Trend Micro Deep Security™️およびDPIルール等の関連情報

  • Rule Update: 15-038 (2015年12月22日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DNS Client
    1007297* - Microsoft Windows DNS Use After Free Vulnerability (CVE-2015-6125)


    Web Client Common
    1007319 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-8457)
    1007316 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2015-8407)
    1007313 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2015-8438)
    1007310 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2015-8446)
    1007323 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-8445)
    1007317 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8060)
    1007306 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8408)
    1007304 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8418)
    1007303 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8419)
    1007308 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8443)
    1007309 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8444)
    1007312 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-8439)
    1007325 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8043)
    1007326 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8044)
    1007327 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8046)
    1007318 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8048)
    1007305 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8414)
    1007324 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8434)
    1007302 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8435)
    1007315 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8436)
    1007314 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8437)
    1007307 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8442)
    1007311 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8447)
    1007322 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8448)
    1007321 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8449)
    1007320 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8450)
    1006532* - Identified Malicious Adobe Flash SWF File - 1


    Web Client Internet Explorer/Edge
    1007293 - Microsoft Internet Explorer COmWindowProxy Null Pointer Dereference Vulnerability
    1007140* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6065)
    1007156* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6085)
    1007180* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6088)


    Web Server Common
    1000128* - HTTP Protocol Decoding


    Windows Services RPC Server
    1007125 - Remote Access Event Through SMBv1 Protocol Detected
    1007121* - Remote Access Event Through SMBv2 Protocol Detected


    Integrity Monitoring Rules:

    1007295 - Application - chrony


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • Rule Update: 15-037 (2015年12月16日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DNS Client
    1007299 - Identified DNS Response With Low TTL Value
    1007297 - Microsoft Windows DNS Use After Free Vulnerability (CVE-2015-6125)


    Web Application PHP Based
    1007298 - Joomla Core Remote Code Execution Vulnerability (CVE-2015-8562)


    Web Client Common
    1006070* - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2014-0515) - 1
    1007211* - Microsoft .NET Framework ASLR Security Bypass Vulnerability (CVE-2015-6115)
    1007161* - Microsoft Windows Graphics Memory Remote Code Execution Vulnerability (CVE-2015-6104)


    Web Client Internet Explorer/Edge
    1007224* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6083)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • Rule Update: 15-036 (2015年12月8日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DNS Server
    1007137* - PowerDNS Recursor Remote Denial Of Service Vulnerability (CVE-2014-3614)


    Mail Client Windows
    1007203 - TMTR-0002: PRORAT SMTP Request


    Microsoft Office
    1006624* - Microsoft Office Component Use After Free Vulnerability (CVE-2015-1642)
    1007279 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6040)
    1007280 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6118)
    1007281 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6122)
    1007282 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6124)
    1007283 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6177)
    1007291 - Microsoft Office Multiple Insecure Library Loading Vulnerabilities
    1007251 - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-6172)


    Suspicious Client Application Activity
    1007181 - TMTR-0001: PRORAT HTTP Request
    1007182 - TMTR-0003: PRORAT HTTP Request
    1005294* - TMTR-0004: GHOST RAT HTTP Request
    1007197 - TMTR-0005: GHOST RAT TCP Connection Detected
    1007184 - TMTR-0006: BUTERAT HTTP Request
    1007186 - TMTR-0007: STRAT HTTP Request
    1007199 - TMTR-0008: STRAT HTTP Request
    1007198 - TMTR-0009: STRAT HTTP Request
    1007200 - TMTR-0010: FAKEM RAT TCP Connection
    1007201 - TMTR-0011: FAKEM RAT TCP Request
    1007205 - TMTR-0012: FAKEM RAT TCP Connection
    1007206 - TMTR-0013: FAKEMRAT HTTP Request
    1007207 - TMTR-0014: NJRAT TCP Connection
    1007202 - TMTR-0015: PSYRAT HTTP Request
    1007208 - TMTR-0016: SPLINTER RAT TCP Connection
    1007209 - TMTR-0017: ZIYAZO RAT BKDR Connection


