Deep Security Center

RULE UPDATE: 16-008 (April 7, 2016)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Client Common
1007572 - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2016-1019)
1006532* - Identified Malicious Adobe Flash SWF File - 1


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 16-007 (March 22, 2016)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Backup Server IBM Tivoli Storage Manager FastBack Mount
1007271* - IBM Tivoli Storage Manager FastBack Buffer Overflow Vulnerability (CVE-2015-0120)
1007349* - IBM Tivoli Storage Manager FastBack Mount Stack Buffer Overflow Vulnerability (CVE-2015-0119)


Backup Server IBM Tivoli Storage Manager FastBack Server
1007351 - IBM Tivoli Storage Manager FastBack Command Execution Vulnerability (CVE-2015-1949)
1007357 - IBM Tivoli Storage Manager FastBack Server Buffer Overflow (CVE-2015-1929)
1007356 - IBM Tivoli Storage Manager FastBack Server Buffer Overflow Vulnerability (CVE-2015-1924)
1007355* - IBM Tivoli Storage Manager FastBack Server Command Injection Vulnerabilities
1007352 - IBM Tivoli Storage Manager FastBack Server Information Disclosure Vulnerability (CVE-2015-1941)
1007354 - IBM Tivoli Storage Manager FastBack Server Memory Corruption Vulnerability
1007464 - IBM Tivoli Storage Manager FastBack Stack Buffer Overflow Vulnerability (CVE-2015-4931)


Mail Server Miscellaneous
1006020* - Mercury Mail Transport System AUTH CRAM-MD5 Buffer Overflow Vulnerability


Microsoft Office
1007419* - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0052)


Shellcode
1001183* - Identified Suspicious Usage Of Shellcode


Web Application Common
1007518 - Identified Reflected File Download Attack


Web Application PHP Based
1007272 - PHP SPL ArrayObject Use After Free Vulnerability
1007255 - PHP SplObjectStorage Use After Free Vulnerability
1007135* - WordPress XMLRPC 'system.multicall' Brute Force Amplification Attack


Web Application Tomcat
1005929* - Apache Tomcat Commons UploadFile Denial Of Service Vulnerability


Web Client Common
1007493 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-1007)
1007495 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-1009)
1007516 - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability Over WebDAV (CVE-2016-1008)
1007515 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-1001)
1007496 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2016-0963)
1007511 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2016-0993)
1007519* - Adobe Flash Player Integer Overflow Vulnerability (CVE-2016-1010)
1007497* - Adobe Flash Player Memory Corruption Vulnerabilities
1007501 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-0960)
1007500 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-0961)
1007499 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-0962)
1007505 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-0986)
1007508 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-0989)
1007506 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0987)
1007507 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0988)
1007509 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0990)
1007510 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0991)
1007512 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0994)
1007513 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0995)
1007514 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0996)
1007136 - Apple Quicktime 'stbl' Remote Code Execution Vulnerability
1007095 - Apple Quicktime Heap Overflow Vulnerability (CVE-2015-3668)
1007523 - Libxml2 Out Of Bound Read Multiple Information Disclosure Vulnerabilities (CVE-2015-7941)
1007368* - Microsoft DirectShow Heap Corruption Vulnerability (CVE-2016-0015)
1007223 - Microsoft GS Wavetable Synth Memory Corruption Vulnerability
1007366* - Microsoft Silverlight Runtime Remote Code Execution Vulnerability (CVE-2016-0034)
1007427* - Microsoft Windows DLL Loading Vulnerabilities Over WebDAV (MS16-014)
1003589* - Sun Java Runtime Environment And Java Development Kit Security Vulnerability


Web Client Internet Explorer/Edge
1007406* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0061)
1007462 - Microsoft Internet Explorer GetCommonAncestorElement Denial Of Service Vulnerability
1007473* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0108)
1007477* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0113)


Web Server Common
1007222 - WordPress Ajax Load More Plugin File Upload Vulnerability


Web Server Oracle
1007204 - Oracle WebLogic Server Java Deserialization Objects Remote Code Execution Vulnerability


