Trend Micro Deep Security™️およびDPIルール等の関連情報

  • Rule Update: 16-019 (2016年6月15日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Client Common
    1007696 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4171)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • Rule Update: 16-018 (2016年6月14日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
    1007598* - Identified Possible Ransomware File Rename Activity Over Network Share
    1007070* - Remote PWDUMP Through SMBv1 Protocol Detected


    Microsoft Office
    1007667 - Microsoft Office Information Disclosure Vulnerability (CVE-2016-3234)
    1007663 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0025)
    1007666 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3233)
    1007059* - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-2545)


    Suspicious Client Application Activity
    1007534 - Ransomware Crydap
    1007578* - Ransomware CryptFile
    1007579* - Ransomware HTTP Request
    1007581* - Ransomware Lectool


    Suspicious Server Application Activity
    1007580* - Ransomware HTTP Request-1
    1007582* - Ransomware Lectool-1


    Symantec Alert Management System
    1003488* - Multiple Symantec Products Intel Common Base Agent Remote Command Execution Vulnerability


    Web Application PHP Based
    1007272* - PHP SPL ArrayObject Use After Free Vulnerability


    Web Client Common
    1007638* - Adobe Flash Player Type Confusion Overflow Vulnerability (CVE-2016-4117)
    1007563* - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1011)
    1005753* - IBM Java Multiple Vulnerabilities
    1007644 - Identified Download Of Suspicious SCT File Over HTTP
    1007698 - Microsoft Windows ATMFD.DLL Elevation Of Privilege Vulnerability (CVE-2016-3220)
    1007668 - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-3216)
    1007664 - Microsoft Windows PDF Information Disclosure Vulnerability (CVE-2016-3201)
    1007659 - Microsoft Windows PDF Information Disclosure Vulnerability (CVE-2016-3215)
    1007486* - Microsoft Windows PDF Library Remote Code Execution Vulnerability (CVE-2016-0117)
    1007665 - Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2016-3203)
    1007296 - Oracle Data Quality Trillium Based Set Basic Preview Data Type Remote Code Execution Vulnerability (CVE-2015-4759)


    Web Client Internet Explorer/Edge
    1007662 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3222)
    1007661 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-3199)
    1007660 - Microsoft Edge Security Feature Bypass Vulnerability (CVE-2016-3198)
    1007652 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0199)
    1007653 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0200)
    1007654 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3205)
    1007655 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3206)
    1007656 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3207)
    1007657 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3210)


    Web Server Common
    1000128* - HTTP Protocol Decoding
    1007651 - Identified Absence Of Configured CDN/Reverse Proxy HTTP Header


    Web Server IIS
    1000389* - Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability


    Windows Services RPC Server DCERPC
    1007054* - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1003447* - Web Server - Apache
  • Rule Update: 16-017 (2016年6月3日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Suspicious Client Application Activity
    1007578* - Ransomware CryptFile
    1007576* - Ransomware Cryptesla
    1007577* - Ransomware Hydra


    Web Client Common
    1007624* - Microsoft Windows Media Center Remote Code Execution Vulnerability (CVE-2016-0185)


    Web Client Internet Explorer/Edge
    1007613* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0189)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • Rule Update: 16-016 (2016年5月24日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1007596* - Identified Suspicious File Extension Rename Activity Over Network Share
    1007598* - Identified Suspicious Rename Activity Over Network Share


    SAP Netweaver Server
    1007639 - Identified Unauthorized Access Of Servlets Over Web


    Suspicious Client Application Activity
    1007578* - Ransomware CryptFile
    1007576* - Ransomware Cryptesla
    1007579* - Ransomware HTTP Request
    1007577* - Ransomware Hydra
    1007581* - Ransomware Lectool
    1007602* - Ransomware Locky
    1007601* - Ransomware TCP Request


    Suspicious Server Application Activity
    1007580* - Ransomware HTTP Request-1
    1007582* - Ransomware Lectool-1
    1007533* - Ransomware TCP Request-1


    Web Application Common
    1007609* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)


    Web Application PHP Based
    1007641 - Magento Unauthenticated Arbitrary File Write Vulnerability (CVE-2016-4010)


    Web Client Common
    1007515* - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-1001)
    1007635* - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-1101)
    1007571 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0997)
    1007543 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0998)
    1007541 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1000)
    1007611* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714) - 1
    1007485* - Microsoft Windows Media Player Parsing Remote Code Execution Vulnerability (CVE-2016-0101)


