Deep Security Center
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Application Control For Web Browser
1007376 - Application Control For Microsoft Edge Web Browser
DCERPC Services
1007699 - Oracle Job Scheduler Named Pipe Command Execution Vulnerability
Directory Server LDAP
1007460 - OpenLDAP ber_get_next Denial Of Service Vulnerability (CVE-2015-6908)
Mail Server Common
1000834* - SMTP Decoding
Microsoft Office
1007732 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3280)
1007733 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3281)
1007734 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3282)
1007735 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3283)
1007736 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3284)
1007731 - Microsoft Office Remote Code Execution Vulnerability (CVE-2016-3279)
Suspicious Client Ransomware Activity
1007534* - Ransomware Crydap
1007578* - Ransomware CryptFile
1007576* - Ransomware Cryptesla
1007579* - Ransomware HTTP Request
1007577* - Ransomware Hydra
1007581* - Ransomware Lectool
1007602* - Ransomware Locky
1007601* - Ransomware TCP Request
Suspicious Server Ransomware Activity
1007580* - Ransomware HTTP Request-1
1007582* - Ransomware Lectool-1
1007533* - Ransomware TCP Request-1
Web Application Common
1007715 - ImageMagick And GraphicsMagick Remote Code Execution Vulnerability (CVE-2016-5118)
Web Application PHP Based
1007298* - Joomla Core Remote Code Execution Vulnerability (CVE-2015-8562)
1007254 - PHP SplDoublyLinkedList Use After Free Vulnerability
Web Client Common
1007629* - Adobe Acrobat And Reader Integer Overflow Vulnerability (CVE-2016-1043)
1007519* - Adobe Flash Player Integer Overflow Vulnerability (CVE-2016-1010)
1006921* - Adobe Flash Player Null Pointer Dereference Vulnerability (CVE-2015-3126)
1006922* - Adobe Flash Player Null Pointer Dereference Vulnerability (CVE-2015-4429)
1006657* - Adobe Flash Player Remote Integer Overflow Vulnerability (CVE-2014-0569) - 2
1006979* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5559)
1006599* - Identified Suspicious Obfuscated JavaScript - 3
1007738 - ImageMagick And GraphicsMagick Remote Code Execution Vulnerability (CVE-2016-5118) - 1
1005403* - Libxml2 Entity Expansion Denial Of Service Vulnerability
1004091* - Oracle JRE Java Platform SE And Java Deployment Toolkit Plugins Code Execution Vulnerabilities
Web Client Internet Explorer/Edge
1007662* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3222)
1007727 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3246)
1007729 - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2016-3271)
1007647 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-0186)
1007726 - Microsoft Edge Security Feature Bypass Vulnerability (CVE-2016-3244)
1007725 - Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3277)
1007723 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-3259)
1007722 - Microsoft Internet Explorer And Edge Spoofing Vulnerability (CVE-2016-3274)
1007721 - Microsoft Internet Explorer And Edge Spoofing Vulnerability (CVE-2016-3276)
1007720 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-3261)
1007716 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3240)
1007717 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3241)
1007724 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3242)
1007718 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3243)
Web Server Common
1000128* - HTTP Protocol Decoding
Web Server Miscellaneous
1007603* - Apache Struts Dynamic Method Invocation Remote Code Execution Vulnerability (CVE-2016-3081)
1007694* - Apache Struts REST Plugin DMI Remote Code Execution Vulnerability (CVE-2016-3087)
1007702* - Apache Struts REST Plugin Remote Code Execution Vulnerability (CVE-2016-4438)
1007058 - LANDesk Management Suite Multiple Remote File Inclusion Vulnerabilities
Web Server SAP
1005576* - SAP NetWeaver BW - XML External Entity Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1002831* - Unix - Syslog
Deep Packet Inspection Rules:
Application Control For Web Browser
1007376 - Application Control For Microsoft Edge Web Browser
DCERPC Services
1007699 - Oracle Job Scheduler Named Pipe Command Execution Vulnerability
Directory Server LDAP
1007460 - OpenLDAP ber_get_next Denial Of Service Vulnerability (CVE-2015-6908)
Mail Server Common
1000834* - SMTP Decoding
Microsoft Office
1007732 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3280)
1007733 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3281)
1007734 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3282)
1007735 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3283)
1007736 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3284)
1007731 - Microsoft Office Remote Code Execution Vulnerability (CVE-2016-3279)
Suspicious Client Ransomware Activity
1007534* - Ransomware Crydap
1007578* - Ransomware CryptFile