Windows Services RPC Client
1007494 - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability (CVE-2016-1008)
1007381* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS15-132)
1007426* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-014)


Integrity Monitoring Rules:

1005041* - Malware - Suspicious Microsoft Windows Files Detected
1005042* - Malware - Suspicious Microsoft Windows Registry Entries Detected


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 16-006 (March 8, 2016)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For File Sharing
1007463 - Application Control For Microsoft OneDrive


Backup Server IBM Tivoli Storage Manager FastBack Mount
1007271 - IBM Tivoli Storage Manager FastBack Buffer Overflow Vulnerability (CVE-2015-0120)
1007349 - IBM Tivoli Storage Manager FastBack Mount Stack Buffer Overflow Vulnerability (CVE-2015-0119)
1007329* - IBM Tivoli Storage Manager FastBack Stack Based Buffer Overflow Vulnerability (CVE-2015-1896)


Backup Server IBM Tivoli Storage Manager FastBack Server
1007355 - IBM Tivoli Storage Manager FastBack Server Command Injection Vulnerabilities
1007350* - IBM Tivoli Storage Manager FastBack Server Opcode 1332 Buffer Overflow (CVE-2015-1925)


Database Oracle
1002839* - Oracle Database Server SQL Injection In DBMS_DEFER_SYS.DELETE_TRAN Package
1003223* - Oracle SYS.LT.COMPRESSWORKSPACETREE SQL Injection


Microsoft Office
1007488 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0021)
1007517 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0134)


OpenSSL Client
1006920* - OpenSSL Client X509_cmp_time Denial Of Service Vulnerability (CVE-2015-1789)


RADIUS Server
1007455* - Microsoft Windows Network Policy Server RADIUS Implementation DOS Vulnerability (CVE-2016-0050)


Web Application PHP Based
1007403* - Drupal Core Host Header Handler Denial Of Service Vulnerability (CVE-2014-5019)


Web Client Common
1007519 - Adobe Flash Player Integer Overflow Vulnerability
1007497 - Adobe Flash Player Memory Corruption Vulnerabilities
1007504 - Adobe Flash Player Multiple Memory Corruption Vulnerabilities
1007483 - Microsoft Windows Media Player Parsing Remote Code Execution Vulnerability (CVE-2016-0098)
1007485 - Microsoft Windows Media Player Parsing Remote Code Execution Vulnerability (CVE-2016-0101)
1007489 - Microsoft Windows OLE Memory Remote Code Execution Vulnerability (CVE-2016-0091)
1007490 - Microsoft Windows OLE Memory Remote Code Execution Vulnerability (CVE-2016-0092)
1007482 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2016-0121)
1007486 - Microsoft Windows PDF Library Remote Code Execution Vulnerability (CVE-2016-0117)
1007487 - Microsoft Windows PDF Library Remote Code Execution Vulnerability (CVE-2016-0118)


Web Client Internet Explorer/Edge
1007481 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0123)
1007492 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0124)
1007467 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0102)
1007470 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0105)
1007474 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0109)
1007475 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0110)
1007484 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0111)
1007144* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6071)
1007468 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0103)
1007469 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0104)
1007471 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0106)
1007472 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0107)
1007473 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0108)
1007476 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0112)
1007477 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0113)
1007478 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0114)
1007366* - Microsoft Silverlight Runtime Remote Code Execution Vulnerability (CVE-2016-0034)


Web Server Common
1000128* - HTTP Protocol Decoding


Web Server HTTPS
1007491 - Identified Usage Of EXPORT Cipher Suite In SSLv2 Connection


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 16-005 (February 23, 2016)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Backup Server IBM Tivoli Storage Manager FastBack Mount
1007329 - IBM Tivoli Storage Manager FastBack Stack Based Buffer Overflow Vulnerability (CVE-2015-1896)


Backup Server IBM Tivoli Storage Manager FastBack Server
1007350 - IBM Tivoli Storage Manager FastBack Server Opcode 1332 Buffer Overflow (CVE-2015-1925)


