Trend Micro Security
  Rule Update

19-020 (2019年4月16日)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1009490* - Block Administrative Share - 1 (ATT&CK T1077,T1105)
1005293* - Prevent Windows Administrator User Login Over SMB (ATT&CK T1077)

DHCP Server
1009542* - Microsoft Windows DHCP Server Remote Code Execution Vulnerability (CVE-2019-0626)

Database PostgreSQL
1009614* - PostgreSQL Authenticated Arbitrary Remote Code Execution Vulnerability (CVE-2019-9193)

Microsoft Office
1009635* - Microsoft Office Multiple Security Vulnerabilities (Dec 2018)

Port Mapper FTP Client
1009558* - Remote File Copy Over FTP (ATT&CK T1105)

Suspicious Server Application Activity
1009549* - Detected Terminal Services (RDP) Server Traffic - 1 (ATT&CK T1015,T1043,T1076)

Trend Micro OfficeScan
1009608* - Trend Micro Apex One And OfficeScan Directory Traversal Vulnerability (CVE-2019-9489)

Web Application Common
1009621 - Identified Directory Traversal Sequence In HTTP Header

Web Application PHP Based
1009617* - WordPress Easy SMTP Plugin Unauthenticated Arbitrary 'wp_options' Import Vulnerability
1009631* - WordPress Social Warfare Unauthenticated Settings Update Vulnerability (CVE-2019-9978)

Web Application Tomcat
1009697 - Apache Tomcat Remote Code Execution Vulnerability (CVE-2019-0232)

Web Client Common
1009555 - Google Chrome Local File Information Disclosure Vulnerability
1005676* - Identified Download Of XML File With External Entity Reference
1009619 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-0614)

Web Server Common
1005839* - Identified XML External Entity Injection In HTTP Request
1009561* - Kubernetes API Server Denial of Service Vulnerability (CVE-2019-1002100)

Web Server IIS HTTPS
1009641 - Microsoft IIS HTTP/2 Setting Frames Denial Of Service Vulnerability (ADV190005)

Windows Services RPC Client DCERPC
1008477* - Identified Usage Of WMI Execute Methods - Client (ATT&CK T1047)

Windows Services RPC Server DCERPC
1009478* - Identified Remote Service Creation Over DCE/RPC Protocol (ATT&CK T1050)
1009604* - Identified Usage Of WMI Execute Methods - Server - 1 (ATT&CK T1047)
1009480* - Identified WMI Query Over DCE/RPC Protocol (ATT&CK T1005)
1007054* - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected (ATT&CK T1053)
1007053* - Remote Schedule Task 'Delete' Through SMBv2 Protocol Detected (ATT&CK T1053)
1007017* - Remote Schedule Task 'Run' Through SMBv2 Protocol Detected (ATT&CK T1053)

Integrity Monitoring Rules:

1009628 - AppInit DLLs (ATT&CK: T1103)
1009626 - Windows Accessibility Features - ImageFileExecution (ATT&CK: T1015,T1183)

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.