Rule Update

21-053 (November 30, 2021)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1001839* - Restrict Attempt To Enumerate Windows User Accounts (ATT&CK T1087)


DNS Client
1011122* - Zoom Client Marketplace Information Disclosure Vulnerability (ZDI-CAN-13616)


Web Client Common
1011217 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2021-40725)
1011219 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2021-40726)


Web Proxy Squid
1011213 - Squid Proxy Denial Of Service Vulnerability (CVE-2021-33620)
1011215 - Squid Proxy Denial of Service Vulnerability (CVE-2021-28662)


Web Server HTTPS
1011216* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-42321)
1011214 - VMware vCenter Server Information Disclosure Vulnerability (CVE-2021-21985)
1011220 - WordPress 'Download Manager' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24773)
1011209 - WordPress 'LearnPress' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-39348)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.