Rule Update
15-017 (June 9, 2015)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Application Control For Remote Login
1002508* - Application Control For RDP
HP Intelligent Management Center (IMC)
1005476* - HP Intelligent Management Center Multiple Information Disclosure Vulnerabilities
Microsoft Office
1006771 - Microsoft Office Uninitialized Memory Use Vulnerability (CVE-2015-1770)
1006769 - Microsoft Office Use After Free Vulnerability (CVE-2015-1759)
1006770 - Microsoft Office Use After Free Vulnerability (CVE-2015-1760)
OpenSSL Client
1006318* - Multiple Browser Wildcard Certificate Spoofing Vulnerability
1006546* - OpenSSL ECDHE Downgrade Vulnerability (CVE-2014-3572)
Suspicious Server Application Activity
1001164* - Detected Terminal Services (RDP) Server Traffic
VoIP Soft Phones
1006537* - Asterisk Open Source SIP SUBSCRIBE Request Denial Of Service Vulnerability
Web Application Common
1000552* - Generic Cross Site Scripting(XSS) Prevention
1005402* - Identified Suspicious User Agent In HTTP Request
Web Client Apple Safari
1004362* - Apple Safari For Windows Long Link DoS
Web Client Common
1006533* - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-0311) - 1
1006772 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3096)
1006773 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3098)
1006774 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3099)
1006776 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3102)
1006286* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2014-0556)
1006778 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-3104)
1006365* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-8440)
1006781 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3108)
1006779 - Adobe Flash Player Out Of Bound Write Vulnerability (CVE-2015-3105)
1006589* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0336)
1006775 - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-3100)
1006657 - Adobe Flash Player Remote Integer Overflow Vulnerability (CVE-2014-0569) - 2
1006701* - Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-3077)
1006707* - Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-3084)
1006468* - Adobe Flash Player Unspecified Vulnerability (CVE-2015-0313)
1006777 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3103)
1006780 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3106)
1004715* - HTTP Web Client Decoding
1006598* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability Over HTTP (CVE-2015-0096)
1006619* - Microsoft Windows EMF Processing Remote Code Execution Vulnerability (CVE-2015-1645)
1006782 - Microsoft Windows HTML Application Denial Of Service Vulnerability
Web Client Internet Explorer
1003268* - CSS Memory Corruption Vulnerability (CVE-2009-0076)
1006761 - Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2015-1748)
1006745 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1687)
1006747 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1730)
1006748 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1731)
1006749 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1732)
1006751 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1735)
1006752 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1736)
1006753 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1737)
1006755 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1740)
1006756 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1741)
1006757 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1742)
1006758 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1744)
1006759 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1745)
1006760 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1747)
1006762 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1750)
1006763 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1751)
1006764 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1752)
1006765 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1753)
1006766 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1755)
1006767 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1766)
1005110* - Novell iPrint Client 'nipplib.dll' GetDriverSettings Realm Remote Code Execution Vulnerability
Web Client SSL
1006606* - Identified Fraudulent Digital Certificate - 1
Web Server Miscellaneous
1004189* - RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
Web Server SharePoint
1003815* - Microsoft SharePoint Team Services Download Feature Source Code Information Disclosure Vulnerability
Windows Services RPC Client
1003293* - Block Conficker.B++ Worm Outgoing Named Pipe Connection
1006554* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)
Integrity Monitoring Rules:
1005041* - Malware - Suspicious Microsoft Windows Files Detected
1005042* - Malware - Suspicious Microsoft Windows Registry Entries Detected
1006677 - Suspicious Files Detected In Operating System Directories
1006658 - Suspicious Files Detected In Temporary Directories
1006683* - Suspicious Running Processes Detected
1003002* - Web Browser - Internet Explorer
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Application Control For Remote Login
1002508* - Application Control For RDP
HP Intelligent Management Center (IMC)
1005476* - HP Intelligent Management Center Multiple Information Disclosure Vulnerabilities
Microsoft Office
1006771 - Microsoft Office Uninitialized Memory Use Vulnerability (CVE-2015-1770)
1006769 - Microsoft Office Use After Free Vulnerability (CVE-2015-1759)
1006770 - Microsoft Office Use After Free Vulnerability (CVE-2015-1760)
OpenSSL Client
1006318* - Multiple Browser Wildcard Certificate Spoofing Vulnerability
1006546* - OpenSSL ECDHE Downgrade Vulnerability (CVE-2014-3572)
Suspicious Server Application Activity
1001164* - Detected Terminal Services (RDP) Server Traffic
VoIP Soft Phones
1006537* - Asterisk Open Source SIP SUBSCRIBE Request Denial Of Service Vulnerability
Web Application Common
1000552* - Generic Cross Site Scripting(XSS) Prevention
1005402* - Identified Suspicious User Agent In HTTP Request
Web Client Apple Safari
1004362* - Apple Safari For Windows Long Link DoS
Web Client Common
1006533* - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-0311) - 1
1006772 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3096)
1006773 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3098)
1006774 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3099)
1006776 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3102)
1006286* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2014-0556)
1006778 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-3104)
1006365* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-8440)
1006781 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3108)
1006779 - Adobe Flash Player Out Of Bound Write Vulnerability (CVE-2015-3105)
1006589* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0336)
1006775 - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-3100)
1006657 - Adobe Flash Player Remote Integer Overflow Vulnerability (CVE-2014-0569) - 2
1006701* - Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-3077)
1006707* - Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-3084)
1006468* - Adobe Flash Player Unspecified Vulnerability (CVE-2015-0313)
1006777 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3103)
1006780 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3106)
1004715* - HTTP Web Client Decoding
1006598* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability Over HTTP (CVE-2015-0096)
1006619* - Microsoft Windows EMF Processing Remote Code Execution Vulnerability (CVE-2015-1645)
1006782 - Microsoft Windows HTML Application Denial Of Service Vulnerability
Web Client Internet Explorer
1003268* - CSS Memory Corruption Vulnerability (CVE-2009-0076)
1006761 - Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2015-1748)
1006745 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1687)
1006747 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1730)
1006748 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1731)
1006749 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1732)
1006751 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1735)
1006752 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1736)
1006753 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1737)
1006755 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1740)
1006756 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1741)
1006757 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1742)
1006758 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1744)
1006759 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1745)
1006760 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1747)
1006762 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1750)
1006763 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1751)
1006764 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1752)
1006765 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1753)
1006766 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1755)
1006767 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1766)
1005110* - Novell iPrint Client 'nipplib.dll' GetDriverSettings Realm Remote Code Execution Vulnerability
Web Client SSL
1006606* - Identified Fraudulent Digital Certificate - 1
Web Server Miscellaneous
1004189* - RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
Web Server SharePoint
1003815* - Microsoft SharePoint Team Services Download Feature Source Code Information Disclosure Vulnerability
Windows Services RPC Client
1003293* - Block Conficker.B++ Worm Outgoing Named Pipe Connection
1006554* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)
Integrity Monitoring Rules:
1005041* - Malware - Suspicious Microsoft Windows Files Detected
1005042* - Malware - Suspicious Microsoft Windows Registry Entries Detected
1006677 - Suspicious Files Detected In Operating System Directories
1006658 - Suspicious Files Detected In Temporary Directories
1006683* - Suspicious Running Processes Detected
1003002* - Web Browser - Internet Explorer
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more