Rule Update

15-030 (September 22, 2015)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For File Sharing
1003655* - Application Control For Share NT5


Application Control Packet Size Detection
1007034 - Application Control For Share EX2 P2P


Microsoft Office
1007039* - Microsoft Graphics Component Buffer Overflow Vulnerability (CVE-2015-2510)
1006940* - Microsoft Office Integer Underflow Vulnerability (CVE-2015-2470)
1007040* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2520)
1007050* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2521)
1007051* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2523)
1006323* - Microsoft Office Remote Code Execution Vulnerability (CVE-2014-6333)
1006471* - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-0064)
1007059 - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-2545)


Port Mapper Windows
1001033* - Windows Port Mapper Decoder


Remote Desktop Protocol Server
1004949* - Remote Desktop Protocol Vulnerability (CVE-2012-0002)


TFTP Server
1000929* - 3CDaemon Reserved Device Name DoS


Web Application Common
1000608* - Generic SQL Injection Prevention


Web Application Miscellaneous
1003707* - Adobe JRun 'logviewer.jsp' Directory Traversal Vulnerability


Web Client Common
1006810* - Adobe Flash Player Nellymoser Heap Buffer Overflow Vulnerabilities
1006907 - Google Chrome Type Confusion Remote Code Execution Vulnerability (CVE-2015-1230)
1006996* - Identified Suspicious Microsoft Word RTF File - 1
1006947* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459)
1006949* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2461)
1005351* - Oracle Outside In Technology Paradox Database Stream Filter Vulnerability
1007047* - Windows Media Center Remote Code Execution Vulnerability (CVE-2015-2509)


Web Client Internet Explorer
1007026* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2487)
1007046* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2499)


Web Client Mozilla Firefox
1006954* - Mozilla Firefox PDF Viewer Same Origin Policy Information Disclosure Vulnerability (CVE-2015-4495)


Windows Media Service
1004097* - Media Services Stack-based Buffer Overflow Vulnerability


Windows Services DNS Server RPC Interface
1000986* - Microsoft Windows DNS Server RPC Buffer Overflow


Windows Services RPC Client
1006994 - Executable File Download On Network Share Detected


Windows Services RPC Server
1006995 - Remote Add Job Through SMBv1 Protocol Detected
1007037 - Remote Add Job Through SMBv2 Protocol Detected
1007020 - Remote CreateService Request Detected Through SMBv1 Protocol
1007066 - Remote Delete Job Through SMBv1 Protocol Detected
1007038 - Remote Delete Job Through SMBv2 Protocol Detected
1007035 - Remote DeleteService Request Through SMBv1 Detected
1007070 - Remote PWDUMP Through SMBv1 Protocol Detected
1007057 - Remote Registry Access Through SMBv1 Protocol Detected
1007021 - Remote Registry Access Through SMBv2 Protocol Detected
1007032 - Remote Schedule Task Create Through SMBv1 Protocol Detected
1007033 - Remote Scheduled Task Access Through SMBv1 Protocol Detected
1007069 - Remote Service Execution Through SMBv1 Detected


Windows Services RPC Server DCERPC
1007054 - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected
1007053 - Remote Schedule Task 'Delete' Through SMBv2 Protocol Detected
1007017 - Remote Schedule Task 'Run' Through SMBv2 Protocol Detected
1007068 - Remote Service Execution Through SMBv2 Protocol Detected


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.