Rule Update
24-022 (April 30, 2024)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)
1008123* - Microsoft Windows Local Security Authority Subsystem Service Denial Of Service Vulnerability (CVE-2016-7237)
1006579* - Microsoft Windows NETLOGON Spoofing Vulnerability (CVE-2015-0005)
1008227* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2017-0147)
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1007432* - Microsoft Windows Server Message Block Memory Corruption Vulnerability (CVE-2015-2474)
1007125* - Remote Access Event Through SMBv1 Protocol Detected
DCERPC Services - Client
1008187* - Microsoft Office OLE DLL Loading Vulnerability Over Network Share (CVE-2016-7275)
1005281* - Microsoft Windows Briefcase Integer Overflow Vulnerability Over Network Share (CVE-2012-1528)
1005280* - Microsoft Windows Briefcase Integer Underflow Vulnerability Over Network Share (CVE-2012-1527)
1007592* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (CVE-2016-0160 and CVE-2016-0148)
1007381* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS15-132)
1007369* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
1007426* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-014)
1008201* - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2016-0100)
1008177* - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2017-0039)
1006554* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)
1006013* - Microsoft Windows Insecure Binary Loading Vulnerability Over Network Share (CVE-2014-0315)
1006292* - Microsoft Windows OLE Remote Code Execution Vulnerability Over SMB
1007531* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128)
1008138* - Microsoft Windows SMB Tree Connect Response Denial Of Service Vulnerability (CVE-2017-0016)
1005153* - Print Spooler Service Format String Vulnerability (CVE-2012-1851) II
1005142* - Remote Administration Protocol Stack Overflow Vulnerability
Django Server
1012022 - Django Denial Of Service Vulnerability (CVE-2023-46695)
Ivanti Avalanche Remote Control Server
1011962* - Ivanti Avalanche Server-Side Request Forgery Vulnerability (CVE-2023-46262)
NTP Client
1008004* - NTP 'ntpq atoascii' Memory Corruption Vulnerability (CVE-2015-7852)
1006630* - NTP MAC Security Bypass Vulnerability (CVE-2015-1798)
Remote Desktop Protocol Server
1006870* - Microsoft Windows Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability (CVE-2015-2373)
SolarWinds Access Rights Manager
1012024 - SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability (CVE-2024-23477)
SolarWinds Orion Platform
1011977* - SolarWinds Orion Platform SQL Injection Vulnerability (CVE-2023-35188)
1011986* - SolarWinds Orion Platform SQL Injection Vulnerability (CVE-2023-50395)
Solr Service
1012028 - Apache Solr Arbitrary File Upload Vulnerability (CVE-2023-50386)
Unix Samba
1012023 - Linux Kernel KSMBD Buffer Overflow Vulnerability (CVE-2023-52440)
Web Client Common
1011960* - 7-Zip Integer Underflow Vulnerability (CVE-2023-31102)
Web Server HTTPS
1011973* - Cacti SQL Injection Vulnerability (CVE-2023-51448)
Web Server Nagios
1012004* - Nagios XI Directory Traversal Vulnerability (CVE-2023-48085)
1012027 - Nagios XI SQL Injection Vulnerability (CVE-2024-24401)
Windows Services RPC Client DCERPC
1007539* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128) - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)
1008123* - Microsoft Windows Local Security Authority Subsystem Service Denial Of Service Vulnerability (CVE-2016-7237)
1006579* - Microsoft Windows NETLOGON Spoofing Vulnerability (CVE-2015-0005)
1008227* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2017-0147)
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1007432* - Microsoft Windows Server Message Block Memory Corruption Vulnerability (CVE-2015-2474)
1007125* - Remote Access Event Through SMBv1 Protocol Detected
DCERPC Services - Client
1008187* - Microsoft Office OLE DLL Loading Vulnerability Over Network Share (CVE-2016-7275)
1005281* - Microsoft Windows Briefcase Integer Overflow Vulnerability Over Network Share (CVE-2012-1528)
1005280* - Microsoft Windows Briefcase Integer Underflow Vulnerability Over Network Share (CVE-2012-1527)
1007592* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (CVE-2016-0160 and CVE-2016-0148)
1007381* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS15-132)
1007369* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
1007426* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-014)
1008201* - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2016-0100)
1008177* - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2017-0039)
1006554* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)
1006013* - Microsoft Windows Insecure Binary Loading Vulnerability Over Network Share (CVE-2014-0315)
1006292* - Microsoft Windows OLE Remote Code Execution Vulnerability Over SMB
1007531* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128)
1008138* - Microsoft Windows SMB Tree Connect Response Denial Of Service Vulnerability (CVE-2017-0016)
1005153* - Print Spooler Service Format String Vulnerability (CVE-2012-1851) II
1005142* - Remote Administration Protocol Stack Overflow Vulnerability
Django Server
1012022 - Django Denial Of Service Vulnerability (CVE-2023-46695)
Ivanti Avalanche Remote Control Server
1011962* - Ivanti Avalanche Server-Side Request Forgery Vulnerability (CVE-2023-46262)
NTP Client
1008004* - NTP 'ntpq atoascii' Memory Corruption Vulnerability (CVE-2015-7852)
1006630* - NTP MAC Security Bypass Vulnerability (CVE-2015-1798)
Remote Desktop Protocol Server
1006870* - Microsoft Windows Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability (CVE-2015-2373)
SolarWinds Access Rights Manager
1012024 - SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability (CVE-2024-23477)
SolarWinds Orion Platform
1011977* - SolarWinds Orion Platform SQL Injection Vulnerability (CVE-2023-35188)
1011986* - SolarWinds Orion Platform SQL Injection Vulnerability (CVE-2023-50395)
Solr Service
1012028 - Apache Solr Arbitrary File Upload Vulnerability (CVE-2023-50386)
Unix Samba
1012023 - Linux Kernel KSMBD Buffer Overflow Vulnerability (CVE-2023-52440)
Web Client Common
1011960* - 7-Zip Integer Underflow Vulnerability (CVE-2023-31102)
Web Server HTTPS
1011973* - Cacti SQL Injection Vulnerability (CVE-2023-51448)
Web Server Nagios
1012004* - Nagios XI Directory Traversal Vulnerability (CVE-2023-48085)
1012027 - Nagios XI SQL Injection Vulnerability (CVE-2024-24401)
Windows Services RPC Client DCERPC
1007539* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128) - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.