request
1007208 - TMTR-0016: SPLINTER RAT TCP Connection
1007209 - TMTR-0017: ZIYAZO RAT BKDR Connection
Web Client Common
1006824* - Adobe Flash ActionScript3 ByteArray Use After Free Vulnerability
1006903* - Adobe Font Driver Memory Corruption Vulnerability (CVE-2015-2426)
1007063* - Foxit Reader PNG Conversion Arbitrary Code Execution Vulnerability
1007119* - Identified Malicious Adobe Flash SWF File - 2
1007277 - Microsoft Windows Graphics Memory Corruption Vulnerability (CVE-2015-6106)
1007249 - Microsoft Windows Graphics Memory Corruption Vulnerability (CVE-2015-6107)
1007250 - Microsoft Windows Integer Underflow Vulnerability (CVE-2015-6130)
1007284 - Microsoft Windows Library Loading Elevation Of Privilege Vulnerability (CVE-2015-6133)
1007287 - Microsoft Windows Library Loading Remote Code Execution Vulnerability (CVE-2015-6128)
1007288 - Microsoft Windows Library Loading Remote Code Execution Vulnerability (CVE-2015-6132)
1007285 - Microsoft Windows Media Center Information Disclosure Vulnerability (CVE-2015-6127)
1007047* - Windows Media Center Remote Code Execution Vulnerability
Web Client Internet Explorer/Edge
1007276 - Microsoft Edge Elevation of Privilege Vulnerability (CVE-2015-6170)
1007248 - Microsoft Edge Memory Corruption Vulnerability (CVE-2015-6168)
1007227 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6140)
1007229 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6142)
1007234 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6148)
1007239 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6153)
1007240 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6154)
1007241 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6155)
1007243 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6158)
1007244 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6159)
1007275 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6157)
1007147* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6075)
1007224 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6083)
1007273 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6134)
1007228 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6141)
1007230 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6143)
1007231 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6145)
1007232 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6146)
1007233 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6147)
1007235 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6149)
1007236 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6150)
1007238 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6152)
1007242 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6156)
1007245 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6160)
1007246 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6162)
1007274 - Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability (CVE-2015-6135)
1007225 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6136)
1007237 - Microsoft Internet Explorer and Edge Memory Corruption Vulnerability (CVE-2015-6151)
Web Client SSL
1005040* - Identified Revoked Certificate Authority In SSL Traffic
Web Server Common
1007185* - Java Unserialize Remote Code Execution Vulnerability
Web Server IIS
1004396* - IIS Repeated Parameter Request Denial Of Service Vulnerability
Web Server SAP
1004831* - SAP Management Console OSExecute Payload Execution
Windows Services RPC Server
1007064* - Executable File Uploaded On System32 Folder Through SMB Share
1006906* - Identified Usage Of PsExec Command Line Tool
Integrity Monitoring Rules:
1006802* - TMTR-0003: Suspicious Files Detected In Operating System Directories
1006801* - TMTR-0004: Suspicious Files Detected In Operating System Directories
1006682* - TMTR-0008: Suspicious Files Detected In Application Directories
1007210 - TMTR-0018: Suspicious Files Detected In User Profile Directory
1007214 - TMTR-0019: Suspicious Files Detected In System Drivers Directory
1007215 - TMTR-0020: Suspicious Directories Detected In System Drive
1007216 - TMTR-0021: Suspicious Files Detected In System Drive
1007217 - TMTR-0022: Suspicious Files Detected In Recycle Bin
1007218 - TMTR-0023: Suspicious Changes In NTLM Settings
1007219 - TMTR-0024: Suspicious Files Detected In C Drive
1007221 - TMTR-0026: Suspicious Files Detected In Program FIles Folder
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Server
1007137 - PowerDNS Recursor Remote Denial Of Service Vulnerability (CVE-2014-3614)
Microsoft Office
1007163 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-1683)
OpenSSL
1007072* - GNU Libtasn1 'decoding.c' Heap Buffer Overflow Vulnerability (CVE-2015-3622)
Suspicious Client Application Activity
1007116* - VMware vCenter Java JMX Server Insecure Configuration Java Code Execution Vulnerability
Web Application PHP Based
1007135* - WordPress XMLRPC 'system.multicall' Brute Force Amplification Attack
Web Client Common
1007193 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-7659)
1007187 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7651)
1007188 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7652)
1007189 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7653)
1007190 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7654)
1007195 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7663)
1007191 - Adobe Flash Player Use After Free Vulnerability - 1
1007192 - Adobe Flash Player Use After Free Vulnerability - 2
1007194 - Adobe Flash Player Use After Free Vulnerability - 3
1007196 - Adobe Flash Player Use After Free Vulnerability - 4
