Rule Update

17-022 (May 15, 2017)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008227* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0147)
1008179 - Restrict File Extensions For Rename Activity Over Network Share


DCERPC Services - Client
1008328* - Identified Client Suspicious SMB Session
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client


HP Intelligent Management Center (IMC)
1008299* - HP Intelligent Management Center 'accessMgrServlet' Insecure Deserialization Vulnerability


Intel AMT
1008369* - Intel Active Management Technology Escalation Of Privilege (CVE-2017-5689)


Mail Server Lotus Domino
1008310* - IBM Lotus Domino Server Examine Command Stack Buffer Overflow Vulnerability


NNTP Client Microsoft Outlook Express
1000780* - Microsoft Outlook Express NNTP Response Parsing Buffer Overflow


Sun Solaris RPC Services
1008314* - Oracle Solaris Remote Code Execution Vulnerability (CVE-2017-3623)


Web Application Common
1008261* - ImageMagick IsPixelGray Buffer Overflow Vulnerability (CVE-2016-9773)


Web Application PHP Based
1008322* - SquirrelMail Remote Code Execution Vulnerability (CVE-2017-7692)


Web Client Common
1008309* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 3
1008376 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-15)


Web Server MDaemon Web Mail
1008311 - MDaemon WorldClient Remote Code Execution Vulnerability


Web Server Squid
1005303* - Squid 'cachemgr.cgi' Remote Denial Of Service Vulnerability


Integrity Monitoring Rules:

1008385 - Ransomware - WannaCry


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.