Rule Update
15-017 (June 9, 2015)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Application Control For Remote Login
1002508* - Application Control For RDP
HP Intelligent Management Center (IMC)
1005476* - HP Intelligent Management Center Multiple Information Disclosure Vulnerabilities
Microsoft Office
1006771 - Microsoft Office Uninitialized Memory Use Vulnerability (CVE-2015-1770)
1006769 - Microsoft Office Use After Free Vulnerability (CVE-2015-1759)
1006770 - Microsoft Office Use After Free Vulnerability (CVE-2015-1760)
OpenSSL Client
1006318* - Multiple Browser Wildcard Certificate Spoofing Vulnerability
1006546* - OpenSSL ECDHE Downgrade Vulnerability (CVE-2014-3572)
Suspicious Server Application Activity
1001164* - Detected Terminal Services (RDP) Server Traffic
VoIP Soft Phones
1006537* - Asterisk Open Source SIP SUBSCRIBE Request Denial Of Service Vulnerability
Web Application Common
1000552* - Generic Cross Site Scripting(XSS) Prevention
1005402* - Identified Suspicious User Agent In HTTP Request
Web Client Apple Safari
1004362* - Apple Safari For Windows Long Link DoS
Web Client Common
1006533* - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-0311) - 1
1006772 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3096)
1006773 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3098)
1006774 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3099)
1006776 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3102)
1006286* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2014-0556)
1006778 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-3104)
1006365* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-8440)
1006781 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3108)
1006779 - Adobe Flash Player Out Of Bound Write Vulnerability (CVE-2015-3105)
1006589* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0336)
1006775 - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-3100)
1006657 - Adobe Flash Player Remote Integer Overflow Vulnerability (CVE-2014-0569) - 2
1006701* - Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-3077)
1006707* - Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-3084)
1006468* - Adobe Flash Player Unspecified Vulnerability (CVE-2015-0313)
1006777 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3103)
1006780 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3106)
1004715* - HTTP Web Client Decoding
1006598* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability Over HTTP (CVE-2015-0096)
1006619* - Microsoft Windows EMF Processing Remote Code Execution Vulnerability (CVE-2015-1645)
1006782 - Microsoft Windows HTML Application Denial Of Service Vulnerability
Web Client Internet Explorer
1003268* - CSS Memory Corruption Vulnerability (CVE-2009-0076)
1006761 - Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2015-1748)
1006745 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1687)
1006747 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1730)
1006748 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1731)
1006749 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1732)
1006751 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1735)
1006752 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1736)
1006753 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1737)
1006755 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1740)
1006756 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1741)
1006757 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1742)
1006758 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1744)
1006759 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1745)
1006760 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1747)
1006762 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1750)
1006763 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1751)
1006764 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1752)
1006765 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1753)
1006766 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1755)
1006767 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1766)
1005110* - Novell iPrint Client 'nipplib.dll' GetDriverSettings Realm Remote Code Execution Vulnerability
Web Client SSL
1006606* - Identified Fraudulent Digital Certificate - 1
Web Server Miscellaneous
1004189* - RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
Web Server SharePoint
1003815* - Microsoft SharePoint Team Services Download Feature Source Code Information Disclosure Vulnerability
Windows Services RPC Client
1003293* - Block Conficker.B++ Worm Outgoing Named Pipe Connection
1006554* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)
Integrity Monitoring Rules:
1005041* - Malware - Suspicious Microsoft Windows Files Detected
1005042* - Malware - Suspicious Microsoft Windows Registry Entries Detected
1006677 - Suspicious Files Detected In Operating System Directories
1006658 - Suspicious Files Detected In Temporary Directories
1006683* - Suspicious Running Processes Detected
1003002* - Web Browser - Internet Explorer
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Application Control For Remote Login
1002508* - Application Control For RDP
HP Intelligent Management Center (IMC)
1005476* - HP Intelligent Management Center Multiple Information Disclosure Vulnerabilities
Microsoft Office
1006771 - Microsoft Office Uninitialized Memory Use Vulnerability (CVE-2015-1770)
1006769 - Microsoft Office Use After Free Vulnerability (CVE-2015-1759)
1006770 - Microsoft Office Use After Free Vulnerability (CVE-2015-1760)
OpenSSL Client
1006318* - Multiple Browser Wildcard Certificate Spoofing Vulnerability
1006546* - OpenSSL ECDHE Downgrade Vulnerability (CVE-2014-3572)
Suspicious Server Application Activity
1001164* - Detected Terminal Services (RDP) Server Traffic
VoIP Soft Phones
1006537* - Asterisk Open Source SIP SUBSCRIBE Request Denial Of Service Vulnerability
Web Application Common
1000552* - Generic Cross Site Scripting(XSS) Prevention
1005402* - Identified Suspicious User Agent In HTTP Request
Web Client Apple Safari
1004362* - Apple Safari For Windows Long Link DoS
Web Client Common
1006533* - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-0311) - 1
1006772 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3096)
1006773 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3098)
1006774 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3099)
1006776 - Adobe Flash Player Cross Domain Policy Bypass Vulnerability (CVE-2015-3102)
1006286* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2014-0556)
1006778 - Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-3104)
1006365* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-8440)
1006781 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-3108)
1006779 - Adobe Flash Player Out Of Bound Write Vulnerability (CVE-2015-3105)
1006589* - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0336)
1006775 - Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-3100)
1006657 - Adobe Flash Player Remote Integer Overflow Vulnerability (CVE-2014-0569) - 2
1006701* - Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-3077)
1006707* - Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-3084)
1006468* - Adobe Flash Player Unspecified Vulnerability (CVE-2015-0313)
1006777 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3103)
1006780 - Adobe Flash Player Use After Free Vulnerability (CVE-2015-3106)
1004715* - HTTP Web Client Decoding
1006598* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability Over HTTP (CVE-2015-0096)
1006619* - Microsoft Windows EMF Processing Remote Code Execution Vulnerability (CVE-2015-1645)
1006782 - Microsoft Windows HTML Application Denial Of Service Vulnerability
Web Client Internet Explorer
1003268* - CSS Memory Corruption Vulnerability (CVE-2009-0076)
1006761 - Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2015-1748)
1006745 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1687)
1006747 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1730)
1006748 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1731)
1006749 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1732)
1006751 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1735)
1006752 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1736)
1006753 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1737)
1006755 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1740)
1006756 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1741)
1006757 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1742)
1006758 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1744)
1006759 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1745)
1006760 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1747)
1006762 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1750)
1006763 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1751)
1006764 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1752)
1006765 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1753)
1006766 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1755)
1006767 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1766)
1005110* - Novell iPrint Client 'nipplib.dll' GetDriverSettings Realm Remote Code Execution Vulnerability
Web Client SSL
1006606* - Identified Fraudulent Digital Certificate - 1
Web Server Miscellaneous
1004189* - RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
Web Server SharePoint
1003815* - Microsoft SharePoint Team Services Download Feature Source Code Information Disclosure Vulnerability
Windows Services RPC Client
1003293* - Block Conficker.B++ Worm Outgoing Named Pipe Connection
1006554* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)
Integrity Monitoring Rules:
1005041* - Malware - Suspicious Microsoft Windows Files Detected
1005042* - Malware - Suspicious Microsoft Windows Registry Entries Detected
1006677 - Suspicious Files Detected In Operating System Directories
1006658 - Suspicious Files Detected In Temporary Directories
1006683* - Suspicious Running Processes Detected
1003002* - Web Browser - Internet Explorer
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more