DNS Client
1007377* - ISC BIND DNSSEC Key Handler Denial Of Service Vulnerability (CVE-2015-5722)
1007424* - ISC BIND OPT Pseudo-RR Data And ECS Options Denial Of Service Vulnerability (CVE-2015-8705)


Elasticsearch
1007301* - Elasticsearch Remote Code Execution Vulnerability (CVE-2015-5377)


Mail Server Common
1005344* - POP3 Mail Server Possible Brute Force Attempt


Microsoft Office
1007418* - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0022)
1006771* - Microsoft Office Uninitialized Memory Use Vulnerability (CVE-2015-1770)


RADIUS Server
1007455 - Microsoft Windows Network Policy Server RADIUS Implementation DOS Vulnerability (CVE-2016-0050)


Web Application PHP Based
1007404* - Drupal Core Denial Of Service Vulnerability (CVE-2014-9016)
1007403 - Drupal Core Host Header Handler Denial Of Service Vulnerability (CVE-2014-5019)


Web Client Common
1007440 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-0971)
1007330* - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-8651)
1007445 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2016-0976)
1007433 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-0964)
1007434 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-0965)
1007435 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-0966)
1007436 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-0967)
1007437 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-0968)
1007438 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-0969)
1007439 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-0970)
1007441 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-0972)
1007446 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-0977)
1007447 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-0978)
1007448 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-0979)
1007449 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-0981)
1007454 - Adobe Flash Player Type Confusion Vulnerability (CVE-2016-0985)
1006468* - Adobe Flash Player Unspecified Vulnerability (CVE-2015-0313)
1007442 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0973)
1007443 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0974)
1007444 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0975)
1007450 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0982)
1007451 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0983)
1007453 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0984)
1007359 - Adobe Reader And Acrobat PDF Parsing Memory Corruption Vulnerability (CVE-2015-7622)
1006532* - Identified Malicious Adobe Flash SWF File - 1


Web Client Internet Explorer/Edge
1007227* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6140)
1007407* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0063)


Integrity Monitoring Rules:

1005041* - Malware - Suspicious Microsoft Windows Files Detected
1006801* - TMTR-0004: Suspicious Files Detected In Operating System Directories
1007210* - TMTR-0018: Suspicious Files Detected In User Profile Directory
1003019* - Trend Micro Deep Security Agent / Relay


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 16-004 (February 18, 2016)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Client
1007457 - Allowed DNS Resolvers
1007456 - DNS Malformed Response Detected
1007458 - glibc getaddrinfo Stack Based Buffer Overflow Vulnerability (CVE-2015-7547)


Windows Services RPC Server
1007432 - Microsoft Windows Server Message Block Memory Corruption Vulnerability (CVE-2015-2474)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 16-003 (February 9, 2016)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Client
1007402 - ISC BIND APL Data Buffer Overflow Vulnerability (CVE-2015-8704)
1007377 - ISC BIND DNSSEC Key Handler Denial Of Service Vulnerability (CVE-2015-5722)
1007424 - ISC BIND OPT Pseudo-RR Data And ECS Options Denial Of Service Vulnerability (CVE-2015-8705)


Elasticsearch
1007301 - Elasticsearch Remote Code Execution Vulnerability (CVE-2015-5377)


Microsoft Office
1006623* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-1641)
1007418 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0022)
1007419 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0052)
1007420 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0053)
1007421 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0054)
1007422 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0055)
1007423 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0056)


SSL/TLS Server
1007379* - TLS1.2 Signature Hash Algorithm Downgrade Attack Used In SLOTH - Server


TFTP Server
1000966* - TFTP Commands Argument Length And Directory Traversal Restriction


Web Application PHP Based
1007404 - Drupal Core Denial Of Service Vulnerability (CVE-2014-9016)


