ruleUpdate

15-035 (24 listopada 2015)

Publish Date: 24 listopada 2015

DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Server
1007137 - PowerDNS Recursor Remote Denial Of Service Vulnerability (CVE-2014-3614)

Microsoft Office
1007163 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-1683)

OpenSSL
1007072* - GNU Libtasn1 'decoding.c' Heap Buffer Overflow Vulnerability (CVE-2015-3622)

Suspicious Client Application Activity
1007116* - VMware vCenter Java JMX Server Insecure Configuration Java Code Execution Vulnerability

Web Application PHP Based
1007135* - WordPress XMLRPC 'system.multicall' Brute Force Amplification Attack

Web Client Common
1007193 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-7659)
1007187 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7651)
1007188 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7652)
1007189 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7653)
1007190 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7654)
1007195 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7663)
1007191 - Adobe Flash Player Use After Free Vulnerability - 1
1007192 - Adobe Flash Player Use After Free Vulnerability - 2
1007194 - Adobe Flash Player Use After Free Vulnerability - 3
1007196 - Adobe Flash Player Use After Free Vulnerability - 4
1007211 - Microsoft .NET Framework ASLR Security Bypass Vulnerability (CVE-2015-6115)
1007124 - Microsoft Office RTF Frmtxtbrl EIP Corruption Denial Of Service Vulnerability
1006294* - Microsoft Windows OLE Remote Code Execution Vulnerability Over WebDAV

Web Client Internet Explorer
1006868* - Microsoft Internet Explorer JScript9 Memory Corruption Vulnerability (CVE-2015-2419)
1007098* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6045)
1007140* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6065)

Web Client SSL
1005040* - Identified Revoked Certificate Authority In SSL Traffic

Web Server Common
1007185 - Java Unserialize Remote Code Execution Vulnerability

Windows Services RPC Client
1007120 - SMB DLL Injection Exploit Detected

Windows Services RPC Server
1007134* - Batch File Uploaded On Network Share
1007066* - Remote Delete Job Through SMBv1 Protocol Detected

Integrity Monitoring Rules:

1002999* - Database Server - Microsoft SQL Server
1006803* - TMTR-0001: Suspicious Files Detected In Operating System Directories
1006800* - TMTR-0002: Suspicious Files Detected In Operating System Directories
1006798* - TMTR-0005: Suspicious Files Detected In Application Directories
1006797* - TMTR-0006: Suspicious Files Detected In Application Directories
1006796* - TMTR-0007: Suspicious Files Detected In Application Directories
1006805* - TMTR-0009: Suspicious Files Detected In System Folder
1006804* - TMTR-0010: Suspicious Files Detected In System Folder
1006795* - TMTR-0011: Suspicious Files Detected In System Folder
1006658* - TMTR-0012: Suspicious Files Detected In Temporary Directories
1006677* - TMTR-0013: Suspicious Files Detected In Windows Folder
1006799* - TMTR-0014: Suspicious Service Detected
1006683* - TMTR-0016: Suspicious Running Processes Detected

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

15-035 (24 listopada 2015)

DESCRIPTION

Zasoby

Wsparcie

O firmie Trend

Siedziba firmy