    Web Client Common
    1006824* - Adobe Flash ActionScript3 ByteArray Use After Free Vulnerability
    1006903* - Adobe Font Driver Memory Corruption Vulnerability (CVE-2015-2426)
    1007063* - Foxit Reader PNG Conversion Arbitrary Code Execution Vulnerability
    1007119* - Identified Malicious Adobe Flash SWF File - 2
    1007277 - Microsoft Windows Graphics Memory Corruption Vulnerability (CVE-2015-6106)
    1007249 - Microsoft Windows Graphics Memory Corruption Vulnerability (CVE-2015-6107)
    1007250 - Microsoft Windows Integer Underflow Vulnerability (CVE-2015-6130)
    1007284 - Microsoft Windows Library Loading Elevation Of Privilege Vulnerability (CVE-2015-6133)
    1007287 - Microsoft Windows Library Loading Remote Code Execution Vulnerability (CVE-2015-6128)
    1007288 - Microsoft Windows Library Loading Remote Code Execution Vulnerability (CVE-2015-6132)
    1007285 - Microsoft Windows Media Center Information Disclosure Vulnerability (CVE-2015-6127)
    1007047* - Windows Media Center Remote Code Execution Vulnerability


    Web Client Internet Explorer/Edge
    1007276 - Microsoft Edge Elevation of Privilege Vulnerability (CVE-2015-6170)
    1007248 - Microsoft Edge Memory Corruption Vulnerability (CVE-2015-6168)
    1007227 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6140)
    1007229 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6142)
    1007234 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6148)
    1007239 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6153)
    1007240 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6154)
    1007241 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6155)
    1007243 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6158)
    1007244 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6159)
    1007275 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6157)
    1007147* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6075)
    1007224 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6083)
    1007273 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6134)
    1007228 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6141)
    1007230 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6143)
    1007231 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6145)
    1007232 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6146)
    1007233 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6147)
    1007235 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6149)
    1007236 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6150)
    1007238 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6152)
    1007242 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6156)
    1007245 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6160)
    1007246 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6162)
    1007274 - Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability (CVE-2015-6135)
    1007225 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6136)
    1007237 - Microsoft Internet Explorer and Edge Memory Corruption Vulnerability (CVE-2015-6151)


    Web Client SSL
    1005040* - Identified Revoked Certificate Authority In SSL Traffic


    Web Server Common
    1007185* - Java Unserialize Remote Code Execution Vulnerability


    Web Server IIS
    1004396* - IIS Repeated Parameter Request Denial Of Service Vulnerability


    Web Server SAP
    1004831* - SAP Management Console OSExecute Payload Execution


    Windows Services RPC Server
    1007064* - Executable File Uploaded On System32 Folder Through SMB Share
    1006906* - Identified Usage Of PsExec Command Line Tool


    Integrity Monitoring Rules:

    1006802* - TMTR-0003: Suspicious Files Detected In Operating System Directories
    1006801* - TMTR-0004: Suspicious Files Detected In Operating System Directories
    1006682* - TMTR-0008: Suspicious Files Detected In Application Directories
    1007210 - TMTR-0018: Suspicious Files Detected In User Profile Directory
    1007214 - TMTR-0019: Suspicious Files Detected In System Drivers Directory
    1007215 - TMTR-0020: Suspicious Directories Detected In System Drive
    1007216 - TMTR-0021: Suspicious Files Detected In System Drive
    1007217 - TMTR-0022: Suspicious Files Detected In Recycle Bin
    1007218 - TMTR-0023: Suspicious Changes In NTLM Settings
    1007219 - TMTR-0024: Suspicious Files Detected In C Drive
    1007221 - TMTR-0026: Suspicious Files Detected In Program FIles Folder


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • Rule Update: 15-035 (2015年11月24日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DNS Server
    1007137 - PowerDNS Recursor Remote Denial Of Service Vulnerability (CVE-2014-3614)


    Microsoft Office
    1007163 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-1683)


    OpenSSL
    1007072* - GNU Libtasn1 'decoding.c' Heap Buffer Overflow Vulnerability (CVE-2015-3622)


    Suspicious Client Application Activity
    1007116* - VMware vCenter Java JMX Server Insecure Configuration Java Code Execution Vulnerability


    Web Application PHP Based
    1007135* - WordPress XMLRPC 'system.multicall' Brute Force Amplification Attack


