Rule Update

19-054 (October 29, 2019)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1009703 - Identified Domain-Level Groups/Accounts Enumeration Over SMB (ATT&CK T1069, T1087, T1018)


Remote Desktop Protocol Server
1009562 - Identified Remote Desktop Protocol (RDP) Brute Force Attempt (ATT&CK T1076)


Trend Micro OfficeScan
1010041 - Trend Micro ApexOne And OfficeScan Directory Traversal Vulnerability (CVE-2019-18189)
1010040 - Trend Micro ApexOne Command Injection Vulnerability (CVE-2019-18188)
1010039 - Trend Micro OfficeScan Directory Traversal Vulnerability (CVE-2019-18187)


Web Application Common
1010013 - Identified Encoded PowerShell Script Execution on Server
1010035* - PHP EXIF Uninitialized Read Vulnerability (CVE-2019-9640)
1010037 - PHP Out Of Bounds Read Vulnerability (CVE-2018-20783)
1010036 - SDCMS Remote Code Execution Vulnerability (CVE-2018-19520)


Web Server Common
1010044 - PHP Unauthenticated Remote Code Execution Vulnerability (CVE-2019-11043)


Webmin
1010043 - Webmin Unauthenticated Remote Code Execution Vulnerability (CVE-2019-15107)


Windows Remote Management
1009894 - Identified Usage Of Windows Remote Management (ATT&CK T1028)


Windows Services RPC Server DCERPC
1009892 - Identified Domain-Level Credentials Dumping Over DCERPC (ATT&CK T1003)
1009615 - Identified Initialization Of WMI - Server (ATT&CK T1047)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.