Web Client Common
1006980* - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-5560)
1007401 - Google Chrome Same-Origin-Policy Security Bypass Vulnerability (CVE-2015-1267)
1007416 - Microsoft PDF Library Buffer Overflow Vulnerability (CVE-2016-0058)
1007427 - Microsoft Windows DLL Loading Vulnerabilities Over WebDAV (MS16-014)
1007250* - Microsoft Windows Integer Underflow Vulnerability (CVE-2015-6130)
1007417 - Microsoft Windows Journal Memory Corruption vulnerability (CVE-2016-0038)
1007415 - Microsoft Windows Reader Vulnerability (CVE-2016-0046)


Web Client Internet Explorer/Edge
1007431 - Microsoft Edge ASLR Bypass Vulnerability (CVE-2016-0080)
1007378* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0024)
1007405 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0060)
1007406 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0061)
1007429 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0062)
1007410 - Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2016-0068)
1007428 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-0059)
1007177* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6086)
1007407 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0063)
1007408 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0064)
1007409 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0067)
1007411 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0071)
1007412 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0072)


Web Client SSL
1006606* - Identified Fraudulent Digital Certificate - 1


Web Server IIS
1007430 - Microsoft .NET Framework Stack Overflow Denial Of Service Vulnerability (CVE-2016-0033)


Windows Services RPC Client
1007381 - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS15-132)
1007426 - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-014)


Integrity Monitoring Rules:

1004950* - Microsoft Visual Studio - New Add-In Created
1003019* - Trend Micro Deep Security Agent / Relay


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 16-002 (January 26, 2016)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

OpenSSL
1007328* - OpenSSL Certificate Missing PSS Parameter Denial Of Service Vulnerability (CVE-2015-3194)


SSL Client
1007382 - Identified MD5 Hash Algorithm In TLS Server Key Exchange Traffic - Client
1007384 - TLS1.2 Signature Hash Algorithm Downgrade Attack Used In SLOTH - Client


SSL/TLS Server
1007380 - Identified MD5 Hash Algorithm In TLS Server Key Exchange Traffic - Server
1007379* - TLS1.2 Signature Hash Algorithm Downgrade Attack Used In SLOTH - Server


Web Client Common
1007385 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-0931)
1007387 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-0933)
1007398 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-0936)
1007390 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-0938)
1007391 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-0939)
1007395 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-0944)
1007396 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-0945)
1007397 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-0946)
1007394 - Adobe Acrobat And Reader Security Bypass Vulnerability (CVE-2016-0943)
1007386 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2016-0932)
1007388 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2016-0934)
1007389 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2016-0937)
1007392 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2016-0940)
1007393 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2016-0941)
1007368* - Microsoft DirectShow Heap Corruption Vulnerability (CVE-2016-0015)
1007250* - Microsoft Windows Integer Underflow Vulnerability (CVE-2015-6130)
1007287* - Microsoft Windows Library Loading Remote Code Execution Vulnerability Over WebDAV (CVE-2015-6128)
1007288* - Microsoft Windows Library Loading Remote Code Execution Vulnerability Over WebDAV (CVE-2015-6132)
1007284* - Microsoft Windows Library Loading Remote Code Execution Vulnerability Over WebDAV (CVE-2015-6133)
1007179 - Oracle Java Runtime Environment TTF/Type1 Font Multiple NULL Pointer Dereferences Vulnerabilities


Web Client Internet Explorer/Edge
1007225* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6136)
1007362* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0002)


Web Server Common
1005496* - Identified HTTP Request Smuggling Attack


Web Server Miscellaneous
1007060 - Red Hat JBoss RichFaces Remote Code Execution Vulnerability (CVE-2015-0279)


Integrity Monitoring Rules:

1003020* - Trend Micro Deep Security Manager


Log Inspection Rules:

1002828* - Application - Secure Shell Daemon (SSHD)
RULE UPDATE: 16-001 (January 12, 2016)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For Web Browser
1002996* - Application Control For Google Chrome Web Browser


DNS Client
1007297* - Microsoft Windows DNS Use After Free Vulnerability (CVE-2015-6125)


Microsoft Office
1007374 - Microsoft Office ASLR Bypass Vulnerability (CVE-2016-0012)
1007373 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0010)
1007375 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0035)


