Rule Update

20-015 (March 24, 2020)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1010164 - Identified Possible Ransomware File Extension Create Activity Over Network Share
1010192* - Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)

SolarWinds Dameware Mini Remote Control
1010174* - SolarWinds DameWare Mini Remote Control Remote Code Execution Vulnerability (CVE-2019-3980)

Trend Micro OfficeScan
1010181* - Trend Micro Apex One And OfficeScan Server Directory Traversal Vulnerability (CVE-2020-8599)
1010191* - Trend Micro Apex One And OfficeScan Server Migration Tool Remote Code Execution Vulnerability (CVE-2020-8467)
1010179* - Trend Micro Multiple Products Arbitrary File Delete Vulnerability (CVE-2020-8470)
1010202* - Trend Micro Worry-Free Business Security Directory Traversal Vulnerability (CVE-2020-8600)

Web Application Common
1007609* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)
1010183* - Microsoft Exchange Validation Key Remote Code Execution Vulnerability (CVE-2020-0688)
1010199* - Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability (CVE-2020-0618)
1010194* - WordPress 'GDPR Cookie Consent Plugin' Stored Cross-Site Scripting Vulnerability

Web Client Common
1010205 - Microsoft Windows Media Foundation Memory Corruption Vulnerability (CVE-2020-0738)
1010207 - Microsoft Windows Multiple Type1 Font Parsing Remote Code Execution Vulnerabilities

Web Server Common
1010097 - CMS Made Simple (CMSMS) Remote Code Execution Vulnerability (CVE-2019-9692)
1010082* - CMS Made Simple Authenticated RCE Via Object Injection Vulnerability (CVE-2019-9055)
1010178 - Cisco Data Center Network Manager Directory Traversal Vulnerability (CVE-2019-15981)
1010172* - WordPress InfiniteWP And Time Capsule Plugin Client Authentication Bypass Vulnerability (CVE-2020-8771)

ZohoCorp ManageEngine Desktop Central
1010197* - Zoho ManageEngine Desktop Central Remote Code Execution Vulnerability (CVE-2020-10189)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

1002831* - Unix - Syslog