1007576* - Ransomware Cryptesla
1007579* - Ransomware HTTP Request
1007577* - Ransomware Hydra
1007581* - Ransomware Lectool
1007602* - Ransomware Locky
1007601* - Ransomware TCP Request
Suspicious Server Ransomware Activity
1007580* - Ransomware HTTP Request-1
1007582* - Ransomware Lectool-1
1007533* - Ransomware TCP Request-1
Web Application Common
1007715 - ImageMagick And GraphicsMagick Remote Code Execution Vulnerability (CVE-2016-5118)
Web Application PHP Based
1007298* - Joomla Core Remote Code Execution Vulnerability (CVE-2015-8562)
1007254 - PHP SplDoublyLinkedList Use After Free Vulnerability
Web Client Common
1007629* - Adobe Acrobat And Reader Integer Overflow Vulnerability (CVE-2016-1043)
1007519* - Adobe Flash Player Integer Overflow Vulnerability (CVE-2016-1010)
1006921* - Adobe Flash Player Null Pointer Dereference Vulnerability (CVE-2015-3126)
1006922* - Adobe Flash Player Null Pointer Dereference Vulnerability (CVE-2015-4429)
1006657* - Adobe Flash Player Remote Integer Overflow Vulnerability (CVE-2014-0569) - 2
1006979* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5559)
1006599* - Identified Suspicious Obfuscated JavaScript - 3
1007738 - ImageMagick And GraphicsMagick Remote Code Execution Vulnerability (CVE-2016-5118) - 1
1005403* - Libxml2 Entity Expansion Denial Of Service Vulnerability
1004091* - Oracle JRE Java Platform SE And Java Deployment Toolkit Plugins Code Execution Vulnerabilities
Web Client Internet Explorer/Edge
1007662* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3222)
1007727 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3246)
1007729 - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2016-3271)
1007647 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-0186)
1007726 - Microsoft Edge Security Feature Bypass Vulnerability (CVE-2016-3244)
1007725 - Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3277)
1007723 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-3259)
1007722 - Microsoft Internet Explorer And Edge Spoofing Vulnerability (CVE-2016-3274)
1007721 - Microsoft Internet Explorer And Edge Spoofing Vulnerability (CVE-2016-3276)
1007720 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-3261)
1007716 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3240)
1007717 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3241)
1007724 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3242)
1007718 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3243)
Web Server Common
1000128* - HTTP Protocol Decoding
Web Server Miscellaneous
1007603* - Apache Struts Dynamic Method Invocation Remote Code Execution Vulnerability (CVE-2016-3081)
1007694* - Apache Struts REST Plugin DMI Remote Code Execution Vulnerability (CVE-2016-3087)
1007702* - Apache Struts REST Plugin Remote Code Execution Vulnerability (CVE-2016-4438)
1007058 - LANDesk Management Suite Multiple Remote File Inclusion Vulnerabilities
Web Server SAP
1005576* - SAP NetWeaver BW - XML External Entity Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1002831* - Unix - Syslog
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1007598* - Identified Possible Ransomware File Rename Activity Over Network Share
1006906* - Identified Usage Of PsExec Command Line Tool
NetBIOS Name Service
1007658 - Identified Too Many NBNS Response
1007700 - Identified WPAD NBNS Response From Suspicious Host
ODBC Server CitectSCADA
1002855* - CitectSCADA ODBC Server Remote Stack Buffer Overflow
Suspicious Client Application Activity
1007578* - Ransomware CryptFile
Unix CVS
1000511* - CVS Annotate Command Long Revision String Buffer Overflow
Web Client Common
1007678 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2016-4138)
1007697 - Adobe Flash Player DLL Hijacking Vulnerability Over WebDAV (CVE-2016-4140)
1007676 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-4136)
1007673 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4132)
1007674 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4133)
1007679 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4141)
1007687 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4150)
1007688 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4151)
1007689 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4152)
1007690 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4153)
1007691 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4154)
1007692 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4155)
1007693 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4156)
1007682 - Adobe Flash Player Type Confusion Vulnerability (CVE-2016-4144)
1007686 - Adobe Flash Player Type Confusion Vulnerability (CVE-2016-4149)
1007672 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4121)
1007680 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4142)
1007681 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4143)