    Web Client Common
    1007193 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-7659)
    1007187 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7651)
    1007188 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7652)
    1007189 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7653)
    1007190 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7654)
    1007195 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7663)
    1007191 - Adobe Flash Player Use After Free Vulnerability - 1
    1007192 - Adobe Flash Player Use After Free Vulnerability - 2
    1007194 - Adobe Flash Player Use After Free Vulnerability - 3
    1007196 - Adobe Flash Player Use After Free Vulnerability - 4
    1007211 - Microsoft .NET Framework ASLR Security Bypass Vulnerability (CVE-2015-6115)
    1007124 - Microsoft Office RTF Frmtxtbrl EIP Corruption Denial Of Service Vulnerability
    1006294* - Microsoft Windows OLE Remote Code Execution Vulnerability Over WebDAV


    Web Client Internet Explorer
    1006868* - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
    1007098* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6045)
    1007140* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6065)


    Web Client SSL
    1005040* - Identified Revoked Certificate Authority In SSL Traffic


    Web Server Common
    1007185 - Java Unserialize Remote Code Execution Vulnerability


    Windows Services RPC Client
    1007120 - SMB DLL Injection Exploit Detected


    Windows Services RPC Server
    1007134* - Batch File Uploaded On Network Share
    1007066* - Remote Delete Job Through SMBv1 Protocol Detected


    Integrity Monitoring Rules:

    1002999* - Database Server - Microsoft SQL Server
    1006803* - TMTR-0001: Suspicious Files Detected In Operating System Directories
    1006800* - TMTR-0002: Suspicious Files Detected In Operating System Directories
    1006798* - TMTR-0005: Suspicious Files Detected In Application Directories
    1006797* - TMTR-0006: Suspicious Files Detected In Application Directories
    1006796* - TMTR-0007: Suspicious Files Detected In Application Directories
    1006805* - TMTR-0009: Suspicious Files Detected In System Folder
    1006804* - TMTR-0010: Suspicious Files Detected In System Folder
    1006795* - TMTR-0011: Suspicious Files Detected In System Folder
    1006658* - TMTR-0012: Suspicious Files Detected In Temporary Directories
    1006677* - TMTR-0013: Suspicious Files Detected In Windows Folder
    1006799* - TMTR-0014: Suspicious Service Detected
    1006683* - TMTR-0016: Suspicious Running Processes Detected


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • Rule Update: 15-034 (2015年11月10日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DNS Client
    1006909* - ISC BIND Zone Query Handler Denial Of Service Vulnerability


    Microsoft Office
    1007166 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6038)
    1007167 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6091)
    1007168 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6092)
    1007183 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6093)
    1007169 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6094)


    OpenSSL
    1007072 - GNU Libtasn1 'decoding.c' Heap Buffer Overflow Vulnerability (CVE-2015-3622)


    Web Application Common
    1007170 - Identified Suspicious China Chopper Webshell Communication


    Web Application PHP Based
    1007138 - Restrict WordPress XMLRPC 'system.multicall' Request
    1007135 - WordPress XMLRPC 'system.multicall' Brute Force Amplification Attack


    Web Application Tomcat
    1004708* - Apache Tomcat NIO Connector Denial Of Service Vulnerability


    Web Client Common
    1007165 - Adobe Acrobat And Reader Buffer Overflow Vulnerability (CVE-2015-6692)
    1006912* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3124)
    1007119* - Identified Malicious Adobe Flash SWF File - 2
    1007160 - Microsoft Windows Graphics Memory Remote Code Execution Vulnerability (CVE-2015-6103)
    1007161 - Microsoft Windows Graphics Memory Remote Code Execution Vulnerability (CVE-2015-6104)
    1007159 - Microsoft Windows Journal Heap Overflow Vulnerability (CVE-2015-6097)
    1006433* - Microsoft Windows OLE Remote Code Execution Vulnerability - 3
    1006997 - Multiple Browser libjpeg-turbo Memory Corruption Vulnerability
    1007056 - Oracle Java Runtime Environment Type2BuildChar Function Memory Disclosure Vulnerability (CVE-2015-2619)
    1007162 - Oracle Java SE Remote Security Bypass Vulnerability (CVE-2015-4902)
    1007019 - Oracle Java SE True Type Font Heap Corruption Vulnerability


    Web Client Internet Explorer
    1007097* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6042)
    1007100* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6049)
    1007139 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6064)
    1007140 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6065)
    1007141 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6066)
    1007142 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6068)
    1007143 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6070)
    1007144 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6071)
    1007145 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6072)
    1007146 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6073)
    1007147 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6075)
    1007148 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6076)
    1007149 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6077)
    1007150 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6078)
    1007151 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6079)
    1007152 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6080)
    1007153 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6081)
    1007154 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6082)
    1007155 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6084)
    1007156 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6085)
    1007177 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6086)
    1007157 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6087)
    1007180 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6088)
    1007158 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6089)
    1007105* - Microsoft Windows Shell Tablet Input Band Use After Free Vulnerability (CVE-2015-2548)


