Rule Update
16-028 (September 27, 2016)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1007598* - Identified Possible Ransomware File Rename Activity Over Network Share
Microsoft Office
1002929* - Microsoft Excel Calendar Object Validation Vulnerability
1007887* - Microsoft Graphics Component Memory Corruption Vulnerability (CVE-2016-3318)
1007884* - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3313)
NFS Server
1003401* - Disallow Device Node Creation Over NFS
OpenSSL
1007970 - OpenSSL OCSP Status Request Denial Of Service Vulnerability (CVE-2016-6304)
Web Application Common
1007518* - Identified Reflected File Download Attack
Web Application PHP Based
1007948* - Drupal RESTWS Module Page Callback Remote Code Execution Vulnerability
1007459* - Drupal XRDS Document Denial Of Service Vulnerability (CVE-2014-5267)
1007254* - PHP SplDoublyLinkedList Use After Free Vulnerability
1007252* - PHP jui_filter_rule Parsing Library Remote Code Execution Vulnerability
Web Application Ruby Based
1007530* - Ruby On Rails Action View Remote Code Execution Vulnerability (CVE-2016-0752)
Web Client Common
1007965 - Adobe Acrobat And Reader FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (APSB16-26) - 1
1007966 - Adobe Acrobat And Reader FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (APSB16-26) - 2
1007967 - Adobe Acrobat And Reader Font Stream Parsing Multiple Out-Of-Bounds Read Information Disclosure Vulnerability (APSB16-26) - 3
1007806 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2016-1103)
1007803 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1099)
1007804 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1100)
1007805 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1102)
1007808 - Adobe Flash Player Type Confusion Vulnerability (CVE-2016-1105)
1007565* - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1013)
1007802 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1097)
1007809 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1106)
1007810 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1109)
1007758* - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4227)
1007880* - Microsoft PDF Remote Code Execution Vulnerability (CVE-2016-3319)
1007936* - Microsoft Windows Elevation Of Privilege Vulnerability (CVE-2016-3373)
1007881* - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3301)
1007883* - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3304)
1007951 - Microsoft XML Core Services XMLHttpRequest 'SetCookie2' Header Information Disclosure Vulnerability
1005924* - Restrict Download Of EICAR Test File Over HTTP
Web Client Internet Explorer/Edge
1007615* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0191)
1007878* - Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3326)
1007428* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-0059)
1007896* - Microsoft Internet Explorer Information Disclosure Vulnerability Over WebDAV (CVE-2016-3321)
1007613* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0189)
Web Server Common
1007872* - HTTP Proxy Header Injection Vulnerabilities
1007185* - Java Unserialize Remote Code Execution Vulnerability
1007914* - Symfony Security Component Denial Of Service Vulnerability
Web Server Miscellaneous
1007646* - Apache Struts JRE URLDecoder Cross-Site Scripting Vulnerability (CVE-2016-4003)
1007737* - Apache Struts Url Validator Denial Of Service Vulnerability (CVE-2016-4465)
1005221* - Identified Suspicious Novell ZENworks Asset Management rtrlet Component Authentication Bypass
Windows Services RPC Client
1007913 - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
1007912 - Identified Possible Ransomware File Rename Activity Over Network Share - Client
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1007598* - Identified Possible Ransomware File Rename Activity Over Network Share
Microsoft Office
1002929* - Microsoft Excel Calendar Object Validation Vulnerability
1007887* - Microsoft Graphics Component Memory Corruption Vulnerability (CVE-2016-3318)
1007884* - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3313)
NFS Server
1003401* - Disallow Device Node Creation Over NFS
OpenSSL
1007970 - OpenSSL OCSP Status Request Denial Of Service Vulnerability (CVE-2016-6304)
Web Application Common
1007518* - Identified Reflected File Download Attack
Web Application PHP Based
1007948* - Drupal RESTWS Module Page Callback Remote Code Execution Vulnerability
1007459* - Drupal XRDS Document Denial Of Service Vulnerability (CVE-2014-5267)
1007254* - PHP SplDoublyLinkedList Use After Free Vulnerability
1007252* - PHP jui_filter_rule Parsing Library Remote Code Execution Vulnerability
Web Application Ruby Based
1007530* - Ruby On Rails Action View Remote Code Execution Vulnerability (CVE-2016-0752)
Web Client Common
1007965 - Adobe Acrobat And Reader FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (APSB16-26) - 1
1007966 - Adobe Acrobat And Reader FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (APSB16-26) - 2
1007967 - Adobe Acrobat And Reader Font Stream Parsing Multiple Out-Of-Bounds Read Information Disclosure Vulnerability (APSB16-26) - 3
1007806 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2016-1103)
1007803 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1099)
1007804 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1100)
1007805 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1102)
1007808 - Adobe Flash Player Type Confusion Vulnerability (CVE-2016-1105)
1007565* - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1013)
1007802 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1097)
1007809 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1106)
1007810 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1109)
1007758* - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4227)
1007880* - Microsoft PDF Remote Code Execution Vulnerability (CVE-2016-3319)
1007936* - Microsoft Windows Elevation Of Privilege Vulnerability (CVE-2016-3373)
1007881* - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3301)
1007883* - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3304)
1007951 - Microsoft XML Core Services XMLHttpRequest 'SetCookie2' Header Information Disclosure Vulnerability
1005924* - Restrict Download Of EICAR Test File Over HTTP
Web Client Internet Explorer/Edge
1007615* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0191)
1007878* - Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3326)
1007428* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-0059)
1007896* - Microsoft Internet Explorer Information Disclosure Vulnerability Over WebDAV (CVE-2016-3321)
1007613* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0189)
Web Server Common
1007872* - HTTP Proxy Header Injection Vulnerabilities
1007185* - Java Unserialize Remote Code Execution Vulnerability
1007914* - Symfony Security Component Denial Of Service Vulnerability
Web Server Miscellaneous
1007646* - Apache Struts JRE URLDecoder Cross-Site Scripting Vulnerability (CVE-2016-4003)
1007737* - Apache Struts Url Validator Denial Of Service Vulnerability (CVE-2016-4465)
1005221* - Identified Suspicious Novell ZENworks Asset Management rtrlet Component Authentication Bypass
Windows Services RPC Client
1007913 - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
1007912 - Identified Possible Ransomware File Rename Activity Over Network Share - Client
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more