Deep Security Center

RULE UPDATE: 16-019 (June 15, 2016)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Client Common
1007696 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4171)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 16-018 (June 14, 2016)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1007598* - Identified Possible Ransomware File Rename Activity Over Network Share
1007070* - Remote PWDUMP Through SMBv1 Protocol Detected


Microsoft Office
1007667 - Microsoft Office Information Disclosure Vulnerability (CVE-2016-3234)
1007663 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0025)
1007666 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3233)
1007059* - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-2545)


Suspicious Client Application Activity
1007534 - Ransomware Crydap
1007578* - Ransomware CryptFile
1007579* - Ransomware HTTP Request
1007581* - Ransomware Lectool


Suspicious Server Application Activity
1007580* - Ransomware HTTP Request-1
1007582* - Ransomware Lectool-1


Symantec Alert Management System
1003488* - Multiple Symantec Products Intel Common Base Agent Remote Command Execution Vulnerability


Web Application PHP Based
1007272* - PHP SPL ArrayObject Use After Free Vulnerability


Web Client Common
1007638* - Adobe Flash Player Type Confusion Overflow Vulnerability (CVE-2016-4117)
1007563* - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1011)
1005753* - IBM Java Multiple Vulnerabilities
1007644 - Identified Download Of Suspicious SCT File Over HTTP
1007698 - Microsoft Windows ATMFD.DLL Elevation Of Privilege Vulnerability (CVE-2016-3220)
1007668 - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-3216)
1007664 - Microsoft Windows PDF Information Disclosure Vulnerability (CVE-2016-3201)
1007659 - Microsoft Windows PDF Information Disclosure Vulnerability (CVE-2016-3215)
1007486* - Microsoft Windows PDF Library Remote Code Execution Vulnerability (CVE-2016-0117)
1007665 - Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2016-3203)
1007296 - Oracle Data Quality Trillium Based Set Basic Preview Data Type Remote Code Execution Vulnerability (CVE-2015-4759)


Web Client Internet Explorer/Edge
1007662 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3222)
1007661 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-3199)
1007660 - Microsoft Edge Security Feature Bypass Vulnerability (CVE-2016-3198)
1007652 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0199)
1007653 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0200)
1007654 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3205)
1007655 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3206)
1007656 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3207)
1007657 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3210)


Web Server Common
1000128* - HTTP Protocol Decoding
1007651 - Identified Absence Of Configured CDN/Reverse Proxy HTTP Header


Web Server IIS
1000389* - Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability


Windows Services RPC Server DCERPC
1007054* - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1003447* - Web Server - Apache
RULE UPDATE: 16-017 (June 3, 2016)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Suspicious Client Application Activity
1007578* - Ransomware CryptFile
1007576* - Ransomware Cryptesla
1007577* - Ransomware Hydra


Web Client Common
1007624* - Microsoft Windows Media Center Remote Code Execution Vulnerability (CVE-2016-0185)


Web Client Internet Explorer/Edge
1007613* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0189)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 16-016 (May 24, 2016)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1007596* - Identified Suspicious File Extension Rename Activity Over Network Share
1007598* - Identified Suspicious Rename Activity Over Network Share


SAP Netweaver Server
1007639 - Identified Unauthorized Access Of Servlets Over Web


Suspicious Client Application Activity
1007578* - Ransomware CryptFile
1007576* - Ransomware Cryptesla
1007579* - Ransomware HTTP Request
1007577* - Ransomware Hydra
1007581* - Ransomware Lectool
1007602* - Ransomware Locky
1007601* - Ransomware TCP Request


Suspicious Server Application Activity
1007580* - Ransomware HTTP Request-1
1007582* - Ransomware Lectool-1
1007533* - Ransomware TCP Request-1


Web Application Common
1007609* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)


Web Application PHP Based
1007641 - Magento Unauthenticated Arbitrary File Write Vulnerability (CVE-2016-4010)


Web Client Common
1007515* - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-1001)
1007635* - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-1101)
1007571 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0997)
1007543 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0998)
1007541 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1000)
1007611* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714) - 1
1007485* - Microsoft Windows Media Player Parsing Remote Code Execution Vulnerability (CVE-2016-0101)