    Web Client SSL
    1003779* - Null Truncation In X.509 Common Name Spoofing Vulnerability


    Web Server Apache
    1001028* - Apache HTTP Server Mod_Cache Denial Of Service Vulnerability


    Web Server Miscellaneous
    1000568* - Absolute Path Traversal Vulnerability In Easy File Sharing Web Server
    1006700* - Apache CouchDB "_uuids" Request Denial Of Service Vulnerability


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • Rule Update: 15-033 (2015年10月27日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    HP AutoPass License Server
    1006811* - HP AutoPass License Server Remote Code Execution Vulnerability (CVE-2013-6221)


    HP OpenView
    1003899* - HP OpenView Data Protector Application Recovery Manager Buffer Overflow


    Microsoft Office
    1007112* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2558)


    OpenSSL Client
    1006856* - OpenSSL Client Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)


    Suspicious Client Application Activity
    1007113 - HTRANS Response Detected


    TFTP Server
    1000876* - Microsoft Windows Remote Installation Service Anonymous File Upload


    Unix SSH
    1000798* - Unix OpenSSH sshd Identical Blocks DoS


    Web Application Tomcat
    1004708* - Apache Tomcat NIO Connector Denial Of Service Vulnerability


    Web Client Common
    1006735* - Adobe Acrobat And Reader Multiple Remote Security Bypass Vulnerabilities
    1007122 - Adobe Acrobat And Reader Remote Security Bypass On JavaScript API Execution (CVE-2015-3073)
    1006973* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-5132)
    1006980* - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-5560)
    1007126 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-7625)
    1007127 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-7627)
    1007132 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-7633)
    1007128 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-7628)
    1006916* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-4430)
    1007129 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7629)
    1007130 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7631)
    1007131 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7632)
    1007031 - Google Chrome SVG Use After Free Arbitrary Code Execution Vulnerability (CVE-2015-1256)
    1007119* - Identified Malicious Adobe Flash SWF File - 2
    1006956* - Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2455)


    Web Client Internet Explorer
    1007102* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6053)
    1007026* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2487)
    1007096* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2482)
    1007094 - Microsoft Internet Explorer Stack Underflow Vulnerability
    1007107* - Microsoft Internet Explorer VBScript And JScript ASLR Bypass Vulnerability (CVE-2015-6052)
    1007104* - Microsoft Windows Shell Toolbar Use After Free Vulnerability (CVE-2015-2515)


    Web Server Miscellaneous
    1006700 - Apache CouchDB "_uuids" Request Denial Of Service Vulnerability
    1006808* - Novell Zenworks Configuration Management Multiple Information Disclosure Vulnerabilities


    Windows Services RPC Server
    1007134 - Batch File Upload On Network Share
    1007065 - Executable File Uploaded On Network Share
    1007064 - Executable File Uploaded On System32 Folder Through SMB Share
    1007114 - Portable Executable File Uploaded On SMB Share
    1007121 - Remote Access Event Through SMBv2 Protocol Detected


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • Rule Update: 15-032 (2015年10月13日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Client Common
    1007119 - Identified Malicious Adobe Flash SWF File - 2


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • Rule Update: 15-031 (2015年10月13日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Application Control For File Sharing
    1003655* - Application Control For Share NT5


    Directory Server LDAP
    1002614* - OpenLDAP ber_get_next BER Decoding Denial of Service


    HP AutoPass License Server
    1006811 - HP AutoPass License Server Remote Code Execution Vulnerability (CVE-2013-6221)


    Microsoft Office
    1006941* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2477)
    1007110 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2555)
    1007111 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2557)
    1007112 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2558)


    OpenSSL
    1006854* - OpenSSL X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)


    OpenSSL Client
    1006920* - OpenSSL Client X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)


    Suspicious Client Application Activity
    1007116 - VMware vCenter Java JMX Server Insecure Configuration Java Code Execution Vulnerability


    Web Application PHP Based
    1006656* - Magento Admin Authentication Bypass Vulnerability