1007683 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4146)
1007684 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4147)
1007685 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4148)
1007489* - Microsoft Windows OLE Memory Remote Code Execution Vulnerability (CVE-2016-0091)
1007490* - Microsoft Windows OLE Memory Remote Code Execution Vulnerability (CVE-2016-0092)
Web Client Internet Explorer/Edge
1007652* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0199)
Web Server Miscellaneous
1004007* - Adobe BlazeDS XML Injection And XML External Entity Injection Vulnerabilities
1007694 - Apache Struts REST Plugin DMI Remote Code Execution Vulnerability (CVE-2016-3087)
1007702 - Apache Struts REST Plugin Remote Code Execution Vulnerability (CVE-2016-4438)
1007701 - Apache Struts XSLTResult Remote Code Execution Vulnerability (CVE-2016-3082)
Windows Services RPC Client
1007695 - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-4140)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1002831* - Unix - Syslog
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1007598* - Identified Possible Ransomware File Rename Activity Over Network Share
1006906* - Identified Usage Of PsExec Command Line Tool
NetBIOS Name Service
1007658 - Identified Too Many NBNS Response
1007700 - Identified WPAD NBNS Response From Suspicious Host
ODBC Server CitectSCADA
1002855* - CitectSCADA ODBC Server Remote Stack Buffer Overflow
Suspicious Client Application Activity
1007578* - Ransomware CryptFile
Unix CVS
1000511* - CVS Annotate Command Long Revision String Buffer Overflow
Web Client Common
1007678 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2016-4138)
1007697 - Adobe Flash Player DLL Hijacking Vulnerability Over WebDAV (CVE-2016-4140)
1007676 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-4136)
1007673 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4132)
1007674 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4133)
1007679 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4141)
1007687 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4150)
1007688 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4151)
1007689 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4152)
1007690 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4153)
1007691 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4154)
1007692 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4155)
1007693 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4156)
1007682 - Adobe Flash Player Type Confusion Vulnerability (CVE-2016-4144)
1007686 - Adobe Flash Player Type Confusion Vulnerability (CVE-2016-4149)
1007672 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4121)
1007680 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4142)
1007681 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4143)
1007683 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4146)
1007684 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4147)
1007685 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4148)
1007489* - Microsoft Windows OLE Memory Remote Code Execution Vulnerability (CVE-2016-0091)
1007490* - Microsoft Windows OLE Memory Remote Code Execution Vulnerability (CVE-2016-0092)
Web Client Internet Explorer/Edge
1007652* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0199)
Web Server Miscellaneous
1004007* - Adobe BlazeDS XML Injection And XML External Entity Injection Vulnerabilities
1007694 - Apache Struts REST Plugin DMI Remote Code Execution Vulnerability (CVE-2016-3087)
1007702 - Apache Struts REST Plugin Remote Code Execution Vulnerability (CVE-2016-4438)
1007701 - Apache Struts XSLTResult Remote Code Execution Vulnerability (CVE-2016-3082)
Windows Services RPC Client
1007695 - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-4140)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1002831* - Unix - Syslog
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Client Common
1007696 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4171)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Web Client Common
1007696 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4171)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1007598* - Identified Possible Ransomware File Rename Activity Over Network Share
1007070* - Remote PWDUMP Through SMBv1 Protocol Detected
Microsoft Office
1007667 - Microsoft Office Information Disclosure Vulnerability (CVE-2016-3234)
1007663 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0025)
1007666 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3233)
1007059* - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-2545)
Suspicious Client Application Activity
1007534 - Ransomware Crydap
1007578* - Ransomware CryptFile
1007579* - Ransomware HTTP Request
1007581* - Ransomware Lectool
Suspicious Server Application Activity
1007580* - Ransomware HTTP Request-1