Web Client Internet Explorer/Edge
1007372* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0003)


Web Server Common
1002628* - Adobe RoboHelp Server SQL Injection Vulnerability


Web Server Miscellaneous
1007607* - RedHat JBoss Operations Network ContentManager Remote Code Execution Vulnerability (CVE-2015-0297)
1007606* - RedHat JBoss WildFly Application Server Information Disclosure Vulnerability (CVE-2016-0793)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 16-015 (May 17, 2016)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

TFTP Server
1003955* - TFTP Server Packet Handling Remote Buffer Overflow Vulnerability


Web Client Common
1007635 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-1101)
1007636 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1096)
1007637 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1098)
1007638 - Adobe Flash Player Type Confusion Overflow Vulnerability (CVE-2016-4117)
1007542 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0999)
1007626 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1107)
1007628 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1108)
1007627 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1110)


Web Client Internet Explorer/Edge
1007616* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-0193)


Integrity Monitoring Rules:

1003370* - Application - OpenSSL
1003334* - Application - Samba


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 16-014 (May 10, 2016)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Application Control For File Sharing
1007608 - Application Control For Amazon Cloud Drive
1007605 - Application Control For BOX


Microsoft Office
1007619 - Microsoft Office Graphics RCE Vulnerability (CVE-2016-0183)
1007617 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0126)
1007618 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0140)


Suspicious Client Application Activity
1007578 - Ransomware CryptFile
1007576* - Ransomware Cryptesla
1007579 - Ransomware HTTP Request
1007577* - Ransomware Hydra
1007581* - Ransomware Lectool
1007602 - Ransomware Locky
1007601 - Ransomware TCP Request


Suspicious Server Application Activity
1007580 - Ransomware HTTP Request-1
1007582* - Ransomware Lectool-1
1007533 - Ransomware TCP Request-1


Web Application Common
1007609* - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)


Web Application PHP Based
1007597* - Joomla Akeeba Kickstart Unserialize Remote Code Execution Vulnerability (CVE-2014-7228)
1006786* - PHP exif_process_unicode() Function Uninitialized Pointer Freeing Remote Code Execution Vulnerability
1007178* - WordPress Font Plugin Path Traversal Vulnerability (CVE-2015-7683)


Web Application Ruby Based
1007520* - RubyGems Actionpack Denial Of Service Vulnerability (CVE-2013-6414)


Web Client Common
1007629 - Adobe Acrobat And Reader Integer Overflow Vulnerability (CVE-2016-1043)
1007630 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-1063)
1007633 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-1073)
1007631 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2016-1065)
1007632 - Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2016-1070)
1007078* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-5574)
1007453* - Adobe Flash Player Use After Free Vulnerability (CVE-2016-0984)
1007568* - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1016)
1007594* - Apple QuickTime 'moov' Atom Heap Corruption Remote Code Execution Vulnerability
1007595* - Apple QuickTime Atom Processing Heap Corruption Remote Code Execution Vulnerability
1007611 - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714) - 1
1007620 - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-0168)
1007621 - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-0169)
1007622 - Microsoft Windows Graphics Component RCE Vulnerability (CVE-2016-0170)
1007624 - Microsoft Windows Media Center Remote Code Execution Vulnerability (CVE-2016-0185)
1007537 - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2016-0120)


Web Client Internet Explorer/Edge
1007615 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0191)
1007616 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-0193)
1007614 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0192)
1007177* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6086)
1007407* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0063)
1007471* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0106)
1007612 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0187)
1007613 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0189)
1007623 - Microsoft Windows Direct3D Use After Free Vulnerability (CVE-2016-0184)


Web Server Common
1007213 - Disallow Upload Of A Class File
1007212 - Disallow Upload Of An Archive File


Web Server Miscellaneous
1007532* - JBoss Application Server Unauthenticated Remote Command Execution Vulnerability
1007607 - RedHat JBoss Operations Network ContentManager Remote Code Execution Vulnerability (CVE-2015-0297)
1007606 - RedHat JBoss WildFly Application Server Information Disclosure Vulnerability (CVE-2016-0793)