    Web Client Internet Explorer/Edge
    1007372* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0003)


    Web Server Common
    1002628* - Adobe RoboHelp Server SQL Injection Vulnerability


    Web Server Miscellaneous
    1007607* - RedHat JBoss Operations Network ContentManager Remote Code Execution Vulnerability (CVE-2015-0297)
    1007606* - RedHat JBoss WildFly Application Server Information Disclosure Vulnerability (CVE-2016-0793)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • Rule Update: 16-015 (2016年5月17日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    TFTP Server
    1003955* - TFTP Server Packet Handling Remote Buffer Overflow Vulnerability


    Web Client Common
    1007635 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-1101)
    1007636 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1096)
    1007637 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1098)
    1007638 - Adobe Flash Player Type Confusion Overflow Vulnerability (CVE-2016-4117)
    1007542 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0999)
    1007626 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1107)
    1007628 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1108)
    1007627 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1110)


    Web Client Internet Explorer/Edge
    1007616* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-0193)


    Integrity Monitoring Rules:

    1003370* - Application - OpenSSL
    1003334* - Application - Samba


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • Rule Update: 16-014 (2016年5月10日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Application Control For File Sharing
    1007608 - Application Control For Amazon Cloud Drive
    1007605 - Application Control For BOX


    Microsoft Office
    1007619 - Microsoft Office Graphics RCE Vulnerability (CVE-2016-0183)
    1007617 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0126)
    1007618 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0140)


    Suspicious Client Application Activity
    1007578 - Ransomware CryptFile
    1007576* - Ransomware Cryptesla
    1007579 - Ransomware HTTP Request
    1007577* - Ransomware Hydra
    1007581* - Ransomware Lectool
    1007602 - Ransomware Locky
    1007601 - Ransomware TCP Request


    Suspicious Server Application Activity
    1007580 - Ransomware HTTP Request-1
    1007582* - Ransomware Lectool-1
    1007533 - Ransomware TCP Request-1


    Web Application Common
    1007609* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)


    Web Application PHP Based
    1007597* - Joomla Akeeba Kickstart Unserialize Remote Code Execution Vulnerability (CVE-2014-7228)
    1006786* - PHP exif_process_unicode() Function Uninitialized Pointer Freeing Remote Code Execution Vulnerability
    1007178* - WordPress Font Plugin Path Traversal Vulnerability (CVE-2015-7683)


    Web Application Ruby Based
    1007520* - RubyGems Actionpack Denial Of Service Vulnerability (CVE-2013-6414)


    Web Client Common
    1007629 - Adobe Acrobat And Reader Integer Overflow Vulnerability (CVE-2016-1043)
    1007630 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-1063)
    1007633 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-1073)
    1007631 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2016-1065)
    1007632 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2016-1070)
    1007078* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5574)
    1007453* - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0984)
    1007568* - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1016)
    1007594* - Apple QuickTime 'moov' Atom Heap Corruption Remote Code Execution Vulnerability
    1007595* - Apple QuickTime Atom Processing Heap Corruption Remote Code Execution Vulnerability
    1007611 - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714) - 1
    1007620 - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-0168)
    1007621 - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-0169)
    1007622 - Microsoft Windows Graphics Component RCE Vulnerability (CVE-2016-0170)
    1007624 - Microsoft Windows Media Center Remote Code Execution Vulnerability (CVE-2016-0185)
    1007537 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2016-0120)


    Web Client Internet Explorer/Edge
    1007615 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0191)
    1007616 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-0193)
    1007614 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0192)
    1007177* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6086)
    1007407* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0063)
    1007471* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0106)
    1007612 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0187)
    1007613 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0189)
    1007623 - Microsoft Windows Direct3D Use After Free Vulnerability (CVE-2016-0184)


    Web Server Common
    1007213 - Disallow Upload Of A Class File
    1007212 - Disallow Upload Of An Archive File


    Web Server Miscellaneous
    1007532* - JBoss Application Server Unauthenticated Remote Command Execution Vulnerability
    1007607 - RedHat JBoss Operations Network ContentManager Remote Code Execution Vulnerability (CVE-2015-0297)
    1007606 - RedHat JBoss WildFly Application Server Information Disclosure Vulnerability (CVE-2016-0793)


