Rule Update

17-014 (March 28, 2017)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008228* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)


DCERPC Services - Client
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client


Suspicious Client Application Activity
1005067* - Identified Potentially Harmful Client Traffic


Suspicious Server Application Activity
1005090* - Identified Potentially Harmful Server Traffic


Web Application PHP Based
1008193 - PHP exif_convert_any_to_int Denial Of Service Vulnerability (CVE-2016-10158)
1008182* - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)


Web Client Common
1008255 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0061)
1008254 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0063)
1008252 - Microsoft Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0085)
1008067* - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2016-7274)
1008253 - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0084)


Web Client Internet Explorer/Edge
1008211* - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0065)
1008156* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0010)


Web Server Apache
1008117 - Apache Subversion mod_authz_svn Module Denial Of Service Vulnerability (CVE-2016-2168)


Web Server Common
1008194 - Oracle Java SE Remote Security Vulnerability (CVE-2017-3241)


Web Server IIS
1008266 - Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)


Web Server Miscellaneous
1008178 - Novell Service Desk clientImportUploadForm Directory Traversal Vulnerability (CVE-2016-1593)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.