1007582* - Ransomware Lectool-1
Symantec Alert Management System
1003488* - Multiple Symantec Products Intel Common Base Agent Remote Command Execution Vulnerability
Web Application PHP Based
1007272* - PHP SPL ArrayObject Use After Free Vulnerability
Web Client Common
1007638* - Adobe Flash Player Type Confusion Overflow Vulnerability (CVE-2016-4117)
1007563* - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1011)
1005753* - IBM Java Multiple Vulnerabilities
1007644 - Identified Download Of Suspicious SCT File Over HTTP
1007698 - Microsoft Windows ATMFD.DLL Elevation Of Privilege Vulnerability (CVE-2016-3220)
1007668 - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-3216)
1007664 - Microsoft Windows PDF Information Disclosure Vulnerability (CVE-2016-3201)
1007659 - Microsoft Windows PDF Information Disclosure Vulnerability (CVE-2016-3215)
1007486* - Microsoft Windows PDF Library Remote Code Execution Vulnerability (CVE-2016-0117)
1007665 - Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2016-3203)
1007296 - Oracle Data Quality Trillium Based Set Basic Preview Data Type Remote Code Execution Vulnerability (CVE-2015-4759)
Web Client Internet Explorer/Edge
1007662 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3222)
1007661 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-3199)
1007660 - Microsoft Edge Security Feature Bypass Vulnerability (CVE-2016-3198)
1007652 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0199)
1007653 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0200)
1007654 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3205)
1007655 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3206)
1007656 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3207)
1007657 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3210)
Web Server Common
1000128* - HTTP Protocol Decoding
1007651 - Identified Absence Of Configured CDN/Reverse Proxy HTTP Header
Web Server IIS
1000389* - Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability
Windows Services RPC Server DCERPC
1007054* - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1003447* - Web Server - Apache
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1007598* - Identified Possible Ransomware File Rename Activity Over Network Share
1007070* - Remote PWDUMP Through SMBv1 Protocol Detected
Microsoft Office
1007667 - Microsoft Office Information Disclosure Vulnerability (CVE-2016-3234)
1007663 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0025)
1007666 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3233)
1007059* - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-2545)
Suspicious Client Application Activity
1007534 - Ransomware Crydap
1007578* - Ransomware CryptFile
1007579* - Ransomware HTTP Request
1007581* - Ransomware Lectool
Suspicious Server Application Activity
1007580* - Ransomware HTTP Request-1
1007582* - Ransomware Lectool-1
Symantec Alert Management System
1003488* - Multiple Symantec Products Intel Common Base Agent Remote Command Execution Vulnerability
Web Application PHP Based
1007272* - PHP SPL ArrayObject Use After Free Vulnerability
Web Client Common
1007638* - Adobe Flash Player Type Confusion Overflow Vulnerability (CVE-2016-4117)
1007563* - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1011)
1005753* - IBM Java Multiple Vulnerabilities
1007644 - Identified Download Of Suspicious SCT File Over HTTP
1007698 - Microsoft Windows ATMFD.DLL Elevation Of Privilege Vulnerability (CVE-2016-3220)
1007668 - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-3216)
1007664 - Microsoft Windows PDF Information Disclosure Vulnerability (CVE-2016-3201)
1007659 - Microsoft Windows PDF Information Disclosure Vulnerability (CVE-2016-3215)
1007486* - Microsoft Windows PDF Library Remote Code Execution Vulnerability (CVE-2016-0117)
1007665 - Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2016-3203)
1007296 - Oracle Data Quality Trillium Based Set Basic Preview Data Type Remote Code Execution Vulnerability (CVE-2015-4759)
Web Client Internet Explorer/Edge
1007662 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3222)
1007661 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-3199)
1007660 - Microsoft Edge Security Feature Bypass Vulnerability (CVE-2016-3198)
1007652 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0199)
1007653 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0200)
1007654 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3205)
1007655 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3206)
1007656 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3207)
1007657 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3210)
Web Server Common
1000128* - HTTP Protocol Decoding
1007651 - Identified Absence Of Configured CDN/Reverse Proxy HTTP Header
Web Server IIS
1000389* - Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability
