Deep Security Center

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Backup Server Veritas
1008584* - Veritas Backup Exec Windows Remote File Access (CVE-2005-2611)


HP Intelligent Management Center Dbman
1008506* - HPE Intelligent Management Center Multiple dbman Opcode Command Injection Remote Code Execution Vulnerabilities


Suspicious Server Ransomware Activity
1007580* - Ransomware HTTP Request-1


Web Application Common
1008587* - ImageMagick MagickCore IsOptionMember Denial Of Service Vulnerability (CVE-2016-10252) - 1
1008510* - ImageMagick ReadPESImage Denial Of Service Vulnerability (CVE-2017-11446) - 1
1008608* - ImageMagick WriteHISTOGRAMImage Information Disclosure Vulnerability (CVE-2017-11531) - 1


Web Client Common
1008478* - Microsoft MsMpEng Use After Free Vulnerability (CVE-2017-8540)
1008623 - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8570)
1008628 - Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2017-8743)
1008634 - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11762)
1008643 - Microsoft Windows Shell Memory Corruption Vulnerability (CVE-2017-8727)
1008627 - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-8692)
1008592* - Microsoft Windows Win32k Graphics Multiple Security Vulnerabilities (Sep-2017)
1008642 - Microsoft Windows Win32k Multiple Elevation Of Privilege Vulnerabilities (October-2017)


Web Client Internet Explorer/Edge
1008595* - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8734)
1008637 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11798)
1008638 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11800)
1008586 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8657)
1008631 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8661)
1008624 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8729)
1008597* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8738)
1008625 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8740)
1008640 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-11822)
1008636 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11793)
1008639 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11810)
1008635 - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11763)


Web Server Apache
1008127 - Apache Commons File Upload Boundary Denial Of Service Vulnerability (CVE-2016-3092)
1008618* - Apache HTTP OPTIONS Information Disclosure Vulnerability (CVE-2017-9798)


Web Server Common
1008621* - Disallow Upload Of A JSP File


Web Server Miscellaneous
1008590* - Apache Struts 2 REST Plugin XStream Remote Code Execution Vulnerability (CVE-2017-9805)
1005528* - Identified Apache Struts Allow Direct Member Access Method In HTTP Request


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

HP Intelligent Management Center IMC Syslog Daemon
1008505 - HPE Intelligent Management Center (iMC) Remote Code Execution Vulnerability (CVE-2017-5815)


Suspicious Client Application Activity
1005294* - TMTR-0004: GHOST RAT HTTP Request


Web Application Common
1008606 - ImageMagick WritePSImage Information Disclosure Vulnerability (CVE-2017-11535) - 1


Web Client Common
1008607 - ImageMagick WritePSImage Information Disclosure Vulnerability (CVE-2017-11535)
1008197 - Microsoft Windows CSRSS Security Feature Bypass Vulnerability (CVE-2016-0151)
1008549 - Microsoft Windows DVD Maker Cross-Site Request Forgery Vulnerability (CVE-2017-0045)
1008264 - Microsoft Windows Multiple Security Vulnerabilities (MS16-062)
1008521* - Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2017-0291)


Web Client Mozilla Firefox
1008579 - Mozilla Firefox Use-After-Free Vulnerability (CVE-2016-1960)


Web Server IIS
1003671* - Microsoft ASP.NET Remote Unauthenticated Denial Of Service Vulnerability (CVE-2009-1536)


Web Server Miscellaneous
1008620 - Apache Struts Denial Of Service Vulnerability (CVE-2017-9793)


Integrity Monitoring Rules:

1006544* - Adware - Suspicious Microsoft Windows Superfish Detected
1004950* - Microsoft Visual Studio - New Add-In Created
1006801* - TMTR-0004: Suspicious Files Detected In Operating System Directories


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

HP Intelligent Management Center Dbman
1004677* - HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability
1008506 - HPE Intelligent Management Center Multiple dbman Opcode Command Injection Remote Code Execution Vulnerabilities


Web Application Common
1008587 - ImageMagick MagickCore IsOptionMember Denial Of Service Vulnerability (CVE-2016-10252) - 1
1008608 - ImageMagick WriteHISTOGRAMImage Information Disclosure Vulnerability (CVE-2017-11531) - 1