1007211 - Microsoft .NET Framework ASLR Security Bypass Vulnerability (CVE-2015-6115)
1007124 - Microsoft Office RTF Frmtxtbrl EIP Corruption Denial Of Service Vulnerability
1006294* - Microsoft Windows OLE Remote Code Execution Vulnerability Over WebDAV
Web Client Internet Explorer
1006868* - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1007098* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6045)
1007140* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6065)
Web Client SSL
1005040* - Identified Revoked Certificate Authority In SSL Traffic
Web Server Common
1007185 - Java Unserialize Remote Code Execution Vulnerability
Windows Services RPC Client
1007120 - SMB DLL Injection Exploit Detected
Windows Services RPC Server
1007134* - Batch File Uploaded On Network Share
1007066* - Remote Delete Job Through SMBv1 Protocol Detected
Integrity Monitoring Rules:
1002999* - Database Server - Microsoft SQL Server
1006803* - TMTR-0001: Suspicious Files Detected In Operating System Directories
1006800* - TMTR-0002: Suspicious Files Detected In Operating System Directories
1006798* - TMTR-0005: Suspicious Files Detected In Application Directories
1006797* - TMTR-0006: Suspicious Files Detected In Application Directories
1006796* - TMTR-0007: Suspicious Files Detected In Application Directories
1006805* - TMTR-0009: Suspicious Files Detected In System Folder
1006804* - TMTR-0010: Suspicious Files Detected In System Folder
1006795* - TMTR-0011: Suspicious Files Detected In System Folder
1006658* - TMTR-0012: Suspicious Files Detected In Temporary Directories
1006677* - TMTR-0013: Suspicious Files Detected In Windows Folder
1006799* - TMTR-0014: Suspicious Service Detected
1006683* - TMTR-0016: Suspicious Running Processes Detected
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DNS Server
1007137 - PowerDNS Recursor Remote Denial Of Service Vulnerability (CVE-2014-3614)
Microsoft Office
1007163 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-1683)
OpenSSL
1007072* - GNU Libtasn1 'decoding.c' Heap Buffer Overflow Vulnerability (CVE-2015-3622)
Suspicious Client Application Activity
1007116* - VMware vCenter Java JMX Server Insecure Configuration Java Code Execution Vulnerability
Web Application PHP Based
1007135* - WordPress XMLRPC 'system.multicall' Brute Force Amplification Attack
Web Client Common
1007193 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-7659)
1007187 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7651)
1007188 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7652)
1007189 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7653)
1007190 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7654)
1007195 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7663)
1007191 - Adobe Flash Player Use After Free Vulnerability - 1
1007192 - Adobe Flash Player Use After Free Vulnerability - 2
1007194 - Adobe Flash Player Use After Free Vulnerability - 3
1007196 - Adobe Flash Player Use After Free Vulnerability - 4
1007211 - Microsoft .NET Framework ASLR Security Bypass Vulnerability (CVE-2015-6115)
1007124 - Microsoft Office RTF Frmtxtbrl EIP Corruption Denial Of Service Vulnerability
1006294* - Microsoft Windows OLE Remote Code Execution Vulnerability Over WebDAV
Web Client Internet Explorer
1006868* - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1007098* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6045)
1007140* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6065)
Web Client SSL
1005040* - Identified Revoked Certificate Authority In SSL Traffic
Web Server Common
1007185 - Java Unserialize Remote Code Execution Vulnerability
Windows Services RPC Client
1007120 - SMB DLL Injection Exploit Detected
Windows Services RPC Server
1007134* - Batch File Uploaded On Network Share
1007066* - Remote Delete Job Through SMBv1 Protocol Detected
Integrity Monitoring Rules:
1002999* - Database Server - Microsoft SQL Server
1006803* - TMTR-0001: Suspicious Files Detected In Operating System Directories
1006800* - TMTR-0002: Suspicious Files Detected In Operating System Directories
1006798* - TMTR-0005: Suspicious Files Detected In Application Directories
1006797* - TMTR-0006: Suspicious Files Detected In Application Directories
1006796* - TMTR-0007: Suspicious Files Detected In Application Directories
1006805* - TMTR-0009: Suspicious Files Detected In System Folder
1006804* - TMTR-0010: Suspicious Files Detected In System Folder
1006795* - TMTR-0011: Suspicious Files Detected In System Folder
1006658* - TMTR-0012: Suspicious Files Detected In Temporary Directories
1006677* - TMTR-0013: Suspicious Files Detected In Windows Folder
1006799* - TMTR-0014: Suspicious Service Detected
1006683* - TMTR-0016: Suspicious Running Processes Detected
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Client
1006909* - ISC BIND Zone Query Handler Denial Of Service Vulnerability
Microsoft Office
1007166 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6038)
1007167 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6091)
1007168 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6092)
1007183 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6093)
1007169 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6094)
OpenSSL
1007072 - GNU Libtasn1 'decoding.c' Heap Buffer Overflow Vulnerability (CVE-2015-3622)
Web Application Common
1007170 - Identified Suspicious China Chopper Webshell Communication
Web Application PHP Based
1007138 - Restrict WordPress XMLRPC 'system.multicall' Request