Windows Services RPC Server
1007596* - Identified Suspicious File Extension Rename Activity Over Network Share


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 16-013 (May 5, 2016)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Application Common
1007610 - Identified Usage Of ImageMagick Pseudo Protocols
1007609 - ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 16-012 (April 27, 2016)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Server Miscellaneous
1007603 - Apache Struts Dynamic Method Invocation Remote Code Execution Vulnerability (CVE-2016-3081)
1007604 - Identified Apache Struts Method Prefix In HTTP Request


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 16-011 (April 26, 2016)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Backup Server IBM Tivoli Storage Manager FastBack Server
1007351* - IBM Tivoli Storage Manager FastBack Command Execution Vulnerability (CVE-2015-1949)
1007357* - IBM Tivoli Storage Manager FastBack Server Buffer Overflow (CVE-2015-1929)
1007356* - IBM Tivoli Storage Manager FastBack Server Buffer Overflow Vulnerability (CVE-2015-1924)
1007352* - IBM Tivoli Storage Manager FastBack Server Information Disclosure Vulnerability (CVE-2015-1941)
1007354* - IBM Tivoli Storage Manager FastBack Server Memory Corruption Vulnerability
1007353* - IBM Tivoli Storage Manager FastBack Server Opcode 1301 Remote Code Execution Vulnerability
1007365* - IBM Tivoli Storage Manager FastBack Server Opcode 1335 Remote Code Execution Vulnerability
1007464* - IBM Tivoli Storage Manager FastBack Stack Buffer Overflow Vulnerability (CVE-2015-4931)


HP Intelligent Management Center (IMC)
1005845* - HP Intelligent Management Center sdFileDownload Servlet Remote File Disclosure Vulnerability


TFTP Server
1003955* - TFTP Server Packet Handling Remote Buffer Overflow Vulnerability


Web Application PHP Based
1007597 - Joomla Akeeba Kickstart Unserialize Remote Code Execution Vulnerability (CVE-2014-7228)
1006786 - PHP exif_process_unicode() Function Uninitialized Pointer Freeing Remote Code Execution Vulnerability
1007178 - WordPress Font Plugin Path Traversal Vulnerability (CVE-2015-7683)


Web Application Ruby Based
1007520 - RubyGems Actionpack Denial Of Service Vulnerability (CVE-2013-6414)


Web Client Common
1007536 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8426)
1007600 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-8823)
1007018 - cURL/libcURL Cookie Parser Out Of Bounds Read Remote Code Execution Vulnerability (CVE-2015-3145)


Web Client Internet Explorer/Edge
1004958* - Internet Explorer Exec ActiveX Remote Code Execution
1007552* - Microsoft Edge Elevation Of Privilege Vulnerability (CVE-2016-0161)


Web Server Common
1005434* - Disallow Upload Of A PHP File
1007222* - WordPress Ajax Load More Plugin File Upload Vulnerability


Web Server IIS
1007430* - Microsoft .NET Framework Stack Overflow Denial Of Service Vulnerability (CVE-2016-0033)


Web Server Oracle
1007204* - Oracle WebLogic Server Java Deserialization Objects Remote Code Execution Vulnerability


Windows Services RPC Client
1007494* - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability (CVE-2016-1008)
1007566* - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-1014)
1007592* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (CVE-2016-0160 and CVE-2016-0148)


Windows Services RPC Server
1007596 - Identified Suspicious File Extension Rename Activity Over Network Share
1007598 - Identified Suspicious Rename Activity Over Network Share


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.
RULE UPDATE: 16-010 (April 19, 2016)
* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Client Common
1007594 - Apple QuickTime 'moov' Atom Heap Corruption Remote Code Execution Vulnerability
1007595 - Apple QuickTime Atom Processing Heap Corruption Remote Code Execution Vulnerability
1007136* - Apple Quicktime 'stbl' Remote Code Execution Vulnerability
1007223* - Microsoft GS Wavetable Synth Memory Corruption Vulnerability


Web Server Miscellaneous
1007532 - JBoss Application Server Unauthenticated Remote Command Execution Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.