Web Client Common
1008576 - Adobe Reader DC PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2017-3040)
1008588 - ImageMagick MagickCore IsOptionMember Denial Of Service Vulnerability (CVE-2016-10252)
1008609 - ImageMagick WriteHISTOGRAMImage Information Disclosure Vulnerability (CVE-2017-11531)
1008258 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-039)
1008602* - Microsoft Windows PDF Library Multiple Remote Code Execution Vulnerabilities (Sep-2017)
1008617 - Microsoft Windows PDF Library Remote Code Execution Vulnerability (CVE-2017-0293)
1008263 - Microsoft Windows Secondary Logon Elevation Of Privilege Vulnerability (CVE-2016-0099)
1007559* - Microsoft Windows Secondary Logon Elevation Of Privilege Vulnerability (CVE-2016-0135)
1008196 - Microsoft Windows WebDAV Elevation Of Privilege Vulnerability (CVE-2016-0051)


Web Client Internet Explorer/Edge
1008565 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8646)
1008563* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8671)


Web Server Apache
1008618 - Apache HTTP OPTIONS Information Disclosure Vulnerability (CVE-2017-9798)


Web Server Common
1008621 - Disallow Upload Of A JSP File


Web Server Miscellaneous
1008610 - Block Object-Graph Navigation Language (OGNL) Expressions Initiation In Apache Struts HTTP Request


Integrity Monitoring Rules:

1005041* - Malware - Suspicious Microsoft Windows Files Detected
1007210* - TMTR-0018: Suspicious Files Detected In User Profile Directory


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Backup Server Veritas
1008584 - Veritas Backup Exec Windows Remote File Access (CVE-2005-2611)


DCERPC Services - Client
1008585 - Microsoft Windows LNK Remote Code Execution Over SMB (CVE-2017-8464)


Directory Server LDAP
1008453* - OpenLDAP ldapsearch pagesize Double Free Denial Of Service Vulnerability (CVE-2017-9287)


Web Application Common
1008512* - ImageMagick Denial Of Service Vulnerability (CVE-2017-9261) - 1
1008514* - ImageMagick Denial Of Service Vulnerability (CVE-2017-9262) - 1
1008508* - ImageMagick Heap-Based Buffer Overflow Vulnerability (CVE-2017-10928) - 1
1008540* - ImageMagick ReadMATImage Information Disclosure Vulnerability (CVE-2017-11644) - 1
1008542* - ImageMagick ReadMATImage Information Disclosure Vulnerability (CVE-2017-11724) - 1
1008510 - ImageMagick ReadPESImage Denial Of Service Vulnerability (CVE-2017-11446) - 1


Web Client Common
1008613 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-28)
1008509 - ImageMagick ReadPESImage Denial Of Service Vulnerability (CVE-2017-11446)
1008616 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8641)
1008199 - Microsoft Win32k Elevation Of Privilege Vulnerability (CVE-2016-3219)
1008604* - Microsoft Windows .NET Framework Remote Code Execution Vulnerability (CVE-2017-8759)
1008198 - Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2016-0180)
1008435* - Microsoft Windows LNK Remote Code Execution Vulnerability (CVE-2017-8464)
1008612 - Microsoft Windows LNK Remote Code Execution Vulnerability Over WebDAV (CVE-2017-8464)
1008200 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-073)
1008265 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-098)
1008259 - Microsoft Windows Multiple Security Vulnerabilities (MS16-090)


Web Client Internet Explorer/Edge
1008568 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8635)
1008569 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8636)


Web Server Common
1004859* - Disallowed HTTP Header


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

SSH Client
1008580 - OpenSSH Forward Option Handler Buffer Overflow Vulnerability (CVE-2016-0778)


Web Application Common
1005402* - Identified Suspicious User Agent In HTTP Request
1008512 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9261) - 1
1008418* - ImageMagick Memory Corruption Vulnerability (CVE-2016-8862)
1008540 - ImageMagick ReadMATImage Information Disclosure Vulnerability (CVE-2017-11644) - 1
1008542 - ImageMagick ReadMATImage Information Disclosure Vulnerability (CVE-2017-11724) - 1