1007135 - WordPress XMLRPC 'system.multicall' Brute Force Amplification Attack
Web Application Tomcat
1004708* - Apache Tomcat NIO Connector Denial Of Service Vulnerability
Web Client Common
1007165 - Adobe Acrobat And Reader Buffer Overflow Vulnerability (CVE-2015-6692)
1006912* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3124)
1007119* - Identified Malicious Adobe Flash SWF File - 2
1007160 - Microsoft Windows Graphics Memory Remote Code Execution Vulnerability (CVE-2015-6103)
1007161 - Microsoft Windows Graphics Memory Remote Code Execution Vulnerability (CVE-2015-6104)
1007159 - Microsoft Windows Journal Heap Overflow Vulnerability (CVE-2015-6097)
1006433* - Microsoft Windows OLE Remote Code Execution Vulnerability - 3
1006997 - Multiple Browser libjpeg-turbo Memory Corruption Vulnerability
1007056 - Oracle Java Runtime Environment Type2BuildChar Function Memory Disclosure Vulnerability (CVE-2015-2619)
1007162 - Oracle Java SE Remote Security Bypass Vulnerability (CVE-2015-4902)
1007019 - Oracle Java SE True Type Font Heap Corruption Vulnerability
Web Client Internet Explorer
1007097* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6042)
1007100* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6049)
1007139 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6064)
1007140 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6065)
1007141 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6066)
1007142 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6068)
1007143 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6070)
1007144 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6071)
1007145 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6072)
1007146 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6073)
1007147 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6075)
1007148 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6076)
1007149 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6077)
1007150 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6078)
1007151 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6079)
1007152 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6080)
1007153 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6081)
1007154 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6082)
1007155 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6084)
1007156 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6085)
1007177 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6086)
1007157 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6087)
1007180 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6088)
1007158 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6089)
1007105* - Microsoft Windows Shell Tablet Input Band Use After Free Vulnerability (CVE-2015-2548)
Web Client SSL
1003779* - Null Truncation In X.509 Common Name Spoofing Vulnerability
Web Server Apache
1001028* - Apache HTTP Server Mod_Cache Denial Of Service Vulnerability
Web Server Miscellaneous
1000568* - Absolute Path Traversal Vulnerability In Easy File Sharing Web Server
1006700* - Apache CouchDB "_uuids" Request Denial Of Service Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DNS Client
1006909* - ISC BIND Zone Query Handler Denial Of Service Vulnerability
Microsoft Office
1007166 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6038)
1007167 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6091)
1007168 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6092)
1007183 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6093)
1007169 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6094)
OpenSSL
1007072 - GNU Libtasn1 'decoding.c' Heap Buffer Overflow Vulnerability (CVE-2015-3622)
Web Application Common
1007170 - Identified Suspicious China Chopper Webshell Communication
Web Application PHP Based
1007138 - Restrict WordPress XMLRPC 'system.multicall' Request
1007135 - WordPress XMLRPC 'system.multicall' Brute Force Amplification Attack
Web Application Tomcat
1004708* - Apache Tomcat NIO Connector Denial Of Service Vulnerability
Web Client Common
1007165 - Adobe Acrobat And Reader Buffer Overflow Vulnerability (CVE-2015-6692)
1006912* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3124)
1007119* - Identified Malicious Adobe Flash SWF File - 2
1007160 - Microsoft Windows Graphics Memory Remote Code Execution Vulnerability (CVE-2015-6103)
1007161 - Microsoft Windows Graphics Memory Remote Code Execution Vulnerability (CVE-2015-6104)
1007159 - Microsoft Windows Journal Heap Overflow Vulnerability (CVE-2015-6097)
1006433* - Microsoft Windows OLE Remote Code Execution Vulnerability - 3
1006997 - Multiple Browser libjpeg-turbo Memory Corruption Vulnerability
1007056 - Oracle Java Runtime Environment Type2BuildChar Function Memory Disclosure Vulnerability (CVE-2015-2619)
1007162 - Oracle Java SE Remote Security Bypass Vulnerability (CVE-2015-4902)
1007019 - Oracle Java SE True Type Font Heap Corruption Vulnerability
Web Client Internet Explorer
1007097* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6042)
1007100* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6049)
1007139 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6064)
1007140 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6065)
1007141 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6066)
1007142 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6068)
1007143 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6070)
1007144 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6071)
1007145 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6072)