Windows Services RPC Server DCERPC
1007054* - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1003447* - Web Server - Apache
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Suspicious Client Application Activity
1007578* - Ransomware CryptFile
1007576* - Ransomware Cryptesla
1007577* - Ransomware Hydra
Web Client Common
1007624* - Microsoft Windows Media Center Remote Code Execution Vulnerability (CVE-2016-0185)
Web Client Internet Explorer/Edge
1007613* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0189)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Suspicious Client Application Activity
1007578* - Ransomware CryptFile
1007576* - Ransomware Cryptesla
1007577* - Ransomware Hydra
Web Client Common
1007624* - Microsoft Windows Media Center Remote Code Execution Vulnerability (CVE-2016-0185)
Web Client Internet Explorer/Edge
1007613* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0189)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Suspicious File Extension Rename Activity Over Network Share
1007598* - Identified Suspicious Rename Activity Over Network Share
SAP Netweaver Server
1007639 - Identified Unauthorized Access Of Servlets Over Web
Suspicious Client Application Activity
1007578* - Ransomware CryptFile
1007576* - Ransomware Cryptesla
1007579* - Ransomware HTTP Request
1007577* - Ransomware Hydra
1007581* - Ransomware Lectool
1007602* - Ransomware Locky
1007601* - Ransomware TCP Request
Suspicious Server Application Activity
1007580* - Ransomware HTTP Request-1
1007582* - Ransomware Lectool-1
1007533* - Ransomware TCP Request-1
Web Application Common
1007609* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)
Web Application PHP Based
1007641 - Magento Unauthenticated Arbitrary File Write Vulnerability (CVE-2016-4010)
Web Client Common
1007515* - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-1001)
1007635* - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-1101)
1007571 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0997)
1007543 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0998)
1007541 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1000)
1007611* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714) - 1
1007485* - Microsoft Windows Media Player Parsing Remote Code Execution Vulnerability (CVE-2016-0101)
Web Client Internet Explorer/Edge
1007372* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0003)
Web Server Common
1002628* - Adobe RoboHelp Server SQL Injection Vulnerability
Web Server Miscellaneous
1007607* - RedHat JBoss Operations Network ContentManager Remote Code Execution Vulnerability (CVE-2015-0297)
1007606* - RedHat JBoss WildFly Application Server Information Disclosure Vulnerability (CVE-2016-0793)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Suspicious File Extension Rename Activity Over Network Share
1007598* - Identified Suspicious Rename Activity Over Network Share
SAP Netweaver Server
1007639 - Identified Unauthorized Access Of Servlets Over Web
Suspicious Client Application Activity
1007578* - Ransomware CryptFile
1007576* - Ransomware Cryptesla
1007579* - Ransomware HTTP Request
1007577* - Ransomware Hydra
1007581* - Ransomware Lectool
1007602* - Ransomware Locky
1007601* - Ransomware TCP Request
Suspicious Server Application Activity
1007580* - Ransomware HTTP Request-1
1007582* - Ransomware Lectool-1
1007533* - Ransomware TCP Request-1
Web Application Common
1007609* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)
Web Application PHP Based
1007641 - Magento Unauthenticated Arbitrary File Write Vulnerability (CVE-2016-4010)
Web Client Common
1007515* - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-1001)
1007635* - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-1101)
1007571 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0997)
1007543 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0998)
1007541 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1000)
1007611* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714) - 1
1007485* - Microsoft Windows Media Player Parsing Remote Code Execution Vulnerability (CVE-2016-0101)
Web Client Internet Explorer/Edge
1007372* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0003)
Web Server Common
1002628* - Adobe RoboHelp Server SQL Injection Vulnerability
Web Server Miscellaneous
1007607* - RedHat JBoss Operations Network ContentManager Remote Code Execution Vulnerability (CVE-2015-0297)
1007606* - RedHat JBoss WildFly Application Server Information Disclosure Vulnerability (CVE-2016-0793)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
TFTP Server
1003955* - TFTP Server Packet Handling Remote Buffer Overflow Vulnerability
Web Client Common
1007635 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-1101)
1007636 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1096)
