ruleUpdate
16-009 (12 kwietnia 2016)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Application Control For File Sharing
1007463* - Application Control For Microsoft OneDrive
Backup Server IBM Tivoli Storage Manager FastBack Server
1007353 - IBM Tivoli Storage Manager FastBack Server Opcode 1301 Remote Code Execution Vulnerability
1007365 - IBM Tivoli Storage Manager FastBack Server Opcode 1335 Remote Code Execution Vulnerability
Microsoft Office
1007555 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0122)
1007556 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0127)
1007557 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0136)
1007560 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0139)
OpenSSL
1007072* - GNU Libtasn1 'decoding.c' Heap Buffer Overflow Vulnerability (CVE-2015-3622)
Port Mapper Windows
1001033* - Windows Port Mapper Decoder
Suspicious Client Application Activity
1007576 - Ransomware Cryptesla
1007577 - Ransomware Hydra
1007581 - Ransomware Lectool
Suspicious Server Application Activity
1007582 - Ransomware Lectool-1
Unix Samba Client
1007584 - SAMBA RPC Authentication Level Downgrade Vulnerability
Unix Samba Client DCERPC
1007586 - SAMBA RPC Authentication Level Downgrade Vulnerability - 1
1007585 - Unix Samba Client Port Mapper Decoder
Unix Samba Server DCERPC
1007593 - Identified SAMBA DCERPC AUTH LEVEL CONNECT Password Validate Request
1007588 - Unix Samba Server Port Mapper Decoder
Web Application Common
1000608* - Generic SQL Injection Prevention
Web Client Common
1007570 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2016-1018)
1007590 - Adobe Flash Player DLL Hijacking Vulnerability Over WebDAV (CVE-2016-1014)
1007564 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1012)
1007572* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2016-1019)
1007562 - Adobe Flash Player Security Bypass Vulnerability (CVE-2016-1006)
1007567 - Adobe Flash Player Type Confusion Vulnerability (CVE-2016-1015)
1007563 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1011)
1007565 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1013)
1007568 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1016)
1007569 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1017)
1006532* - Identified Malicious Adobe Flash SWF File - 1
1007591 - Microsoft Windows DLL Loading Vulnerabilities Over WebDAV (CVE-2016-0160 and CVE-2016-0148)
1007370* - Microsoft Windows DLL Loading Vulnerabilities Over WebDAV (MS16-007)
1007553 - Microsoft Windows Graphics Memory Corruption Vulnerability (CVE-2016-0145)
1007558 - Microsoft Windows OLE Remote Code Execution Vulnerability (CVE-2016-0153)
1007526 - Oracle Java SE Remote Code Execution Vulnerability (CVE-2016-0636)
Web Client Internet Explorer/Edge
1007551 - Microsoft Edge Elevation Of Privilege Vulnerability (CVE-2016-0158)
1007552 - Microsoft Edge Elevation Of Privilege Vulnerability (CVE-2016-0161)
1007548 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0155)
1007549 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0156)
1007550 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0157)
1007544 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0154)
1007545 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0159)
1007546 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0164)
1007547 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0166)
1007554 - Microsoft Windows MSXML Remote Code Execution Vulnerability (CVE-2016-0147)
Web Client SSL
1006606* - Identified Fraudulent Digital Certificate - 1
Web Server Miscellaneous
1004189* - RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
Web Server Oracle Report Server
1000502* - Oracle Reports OS Command Injection Attempt
Windows Services RPC Client
1007566 - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-1014)
1007592 - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (CVE-2016-0160 and CVE-2016-0148)
1007369* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
1007531 - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128)
Windows Services RPC Client DCERPC
1007539 - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128) - 1
1007538 - Windows Client Port Mapper Decoder
Windows Services RPC Server DCERPC
1007561 - Identified Windows DCERPC AUTH LEVEL CONNECT Password Validate Request
Integrity Monitoring Rules:
1005041* - Malware - Suspicious Microsoft Windows Files Detected