1007146 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6073)
1007147 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6075)
1007148 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6076)
1007149 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6077)
1007150 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6078)
1007151 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6079)
1007152 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6080)
1007153 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6081)
1007154 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6082)
1007155 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6084)
1007156 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6085)
1007177 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6086)
1007157 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6087)
1007180 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6088)
1007158 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6089)
1007105* - Microsoft Windows Shell Tablet Input Band Use After Free Vulnerability (CVE-2015-2548)
Web Client SSL
1003779* - Null Truncation In X.509 Common Name Spoofing Vulnerability
Web Server Apache
1001028* - Apache HTTP Server Mod_Cache Denial Of Service Vulnerability
Web Server Miscellaneous
1000568* - Absolute Path Traversal Vulnerability In Easy File Sharing Web Server
1006700* - Apache CouchDB "_uuids" Request Denial Of Service Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
HP AutoPass License Server
1006811* - HP AutoPass License Server Remote Code Execution Vulnerability (CVE-2013-6221)
HP OpenView
1003899* - HP OpenView Data Protector Application Recovery Manager Buffer Overflow
Microsoft Office
1007112* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2558)
OpenSSL Client
1006856* - OpenSSL Client Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
Suspicious Client Application Activity
1007113 - HTRANS Response Detected
TFTP Server
1000876* - Microsoft Windows Remote Installation Service Anonymous File Upload
Unix SSH
1000798* - Unix OpenSSH sshd Identical Blocks DoS
Web Application Tomcat
1004708* - Apache Tomcat NIO Connector Denial Of Service Vulnerability
Web Client Common
1006735* - Adobe Acrobat And Reader Multiple Remote Security Bypass Vulnerabilities
1007122 - Adobe Acrobat And Reader Remote Security Bypass On JavaScript API Execution (CVE-2015-3073)
1006973* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5132)
1006980* - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-5560)
1007126 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-7625)
1007127 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-7627)
1007132 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-7633)
1007128 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-7628)
1006916* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-4430)
1007129 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7629)
1007130 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7631)
1007131 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7632)
1007031 - Google Chrome SVG Use After Free Arbitrary Code Execution Vulnerability (CVE-2015-1256)
1007119* - Identified Malicious Adobe Flash SWF File - 2
1006956* - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2455)
Web Client Internet Explorer
1007102* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6053)
1007026* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2487)
1007096* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2482)
1007094 - Microsoft Internet Explorer Stack Underflow Vulnerability
1007107* - Microsoft Internet Explorer VBScript And JScript ASLR Bypass Vulnerability (CVE-2015-6052)
1007104* - Microsoft Windows Shell Toolbar Use After Free Vulnerability (CVE-2015-2515)
Web Server Miscellaneous
1006700 - Apache CouchDB "_uuids" Request Denial Of Service Vulnerability
1006808* - Novell Zenworks Configuration Management Multiple Information Disclosure Vulnerabilities
Windows Services RPC Server
1007134 - Batch File Upload On Network Share
1007065 - Executable File Uploaded On Network Share
1007064 - Executable File Uploaded On System32 Folder Through SMB Share
1007114 - Portable Executable File Uploaded On SMB Share
1007121 - Remote Access Event Through SMBv2 Protocol Detected
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
HP AutoPass License Server
1006811* - HP AutoPass License Server Remote Code Execution Vulnerability (CVE-2013-6221)
HP OpenView
1003899* - HP OpenView Data Protector Application Recovery Manager Buffer Overflow
Microsoft Office
1007112* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2558)
OpenSSL Client
1006856* - OpenSSL Client Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
Suspicious Client Application Activity
1007113 - HTRANS Response Detected
TFTP Server
1000876* - Microsoft Windows Remote Installation Service Anonymous File Upload
Unix SSH
1000798* - Unix OpenSSH sshd Identical Blocks DoS
Web Application Tomcat
1004708* - Apache Tomcat NIO Connector Denial Of Service Vulnerability
Web Client Common
1006735* - Adobe Acrobat And Reader Multiple Remote Security Bypass Vulnerabilities
1007122 - Adobe Acrobat And Reader Remote Security Bypass On JavaScript API Execution (CVE-2015-3073)
1006973* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5132)
1006980* - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-5560)
1007126 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-7625)
1007127 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-7627)