OpenSSL
1007328 - OpenSSL Certificate Missing PSS Parameter Denial Of Service Vulnerability (CVE-2015-3194)


SSL/TLS Server
1007379 - SLOTH - Security Losses From Obsolete And Truncated Transcript Hashes Attack On TLS Server


Web Application Common
1007170* - Identified Suspicious China Chopper Webshell Communication


Web Client Common
1006977* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5557)
1004715* - HTTP Web Client Decoding
1006073* - Heuristic Detection Of Malicious PDF Documents - 6
1007119* - Identified Malicious Adobe Flash SWF File - 2
1006882* - Identified Suspicious Obfuscated JavaScript - 4
1007368 - Microsoft DirectShow Heap Corruption Vulnerability (CVE-2016-0015)
1007364 - Microsoft Windows ASLR Bypass Vulnerability (CVE-2016-0008)
1007370 - Microsoft Windows DLL Loading Vulnerabilities Over WebDAV (MS16-007)
1007062 - Mozilla Firefox Arbitrary JavaScript Execution Vulnerability (CVE-2015-0802)


Web Client Internet Explorer/Edge
1007372 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0003)
1007378 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0024)
1007229* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6142)
1007244* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6159)
1007363 - Microsoft Internet Explorer Same Origin Policy Bypass Vulnerability (CVE-2016-0005)
1007362 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0002)
1007366 - Microsoft Silverlight Runtime Remote Code Execution Vulnerability (CVE-2016-0034)


Web Server RealVNC
1006884* - libvncserver Denial Of Service Vulnerability (CVE-2014-6054)


Windows Services RPC Client
1007369 - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)


Integrity Monitoring Rules:

1003533* - Application - OpenSSH
1003354* - Mail Server - Sendmail


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-039 (December 30, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For Winny P2P
1003086* - Application Control For Winny


Web Application PHP Based
1007298* - Joomla Core Remote Code Execution Vulnerability (CVE-2015-8562)


Web Client Common
1007330 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-8651)
1007331 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8459)
1007332 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8460)
1007335 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8636)
1007343 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8645)
1007342 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-8644)
1007188* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-7652)
1007333 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8634)
1007334 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8635)
1007336 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8638)
1007337 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8639)
1007338 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8640)
1007339 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8641)
1007340 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8642)
1007341 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8643)
1007344 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8646)
1007345 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8647)
1007346 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8648)
1007347 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8649)
1007348 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8650)


Integrity Monitoring Rules:

1006802* - TMTR-0003: Suspicious Files Detected In Operating System Directories


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 15-038 (December 22, 2015)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Client
1007297* - Microsoft Windows DNS Use After Free Vulnerability (CVE-2015-6125)


Web Client Common
1007319 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-8457)
1007316 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2015-8407)
1007313 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2015-8438)
1007310 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2015-8446)
1007323 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-8445)
1007317 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8060)
1007306 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8408)
1007304 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8418)
1007303 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8419)
1007308 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8443)
1007309 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-8444)
1007312 - Adobe Flash Player Type Confusion Vulnerability (CVE-2015-8439)
1007325 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8043)
1007326 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8044)
1007327 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8046)
1007318 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8048)
1007305 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8414)
1007324 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8434)
1007302 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8435)
1007315 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8436)
1007314 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8437)
1007307 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8442)
1007311 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8447)
1007322 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8448)
1007321 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8449)
1007320 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8450)
1006532* - Identified Malicious Adobe Flash SWF File - 1


Web Client Internet Explorer/Edge
1007293 - Microsoft Internet Explorer COmWindowProxy Null Pointer Dereference Vulnerability
1007140* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6065)
1007156* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6085)
1007180* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6088)


Web Server Common
1000128* - HTTP Protocol Decoding


Windows Services RPC Server
1007125 - Remote Access Event Through SMBv1 Protocol Detected
1007121* - Remote Access Event Through SMBv2 Protocol Detected


Integrity Monitoring Rules:

1007295 - Application - chrony


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.