    Web Client Common
    1007090 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-6676)
    1007093 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-6678)
    1006772* - Adobe Flash Player Cross Domain Policy Bypass Vulnerability
    1006985* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5547)
    1006986* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5548)
    1007073 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5567)
    1007078 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5574)
    1007079 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5575)
    1007080 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5576)
    1007081 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5578)
    1007082 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5579)
    1007083 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5580)
    1007085 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5582)
    1007088 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5588)
    1002948* - Adobe Flash Player SWF Version Null Pointer Dereference Denial Of Service
    1007076 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-5572)
    1007091 - Adobe Flash Player Security Bypass Vulnerability (CVE-2015-6679)
    1007087 - Adobe Flash Player Stack Buffer Overflow Vulnerability (CVE-2015-5587)
    1007077 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-5573)
    1007115 - Adobe Flash Player Use After Free Vulnerability
    1006590* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-0342)
    1006780* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3106)
    1007075 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5570)
    1007084 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5581)
    1007086 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5584)
    1007092 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-6682)
    1007074 - Adobe Flash Player Vector Length Corruption Vulnerability (CVE-2015-5568)
    1007063 - Foxit Reader PNG Conversion Arbitrary Code Execution Vulnerability
    1006631* - Identified File Protocol Handler In HTTP Location Header
    1006820* - Java SE Remote Security Vulnerability (CVE-2015-0491)
    1007061 - Mozilla Firefox Arbitrary JavaScript Code Execution
    1005849* - RealNetworks RealPlayer Stack Based Buffer Overflow Vulnerability


    Web Client Internet Explorer
    1007106 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6046)
    1007102 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6053)
    1007108 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6059)
    1007097 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6042)
    1007098 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6045)
    1007099 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6048)
    1007100 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6049)
    1007101 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6050)
    1007096 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2482)
    1007103 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6055)
    1007107 - Microsoft Internet Explorer VBScript And JScript ASLR Bypass Vulnerability (CVE-2015-6052)
    1007105 - Microsoft Windows Shell Tablet Input Band Use After Free Vulnerability (CVE-2015-2548)
    1007104 - Microsoft Windows Shell Toolbar Use After Free Vulnerability (CVE-2015-2515)


    Web Client SSL
    1006606* - Identified Fraudulent Digital Certificate - 1


    Web Server Common
    1007117 - Identified Python Werkzeug Debugger Remote Code Execution


    Web Server IIS
    1004396* - IIS Repeated Parameter Request Denial Of Service Vulnerability


    Web Server Miscellaneous
    1006808 - Novell Zenworks Configuration Management Multiple Information Disclosure Vulnerabilities


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • Rule Update: 15-030 (2015年9月22日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Application Control For File Sharing
    1003655* - Application Control For Share NT5


    Application Control Packet Size Detection
    1007034 - Application Control For Share EX2 P2P


    Microsoft Office
    1007039* - Microsoft Graphics Component Buffer Overflow Vulnerability (CVE-2015-2510)
    1006940* - Microsoft Office Integer Underflow Vulnerability (CVE-2015-2470)
    1007040* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2520)
    1007050* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2521)
    1007051* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2523)
    1006323* - Microsoft Office Remote Code Execution Vulnerability (CVE-2014-6333)
    1006471* - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-0064)
    1007059 - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-2545)


    Port Mapper Windows
    1001033* - Windows Port Mapper Decoder


    Remote Desktop Protocol Server
    1004949* - Remote Desktop Protocol Vulnerability (CVE-2012-0002)


    TFTP Server
    1000929* - 3CDaemon Reserved Device Name DoS


    Web Application Common
    1000608* - Generic SQL Injection Prevention


    Web Application Miscellaneous
    1003707* - Adobe JRun 'logviewer.jsp' Directory Traversal Vulnerability


    Web Client Common
    1006810* - Adobe Flash Player Nellymoser Heap Buffer Overflow Vulnerabilities
    1006907 - Google Chrome Type Confusion Remote Code Execution Vulnerability (CVE-2015-1230)
    1006996* - Identified Suspicious Microsoft Word RTF File - 1
    1006947* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459)
    1006949* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2461)
    1005351* - Oracle Outside In Technology Paradox Database Stream Filter Vulnerability
    1007047* - Windows Media Center Remote Code Execution Vulnerability (CVE-2015-2509)


    Web Client Internet Explorer
    1007026* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2487)
    1007046* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2499)