1007132 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-7633)
1007128 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-7628)
1006916* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-4430)
1007129 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7629)
1007130 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7631)
1007131 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7632)
1007031 - Google Chrome SVG Use After Free Arbitrary Code Execution Vulnerability (CVE-2015-1256)
1007119* - Identified Malicious Adobe Flash SWF File - 2
1006956* - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2455)
Web Client Internet Explorer
1007102* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6053)
1007026* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2487)
1007096* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2482)
1007094 - Microsoft Internet Explorer Stack Underflow Vulnerability
1007107* - Microsoft Internet Explorer VBScript And JScript ASLR Bypass Vulnerability (CVE-2015-6052)
1007104* - Microsoft Windows Shell Toolbar Use After Free Vulnerability (CVE-2015-2515)
Web Server Miscellaneous
1006700 - Apache CouchDB "_uuids" Request Denial Of Service Vulnerability
1006808* - Novell Zenworks Configuration Management Multiple Information Disclosure Vulnerabilities
Windows Services RPC Server
1007134 - Batch File Upload On Network Share
1007065 - Executable File Uploaded On Network Share
1007064 - Executable File Uploaded On System32 Folder Through SMB Share
1007114 - Portable Executable File Uploaded On SMB Share
1007121 - Remote Access Event Through SMBv2 Protocol Detected
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Client Common
1007119 - Identified Malicious Adobe Flash SWF File - 2
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Web Client Common
1007119 - Identified Malicious Adobe Flash SWF File - 2
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Application Control For File Sharing
1003655* - Application Control For Share NT5
Directory Server LDAP
1002614* - OpenLDAP ber_get_next BER Decoding Denial of Service
HP AutoPass License Server
1006811 - HP AutoPass License Server Remote Code Execution Vulnerability (CVE-2013-6221)
Microsoft Office
1006941* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2477)
1007110 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2555)
1007111 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2557)
1007112 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2558)
OpenSSL
1006854* - OpenSSL X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)
OpenSSL Client
1006920* - OpenSSL Client X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)
Suspicious Client Application Activity
1007116 - VMware vCenter Java JMX Server Insecure Configuration Java Code Execution Vulnerability
Web Application PHP Based
1006656* - Magento Admin Authentication Bypass Vulnerability
Web Client Common
1007090 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-6676)
1007093 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-6678)
1006772* - Adobe Flash Player Cross Domain Policy Bypass Vulnerability
1006985* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5547)
1006986* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5548)
1007073 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5567)
1007078 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5574)
1007079 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5575)
1007080 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5576)
1007081 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5578)
1007082 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5579)
1007083 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5580)
1007085 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5582)
1007088 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5588)
1002948* - Adobe Flash Player SWF Version Null Pointer Dereference Denial Of Service
1007076 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-5572)
1007091 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-6679)
1007087 - Adobe Flash Player Stack Buffer Overflow Vulnerability (CVE-2015-5587)
1007077 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-5573)
1007115 - Adobe Flash Player Use After Free Vulnerability
1006590* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-0342)
1006780* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3106)
1007075 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5570)
1007084 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5581)
1007086 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5584)
1007092 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-6682)
1007074 - Adobe Flash Player Vector Length Corruption Vulnerability (CVE-2015-5568)
1007063 - Foxit Reader PNG Conversion Arbitrary Code Execution Vulnerability
1006631* - Identified File Protocol Handler In HTTP Location Header
1006820* - Java SE Remote Security Vulnerability (CVE-2015-0491)
1007061 - Mozilla Firefox Arbitrary JavaScript Code Execution
1005849* - RealNetworks RealPlayer Stack Based Buffer Overflow Vulnerability
Web Client Internet Explorer
1007106 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6046)
1007102 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6053)
1007108 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6059)
1007097 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6042)
1007098 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6045)
1007099 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6048)
