Trend Micro Security
  Rule Update

23-002 (2023年1月10日)


  概要

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

SolarWinds Information Service
1011642* - SolarWinds Network Performance Monitor Insecure Deserialization Vulnerability (CVE-2022-36964)


Solr Service
1010203* - Apache Solr VelocityResponseWriter Remote Code Execution Vulnerability (CVE-2019-17558)


Web Application PHP Based
1011302* - WordPress 'Contact Form 7' plugin Unauthenticated Stored Cross-Site Scripting Vulnerability (CVE-2021-25080)


Web Client Common
1011054* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-31206)


Web Server HTTPS
1011648 - Identified Usage of Microsoft Exchange SOAP Powershell


Windows SMB Server
1011593* - Identified Executable File Upload On Network Share (ATT&CK T1570)


Zoho ManageEngine
1011653 - Zoho ManageEngine ADManager Plus Command Injection Vulnerability (CVE-2022-42904)
1011626* - Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability (CVE-2022-40770)
1011652 - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2022-43671)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1011654 - Microsoft Windows - Unsecured LSA Buffer Admin Credential Dumping Vulnerability (CVE-2023-21726) (ATT&CK T1003, T1552.002)