Web Client Common
1008511 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9261)
1008539 - ImageMagick ReadMATImage Information Disclosure Vulnerability (CVE-2017-11644)
1008541 - ImageMagick ReadMATImage Information Disclosure Vulnerability (CVE-2017-11724)
1008604 - Microsoft Windows .NET Framework Remote Code Execution Vulnerability (CVE-2017-8759)
1008602 - Microsoft Windows PDF Library Multiple Remote Code Execution Vulnerabilities (Sep-2017)
1008592 - Microsoft Windows Win32k Graphics Remote Code Execution Vulnerability (CVE-2017-8682)


Web Client Internet Explorer/Edge
1008594 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8731)
1008595 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8734)
1008603 - Microsoft Edge Remote Code Execution Vulnerability (CVE-2017-8757)
1008484* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8601)
1008564 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8634)
1008566 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8640)
1008597 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8738)
1008601 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8753)
1008600 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-8750)
1008598 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-8747)
1008599 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-8749)


Web Server Common
1008581 - Identified Suspicious IP Addresses In XFF HTTP Header


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Server Miscellaneous
1008605 - Apache Struts OGNL Expression Remote Code Execution Vulnerability (CVE-2017-12611)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Server Miscellaneous
1008590 - Apache Struts 2 REST Plugin XStream Remote Code Execution Vulnerability (CVE-2017-9805)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1003712* - Windows Vista SMB2.0 Negotiate Protocol Request Remote Code Execution


DCERPC Services - Client
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client


Directory Server LDAP
1008453 - OpenLDAP ldapsearch pagesize Double Free Denial Of Service Vulnerability (CVE-2017-9287)


Suspicious Client Ransomware Activity
1008572 - Ransomware Defray
1007602* - Ransomware Locky


VoIP Soft Phones
1008421* - Digium Asterisk CDR ast_cdr_setuserfield Buffer Overflow Vulnerability (CVE-2017-7617)


Web Application Common
1008514 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9262) - 1
1008508 - ImageMagick Heap-Based Buffer Overflow Vulnerability (CVE-2017-10928) - 1


Web Application PHP Based
1008524* - PHP INI Parsing Stack Buffer Overflow Vulnerability (CVE-2017-11628)


Web Application Ruby Based
1007645* - Ruby On Rails Rack Denial Of Service Vulnerability (CVE-2015-3225)


Web Client Common
1008545* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 2
1008544* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 4
1008513 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9262)
1008507 - ImageMagick Heap-Based Buffer Overflow Vulnerability (CVE-2017-10928)


Web Server Common
1006540* - Enable X-Forwarded-For HTTP Header Logging


Web Server RealVNC
1008557* - RealVNC NULL Authentication Mode Bypass Vulnerability (CVE-2006-2369)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1003222* - Block Administrative Share


DNS Client
1008571 - DNS Request To ShadowPad Domain Detection


VoIP Soft Phones
1008421 - Digium Asterisk CDR ast_cdr_setuserfield Buffer Overflow Vulnerability (CVE-2017-7617)


Web Application Ruby Based
1007645 - Ruby On Rails Rack Denial Of Service Vulnerability (CVE-2015-3225)


Web Client Common
1008435* - Microsoft Windows LNK Remote Code Execution Vulnerability (CVE-2017-8464)


Web Client Internet Explorer/Edge
1008567 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8644)
1008570 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8548)
1008563 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8671)
1008482* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-8594)


Web Server Common
1000128* - HTTP Protocol Decoding


Web Server RealVNC
1008557 - RealVNC NULL Authentication Mode Bypass Vulnerability (CVE-2006-2369)


Integrity Monitoring Rules:

1003063* - Mail Server - Microsoft Exchange Server


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1008558 - Identified Windows Search Protocol Network Traffic Over SMB
1008560 - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8620)


DCERPC Services - Client
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
1008407 - Skype Insecure Library Loading Vulnerability Over Network Share (CVE-2017-6517)


Web Application PHP Based
1008524 - PHP INI Parsing Stack Buffer Overflow Vulnerability (CVE-2017-11628)


Web Client Common
1008408 - Skype Insecure Library Loading Vulnerability Over WebDAV (CVE-2017-6517)


Web Client Internet Explorer/Edge
1008547 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8652)
1008531 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8603)


Web Server Apache
1008519* - Apache HTTP Server Denial Of Service Vulnerability (CVE-2017-7668)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.