1007637 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1098)
1007638 - Adobe Flash Player Type Confusion Overflow Vulnerability (CVE-2016-4117)
1007542 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0999)
1007626 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1107)
1007628 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1108)
1007627 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1110)
Web Client Internet Explorer/Edge
1007616* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-0193)
Integrity Monitoring Rules:
1003370* - Application - OpenSSL
1003334* - Application - Samba
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
TFTP Server
1003955* - TFTP Server Packet Handling Remote Buffer Overflow Vulnerability
Web Client Common
1007635 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-1101)
1007636 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1096)
1007637 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1098)
1007638 - Adobe Flash Player Type Confusion Overflow Vulnerability (CVE-2016-4117)
1007542 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0999)
1007626 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1107)
1007628 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1108)
1007627 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1110)
Web Client Internet Explorer/Edge
1007616* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-0193)
Integrity Monitoring Rules:
1003370* - Application - OpenSSL
1003334* - Application - Samba
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Application Control For File Sharing
1007608 - Application Control For Amazon Cloud Drive
1007605 - Application Control For BOX
Microsoft Office
1007619 - Microsoft Office Graphics RCE Vulnerability (CVE-2016-0183)
1007617 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0126)
1007618 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0140)
Suspicious Client Application Activity
1007578 - Ransomware CryptFile
1007576* - Ransomware Cryptesla
1007579 - Ransomware HTTP Request
1007577* - Ransomware Hydra
1007581* - Ransomware Lectool
1007602 - Ransomware Locky
1007601 - Ransomware TCP Request
Suspicious Server Application Activity
1007580 - Ransomware HTTP Request-1
1007582* - Ransomware Lectool-1
1007533 - Ransomware TCP Request-1
Web Application Common
1007609* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)
Web Application PHP Based
1007597* - Joomla Akeeba Kickstart Unserialize Remote Code Execution Vulnerability (CVE-2014-7228)
1006786* - PHP exif_process_unicode() Function Uninitialized Pointer Freeing Remote Code Execution Vulnerability
1007178* - WordPress Font Plugin Path Traversal Vulnerability (CVE-2015-7683)
Web Application Ruby Based
1007520* - RubyGems Actionpack Denial Of Service Vulnerability (CVE-2013-6414)
Web Client Common
1007629 - Adobe Acrobat And Reader Integer Overflow Vulnerability (CVE-2016-1043)
1007630 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-1063)
1007633 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-1073)
1007631 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2016-1065)
1007632 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2016-1070)
1007078* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5574)
1007453* - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0984)
1007568* - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1016)
1007594* - Apple QuickTime 'moov' Atom Heap Corruption Remote Code Execution Vulnerability
1007595* - Apple QuickTime Atom Processing Heap Corruption Remote Code Execution Vulnerability
1007611 - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714) - 1
1007620 - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-0168)
1007621 - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-0169)
1007622 - Microsoft Windows Graphics Component RCE Vulnerability (CVE-2016-0170)
1007624 - Microsoft Windows Media Center Remote Code Execution Vulnerability (CVE-2016-0185)
1007537 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2016-0120)
Web Client Internet Explorer/Edge
1007615 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0191)
1007616 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-0193)
1007614 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0192)
1007177* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6086)
1007407* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0063)
1007471* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0106)
1007612 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0187)
1007613 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0189)
1007623 - Microsoft Windows Direct3D Use After Free Vulnerability (CVE-2016-0184)
Web Server Common
1007213 - Disallow Upload Of A Class File
1007212 - Disallow Upload Of An Archive File
Web Server Miscellaneous
1007532* - JBoss Application Server Unauthenticated Remote Command Execution Vulnerability