    Web Client Mozilla Firefox
    1006954* - Mozilla Firefox PDF Viewer Same Origin Policy Information Disclosure Vulnerability (CVE-2015-4495)


    Windows Media Service
    1004097* - Media Services Stack-based Buffer Overflow Vulnerability


    Windows Services DNS Server RPC Interface
    1000986* - Microsoft Windows DNS Server RPC Buffer Overflow


    Windows Services RPC Client
    1006994 - Executable File Download On Network Share Detected


    Windows Services RPC Server
    1006995 - Remote Add Job Through SMBv1 Protocol Detected
    1007037 - Remote Add Job Through SMBv2 Protocol Detected
    1007020 - Remote CreateService Request Detected Through SMBv1 Protocol
    1007066 - Remote Delete Job Through SMBv1 Protocol Detected
    1007038 - Remote Delete Job Through SMBv2 Protocol Detected
    1007035 - Remote DeleteService Request Through SMBv1 Detected
    1007070 - Remote PWDUMP Through SMBv1 Protocol Detected
    1007057 - Remote Registry Access Through SMBv1 Protocol Detected
    1007021 - Remote Registry Access Through SMBv2 Protocol Detected
    1007032 - Remote Schedule Task Create Through SMBv1 Protocol Detected
    1007033 - Remote Scheduled Task Access Through SMBv1 Protocol Detected
    1007069 - Remote Service Execution Through SMBv1 Detected


    Windows Services RPC Server DCERPC
    1007054 - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected
    1007053 - Remote Schedule Task 'Delete' Through SMBv2 Protocol Detected
    1007017 - Remote Schedule Task 'Run' Through SMBv2 Protocol Detected
    1007068 - Remote Service Execution Through SMBv2 Protocol Detected


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • Rule Update: 15-029 (2015年9月8日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Application Control For Download Manager
    1004902* - Application Control For JDownloader


    Database MySQL
    1004901* - Identified Suspicious Remote Login To MySQL Server Without Password
    1005063* - Restrict MySQL Database Access


    Mail Server Common
    1000883* - SMTP Header Length Restriction


    Microsoft Office
    1007039 - Microsoft Graphics Component Buffer Overflow Vulnerability (CVE-2015-2510)
    1006939* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2469)
    1007040 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2520)
    1007050 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2521)
    1007051 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2523)


    Novell Configuration Management Preboot Policy Service
    1006792* - Novell ZENworks Configuration Management Stack Buffer Overflow Vulnerability


    Suspicious Server Application Activity
    1004735* - Detected IP Messenger Server Traffic
    1001164* - Detected Terminal Services (RDP) Server Traffic


    Unix SSH
    1000798* - Unix OpenSSH sshd Identical Blocks DoS


    Web Application PHP Based
    1005465* - Identified Access To WordPress Sensitive Files
    1005915* - phpLDAPadmin 'query_engine' Remote PHP Code Injection Vulnerability
    1005947* - phpMyAdmin 'setup.php' PHP Code Injection Vulnerability


    Web Client Common
    1007023 - Adobe Flash Player Cross Domain Information Disclosure Vulnerability (CVE-2015-5116)
    1007022 - Adobe Flash Player DefineBitsLossless Memory Corruption Vulnerability (CVE-2015-3093)
    1006409* - Adobe Reader And Acrobat Memory Corruption Vulnerability (CVE-2014-8460)
    1005676* - Identified Download Of XML File With External Entity Reference
    1006532* - Identified Malicious Adobe Flash SWF File - 1
    1007029 - Microsoft Windows Journal Remote Code Execution Vulnerability (CVE-2015-2513)
    1006950* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2462)
    1007052 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2506)
    1007047 - Windows Media Center Remote Code Execution Vulnerability (CVE-2015-2509)
    1006927 - libtiff bmp2tiff Denial Of Service Vulnerability (CVE-2014-9330)


    Web Client Internet Explorer
    1007041 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-2483)
    1006929* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443)
    1006931* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2446)
    1007024 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2485)
    1007025 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2486)
    1007026 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2487)
    1007028 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2490)
    1007030 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2491)
    1007043 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2492)
    1007045 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2498)
    1007046 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2499)
    1007048 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2500)
    1007049 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2501)
    1007044 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2493)


    Web Server Miscellaneous
    1006908* - Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vulnerabilities


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.