    Windows Services RPC Server
    1007596* - Identified Suspicious File Extension Rename Activity Over Network Share


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • Rule Update: 16-013 (2016年5月5日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Application Common
    1007610 - Identified Usage Of ImageMagick Pseudo Protocols
    1007609 - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • Rule Update: 16-012 (2016年4月27日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Server Miscellaneous
    1007603 - Apache Struts Dynamic Method Invocation Remote Code Execution Vulnerability (CVE-2016-3081)
    1007604 - Identified Apache Struts Method Prefix In HTTP Request


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • Rule Update: 16-011 (2016年4月26日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Backup Server IBM Tivoli Storage Manager FastBack Server
    1007351* - IBM Tivoli Storage Manager FastBack Command Execution Vulnerability (CVE-2015-1949)
    1007357* - IBM Tivoli Storage Manager FastBack Server Buffer Overflow (CVE-2015-1929)
    1007356* - IBM Tivoli Storage Manager FastBack Server Buffer Overflow Vulnerability (CVE-2015-1924)
    1007352* - IBM Tivoli Storage Manager FastBack Server Information Disclosure Vulnerability (CVE-2015-1941)
    1007354* - IBM Tivoli Storage Manager FastBack Server Memory Corruption Vulnerability
    1007353* - IBM Tivoli Storage Manager FastBack Server Opcode 1301 Remote Code Execution Vulnerability
    1007365* - IBM Tivoli Storage Manager FastBack Server Opcode 1335 Remote Code Execution Vulnerability
    1007464* - IBM Tivoli Storage Manager FastBack Stack Buffer Overflow Vulnerability (CVE-2015-4931)


    HP Intelligent Management Center (IMC)
    1005845* - HP Intelligent Management Center sdFileDownload Servlet Remote File Disclosure Vulnerability


    TFTP Server
    1003955* - TFTP Server Packet Handling Remote Buffer Overflow Vulnerability


    Web Application PHP Based
    1007597 - Joomla Akeeba Kickstart Unserialize Remote Code Execution Vulnerability (CVE-2014-7228)
    1006786 - PHP exif_process_unicode() Function Uninitialized Pointer Freeing Remote Code Execution Vulnerability
    1007178 - WordPress Font Plugin Path Traversal Vulnerability (CVE-2015-7683)


    Web Application Ruby Based
    1007520 - RubyGems Actionpack Denial Of Service Vulnerability (CVE-2013-6414)


    Web Client Common
    1007536 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8426)
    1007600 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8823)
    1007018 - cURL/libcURL Cookie Parser Out Of Bounds Read Remote Code Execution Vulnerability (CVE-2015-3145)


    Web Client Internet Explorer/Edge
    1004958* - Internet Explorer Exec ActiveX Remote Code Execution
    1007552* - Microsoft Edge Elevation Of Privilege Vulnerability (CVE-2016-0161)


    Web Server Common
    1005434* - Disallow Upload Of A PHP File
    1007222* - WordPress Ajax Load More Plugin File Upload Vulnerability


    Web Server IIS
    1007430* - Microsoft .NET Framework Stack Overflow Denial Of Service Vulnerability (CVE-2016-0033)


    Web Server Oracle
    1007204* - Oracle WebLogic Server Java Deserialization Objects Remote Code Execution Vulnerability


    Windows Services RPC Client
    1007494* - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability (CVE-2016-1008)
    1007566* - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-1014)
    1007592* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (CVE-2016-0160 and CVE-2016-0148)


    Windows Services RPC Server
    1007596 - Identified Suspicious File Extension Rename Activity Over Network Share
    1007598 - Identified Suspicious Rename Activity Over Network Share


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • Rule Update: 16-010 (2016年4月19日)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Client Common
    1007594 - Apple QuickTime 'moov' Atom Heap Corruption Remote Code Execution Vulnerability
    1007595 - Apple QuickTime Atom Processing Heap Corruption Remote Code Execution Vulnerability
    1007136* - Apple Quicktime 'stbl' Remote Code Execution Vulnerability
    1007223* - Microsoft GS Wavetable Synth Memory Corruption Vulnerability


    Web Server Miscellaneous
    1007532 - JBoss Application Server Unauthenticated Remote Command Execution Vulnerability


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.