1007607 - RedHat JBoss Operations Network ContentManager Remote Code Execution Vulnerability (CVE-2015-0297)
1007606 - RedHat JBoss WildFly Application Server Information Disclosure Vulnerability (CVE-2016-0793)
Windows Services RPC Server
1007596* - Identified Suspicious File Extension Rename Activity Over Network Share
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Application Control For File Sharing
1007608 - Application Control For Amazon Cloud Drive
1007605 - Application Control For BOX
Microsoft Office
1007619 - Microsoft Office Graphics RCE Vulnerability (CVE-2016-0183)
1007617 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0126)
1007618 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0140)
Suspicious Client Application Activity
1007578 - Ransomware CryptFile
1007576* - Ransomware Cryptesla
1007579 - Ransomware HTTP Request
1007577* - Ransomware Hydra
1007581* - Ransomware Lectool
1007602 - Ransomware Locky
1007601 - Ransomware TCP Request
Suspicious Server Application Activity
1007580 - Ransomware HTTP Request-1
1007582* - Ransomware Lectool-1
1007533 - Ransomware TCP Request-1
Web Application Common
1007609* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)
Web Application PHP Based
1007597* - Joomla Akeeba Kickstart Unserialize Remote Code Execution Vulnerability (CVE-2014-7228)
1006786* - PHP exif_process_unicode() Function Uninitialized Pointer Freeing Remote Code Execution Vulnerability
1007178* - WordPress Font Plugin Path Traversal Vulnerability (CVE-2015-7683)
Web Application Ruby Based
1007520* - RubyGems Actionpack Denial Of Service Vulnerability (CVE-2013-6414)
Web Client Common
1007629 - Adobe Acrobat And Reader Integer Overflow Vulnerability (CVE-2016-1043)
1007630 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-1063)
1007633 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-1073)
1007631 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2016-1065)
1007632 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2016-1070)
1007078* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5574)
1007453* - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0984)
1007568* - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1016)
1007594* - Apple QuickTime 'moov' Atom Heap Corruption Remote Code Execution Vulnerability
1007595* - Apple QuickTime Atom Processing Heap Corruption Remote Code Execution Vulnerability
1007611 - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714) - 1
1007620 - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-0168)
1007621 - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-0169)
1007622 - Microsoft Windows Graphics Component RCE Vulnerability (CVE-2016-0170)
1007624 - Microsoft Windows Media Center Remote Code Execution Vulnerability (CVE-2016-0185)
1007537 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2016-0120)
Web Client Internet Explorer/Edge
1007615 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0191)
1007616 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-0193)
1007614 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0192)
1007177* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6086)
1007407* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0063)
1007471* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0106)
1007612 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0187)
1007613 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0189)
1007623 - Microsoft Windows Direct3D Use After Free Vulnerability (CVE-2016-0184)
Web Server Common
1007213 - Disallow Upload Of A Class File
1007212 - Disallow Upload Of An Archive File
Web Server Miscellaneous
1007532* - JBoss Application Server Unauthenticated Remote Command Execution Vulnerability
1007607 - RedHat JBoss Operations Network ContentManager Remote Code Execution Vulnerability (CVE-2015-0297)
1007606 - RedHat JBoss WildFly Application Server Information Disclosure Vulnerability (CVE-2016-0793)
Windows Services RPC Server
1007596* - Identified Suspicious File Extension Rename Activity Over Network Share
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Application Common
1007610 - Identified Usage Of ImageMagick Pseudo Protocols
1007609 - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Web Application Common
1007610 - Identified Usage Of ImageMagick Pseudo Protocols
1007609 - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Server Miscellaneous
1007603 - Apache Struts Dynamic Method Invocation Remote Code Execution Vulnerability (CVE-2016-3081)
1007604 - Identified Apache Struts Method Prefix In HTTP Request
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Web Server Miscellaneous
1007603 - Apache Struts Dynamic Method Invocation Remote Code Execution Vulnerability (CVE-2016-3081)
1007604 - Identified Apache Struts Method Prefix In HTTP Request
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.