Rule Update
18-019 (April 3, 2018)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008445* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8543)
Database Microsoft SQL
1008759 - Microsoft SQL Server 'EXECUTE AS' Privilege Escalation Vulnerability
HP Intelligent Management Center (IMC)
1008905 - HPE Intelligent Management Center 'UrlAccessController' Authentication Bypass Vulnerability (CVE-2017-8982)
HP Intelligent Management Center Dbman
1008909 - HPE Intelligent Management Center 'dbman' Stack-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2017-8981)
Mail Client Windows
1002444* - Novell GroupWise Client mailto: Scheme Buffer Overflow
OpenSSL
1008268 - OpenSSL ChaCha20/Poly1305 Buffer Overflow Vulnerability (CVE-2017-3731)
1008810 - OpenSSL Invalid PSS Parameters Segmentation Fault Vulnerability (CVE-2015-0208)
SSL/TLS Server
1008662 - Microsoft Windows SChannel Spoofing Vulnerability (CVE-2009-0085)
Trend Micro OfficeScan
1008811 - Trend Micro OfficeScan Memory Corruption Vulnerability (CVE-2017-14089)
VoIP Smart
1008844 - Asterisk 'cdr_object_update_party_b_userfield_cb' Buffer Overflow Vulnerability (CVE-2017-16671)
VoIP Soft Phones
1008654 - Digium Asterisk app_minivm Caller-ID Command Execution Vulnerability (CVE-2017-14100)
Web Application Common
1005934* - Identified Suspicious Command Injection Attack
Web Application PHP Based
1008970* - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7600)
1008919 - PHP 'var_unserializer.c' Buffer Overflow Vulnerability (CVE-2016-10161)
1008665 - PHP Heap Based Buffer Overflow Vulnerability (CVE-2017-12932)
1008904 - PHP Unserialize Use After Free Vulnerability (CVE-2016-9138)
Web Client Common
1008883* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 2
1008885* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 5
1008809 - Google Chrome V8 Crankshaft Type Confusion Vulnerability (CVE-2017-5070)
1008908 - Microsoft Windows EOT Font Engine Information Disclosure Vulnerability (CVE-2018-0755)
1008633 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2017-8676)
Web Client Internet Explorer/Edge
1008807 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11839)
1008868* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0835)
1005284* - Microsoft Internet Explorer Mouse Tracking Vulnerability
Web Server IIS
1003671* - Microsoft ASP.NET Remote Unauthenticated Denial Of Service Vulnerability (CVE-2009-1536)
Web Server Miscellaneous
1008674* - IBM Informix Open Admin Tool Remote Code Execution Vulnerability (CVE-2017-1092)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008670* - Microsoft Windows Security Events - 3
Deep Packet Inspection Rules:
DCERPC Services
1008445* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8543)
Database Microsoft SQL
1008759 - Microsoft SQL Server 'EXECUTE AS' Privilege Escalation Vulnerability
HP Intelligent Management Center (IMC)
1008905 - HPE Intelligent Management Center 'UrlAccessController' Authentication Bypass Vulnerability (CVE-2017-8982)
HP Intelligent Management Center Dbman
1008909 - HPE Intelligent Management Center 'dbman' Stack-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2017-8981)
Mail Client Windows
1002444* - Novell GroupWise Client mailto: Scheme Buffer Overflow
OpenSSL
1008268 - OpenSSL ChaCha20/Poly1305 Buffer Overflow Vulnerability (CVE-2017-3731)
1008810 - OpenSSL Invalid PSS Parameters Segmentation Fault Vulnerability (CVE-2015-0208)
SSL/TLS Server
1008662 - Microsoft Windows SChannel Spoofing Vulnerability (CVE-2009-0085)
Trend Micro OfficeScan
1008811 - Trend Micro OfficeScan Memory Corruption Vulnerability (CVE-2017-14089)
VoIP Smart
1008844 - Asterisk 'cdr_object_update_party_b_userfield_cb' Buffer Overflow Vulnerability (CVE-2017-16671)
VoIP Soft Phones
1008654 - Digium Asterisk app_minivm Caller-ID Command Execution Vulnerability (CVE-2017-14100)
Web Application Common
1005934* - Identified Suspicious Command Injection Attack
Web Application PHP Based
1008970* - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7600)
1008919 - PHP 'var_unserializer.c' Buffer Overflow Vulnerability (CVE-2016-10161)
1008665 - PHP Heap Based Buffer Overflow Vulnerability (CVE-2017-12932)
1008904 - PHP Unserialize Use After Free Vulnerability (CVE-2016-9138)
Web Client Common
1008883* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 2
1008885* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 5
1008809 - Google Chrome V8 Crankshaft Type Confusion Vulnerability (CVE-2017-5070)
1008908 - Microsoft Windows EOT Font Engine Information Disclosure Vulnerability (CVE-2018-0755)
1008633 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2017-8676)
Web Client Internet Explorer/Edge
1008807 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11839)
1008868* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0835)
1005284* - Microsoft Internet Explorer Mouse Tracking Vulnerability
Web Server IIS
1003671* - Microsoft ASP.NET Remote Unauthenticated Denial Of Service Vulnerability (CVE-2009-1536)
Web Server Miscellaneous
1008674* - IBM Informix Open Admin Tool Remote Code Execution Vulnerability (CVE-2017-1092)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008670* - Microsoft Windows Security Events - 3
Featured Stories
When AI Becomes a Zero-Day Machine: What Public Sector Organizations Need to KnowClaude Mythos Preview shows how AI can rapidly discover and weaponize zero-day vulnerabilities—transforming once human-scale threats into machine-speed attacks. As these capabilities spread, public sector organizations must rely on trusted, proactive defenders like TrendAI™ ZDI to stay ahead of an AI-driven threat landscape.Read more
Hunt Them All: An AI-Powered Vulnerability Sweep of 19,000 MCP ServersIn this research, we analyzed over 19,000 open-source MCP server repositories to uncover how much AI-generated code they contain and how many harbor exploitable vulnerabilities.Read more
Update on Exposed MCP Servers: The Threat Widens to the CloudExposed Model Context Protocol (MCP) servers have become powerful vectors for cloud attacks, enabling threat actors to not only access sensitive data but also take control of the cloud services themselves.Read more
Old Vulnerabilities, New AI Era, Amplified Risk: How Outdated Flaws Continue to Fuel the N-Day Exploit MarketEven as AI adoption accelerates, old exploits remain overlooked weaknesses. Underground trends show a renewed demand for exploits, with cybercriminals relying on aging but still effective vulnerabilities. We examine this blind spot and why long-standing issues need to be addressed.Read more