1007100 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6049)
1007101 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6050)
1007096 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2482)
1007103 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6055)
1007107 - Microsoft Internet Explorer VBScript And JScript ASLR Bypass Vulnerability (CVE-2015-6052)
1007105 - Microsoft Windows Shell Tablet Input Band Use After Free Vulnerability (CVE-2015-2548)
1007104 - Microsoft Windows Shell Toolbar Use After Free Vulnerability (CVE-2015-2515)
Web Client SSL
1006606* - Identified Fraudulent Digital Certificate - 1
Web Server Common
1007117 - Identified Python Werkzeug Debugger Remote Code Execution
Web Server IIS
1004396* - IIS Repeated Parameter Request Denial Of Service Vulnerability
Web Server Miscellaneous
1006808 - Novell Zenworks Configuration Management Multiple Information Disclosure Vulnerabilities
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Application Control For File Sharing
1003655* - Application Control For Share NT5
Directory Server LDAP
1002614* - OpenLDAP ber_get_next BER Decoding Denial of Service
HP AutoPass License Server
1006811 - HP AutoPass License Server Remote Code Execution Vulnerability (CVE-2013-6221)
Microsoft Office
1006941* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2477)
1007110 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2555)
1007111 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2557)
1007112 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2558)
OpenSSL
1006854* - OpenSSL X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)
OpenSSL Client
1006920* - OpenSSL Client X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)
Suspicious Client Application Activity
1007116 - VMware vCenter Java JMX Server Insecure Configuration Java Code Execution Vulnerability
Web Application PHP Based
1006656* - Magento Admin Authentication Bypass Vulnerability
Web Client Common
1007090 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-6676)
1007093 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-6678)
1006772* - Adobe Flash Player Cross Domain Policy Bypass Vulnerability
1006985* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5547)
1006986* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5548)
1007073 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5567)
1007078 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5574)
1007079 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5575)
1007080 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5576)
1007081 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5578)
1007082 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5579)
1007083 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5580)
1007085 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5582)
1007088 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5588)
1002948* - Adobe Flash Player SWF Version Null Pointer Dereference Denial Of Service
1007076 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-5572)
1007091 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-6679)
1007087 - Adobe Flash Player Stack Buffer Overflow Vulnerability (CVE-2015-5587)
1007077 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-5573)
1007115 - Adobe Flash Player Use After Free Vulnerability
1006590* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-0342)
1006780* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3106)
1007075 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5570)
1007084 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5581)
1007086 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5584)
1007092 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-6682)
1007074 - Adobe Flash Player Vector Length Corruption Vulnerability (CVE-2015-5568)
1007063 - Foxit Reader PNG Conversion Arbitrary Code Execution Vulnerability
1006631* - Identified File Protocol Handler In HTTP Location Header
1006820* - Java SE Remote Security Vulnerability (CVE-2015-0491)
1007061 - Mozilla Firefox Arbitrary JavaScript Code Execution
1005849* - RealNetworks RealPlayer Stack Based Buffer Overflow Vulnerability
Web Client Internet Explorer
1007106 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6046)
1007102 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6053)
1007108 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6059)
1007097 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6042)
1007098 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6045)
1007099 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6048)
1007100 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6049)
1007101 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6050)
1007096 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2482)
1007103 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6055)
1007107 - Microsoft Internet Explorer VBScript And JScript ASLR Bypass Vulnerability (CVE-2015-6052)
1007105 - Microsoft Windows Shell Tablet Input Band Use After Free Vulnerability (CVE-2015-2548)
1007104 - Microsoft Windows Shell Toolbar Use After Free Vulnerability (CVE-2015-2515)
Web Client SSL
1006606* - Identified Fraudulent Digital Certificate - 1
Web Server Common
1007117 - Identified Python Werkzeug Debugger Remote Code Execution
Web Server IIS
1004396* - IIS Repeated Parameter Request Denial Of Service Vulnerability
Web Server Miscellaneous
1006808 - Novell Zenworks Configuration Management Multiple Information Disclosure Vulnerabilities
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.