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Application Control For File Sharing
1007463* - Application Control For Microsoft OneDrive
Backup Server IBM Tivoli Storage Manager FastBack Server
1007353 - IBM Tivoli Storage Manager FastBack Server Opcode 1301 Remote Code Execution Vulnerability
1007365 - IBM Tivoli Storage Manager FastBack Server Opcode 1335 Remote Code Execution Vulnerability
Microsoft Office
1007555 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0122)
1007556 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0127)
1007557 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0136)
1007560 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0139)
OpenSSL
1007072* - GNU Libtasn1 'decoding.c' Heap Buffer Overflow Vulnerability (CVE-2015-3622)
Port Mapper Windows
1001033* - Windows Port Mapper Decoder
Suspicious Client Application Activity
1007576 - Ransomware Cryptesla
1007577 - Ransomware Hydra
1007581 - Ransomware Lectool
Suspicious Server Application Activity
1007582 - Ransomware Lectool-1
Unix Samba Client
1007584 - SAMBA RPC Authentication Level Downgrade Vulnerability
Unix Samba Client DCERPC
1007586 - SAMBA RPC Authentication Level Downgrade Vulnerability - 1
1007585 - Unix Samba Client Port Mapper Decoder
Unix Samba Server DCERPC
1007593 - Identified SAMBA DCERPC AUTH LEVEL CONNECT Password Validate Request
1007588 - Unix Samba Server Port Mapper Decoder
Web Application Common
1000608* - Generic SQL Injection Prevention
Web Client Common
1007570 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2016-1018)
1007590 - Adobe Flash Player DLL Hijacking Vulnerability Over WebDAV (CVE-2016-1014)
1007564 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1012)
1007572* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2016-1019)
1007562 - Adobe Flash Player Security Bypass Vulnerability (CVE-2016-1006)
1007567 - Adobe Flash Player Type Confusion Vulnerability (CVE-2016-1015)
1007563 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1011)
1007565 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1013)
1007568 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1016)
1007569 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1017)
1006532* - Identified Malicious Adobe Flash SWF File - 1
1007591 - Microsoft Windows DLL Loading Vulnerabilities Over WebDAV (CVE-2016-0160 and CVE-2016-0148)
1007370* - Microsoft Windows DLL Loading Vulnerabilities Over WebDAV (MS16-007)
1007553 - Microsoft Windows Graphics Memory Corruption Vulnerability (CVE-2016-0145)
1007558 - Microsoft Windows OLE Remote Code Execution Vulnerability (CVE-2016-0153)
1007526 - Oracle Java SE Remote Code Execution Vulnerability (CVE-2016-0636)
Web Client Internet Explorer/Edge
1007551 - Microsoft Edge Elevation Of Privilege Vulnerability (CVE-2016-0158)
1007552 - Microsoft Edge Elevation Of Privilege Vulnerability (CVE-2016-0161)
1007548 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0155)
1007549 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0156)
1007550 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0157)
1007544 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0154)
1007545 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0159)
1007546 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0164)
1007547 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0166)
1007554 - Microsoft Windows MSXML Remote Code Execution Vulnerability (CVE-2016-0147)
Web Client SSL
1006606* - Identified Fraudulent Digital Certificate - 1
Web Server Miscellaneous
1004189* - RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
Web Server Oracle Report Server
1000502* - Oracle Reports OS Command Injection Attempt
Windows Services RPC Client
1007566 - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-1014)
1007592 - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (CVE-2016-0160 and CVE-2016-0148)
1007369* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
1007531 - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128)
Windows Services RPC Client DCERPC
1007539 - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128) - 1
1007538 - Windows Client Port Mapper Decoder
Windows Services RPC Server DCERPC
1007561 - Identified Windows DCERPC AUTH LEVEL CONNECT Password Validate Request
Integrity Monitoring Rules:
1005041* - Malware - Suspicious Microsoft Windows Files Detected
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.