Rule Update
17-049 (October 10, 2017)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Backup Server Veritas
1008584* - Veritas Backup Exec Windows Remote File Access (CVE-2005-2611)
HP Intelligent Management Center Dbman
1008506* - HPE Intelligent Management Center Multiple dbman Opcode Command Injection Remote Code Execution Vulnerabilities
Suspicious Server Ransomware Activity
1007580* - Ransomware HTTP Request-1
Web Application Common
1008587* - ImageMagick MagickCore IsOptionMember Denial Of Service Vulnerability (CVE-2016-10252) - 1
1008510* - ImageMagick ReadPESImage Denial Of Service Vulnerability (CVE-2017-11446) - 1
1008608* - ImageMagick WriteHISTOGRAMImage Information Disclosure Vulnerability (CVE-2017-11531) - 1
Web Client Common
1008478* - Microsoft MsMpEng Use After Free Vulnerability (CVE-2017-8540)
1008623 - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8570)
1008628 - Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2017-8743)
1008634 - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11762)
1008643 - Microsoft Windows Shell Memory Corruption Vulnerability (CVE-2017-8727)
1008627 - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-8692)
1008592* - Microsoft Windows Win32k Graphics Multiple Security Vulnerabilities (Sep-2017)
1008642 - Microsoft Windows Win32k Multiple Elevation Of Privilege Vulnerabilities (October-2017)
Web Client Internet Explorer/Edge
1008595* - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8734)
1008637 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11798)
1008638 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11800)
1008586 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8657)
1008631 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8661)
1008624 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8729)
1008597* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8738)
1008625 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8740)
1008640 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-11822)
1008636 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11793)
1008639 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11810)
1008635 - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11763)
Web Server Apache
1008127 - Apache Commons File Upload Boundary Denial Of Service Vulnerability (CVE-2016-3092)
1008618* - Apache HTTP OPTIONS Information Disclosure Vulnerability (CVE-2017-9798)
Web Server Common
1008621* - Disallow Upload Of A JSP File
Web Server Miscellaneous
1008590* - Apache Struts 2 REST Plugin XStream Remote Code Execution Vulnerability (CVE-2017-9805)
1005528* - Identified Apache Struts Allow Direct Member Access Method In HTTP Request
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Backup Server Veritas
1008584* - Veritas Backup Exec Windows Remote File Access (CVE-2005-2611)
HP Intelligent Management Center Dbman
1008506* - HPE Intelligent Management Center Multiple dbman Opcode Command Injection Remote Code Execution Vulnerabilities
Suspicious Server Ransomware Activity
1007580* - Ransomware HTTP Request-1
Web Application Common
1008587* - ImageMagick MagickCore IsOptionMember Denial Of Service Vulnerability (CVE-2016-10252) - 1
1008510* - ImageMagick ReadPESImage Denial Of Service Vulnerability (CVE-2017-11446) - 1
1008608* - ImageMagick WriteHISTOGRAMImage Information Disclosure Vulnerability (CVE-2017-11531) - 1
Web Client Common
1008478* - Microsoft MsMpEng Use After Free Vulnerability (CVE-2017-8540)
1008623 - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8570)
1008628 - Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2017-8743)
1008634 - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11762)
1008643 - Microsoft Windows Shell Memory Corruption Vulnerability (CVE-2017-8727)
1008627 - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-8692)
1008592* - Microsoft Windows Win32k Graphics Multiple Security Vulnerabilities (Sep-2017)
1008642 - Microsoft Windows Win32k Multiple Elevation Of Privilege Vulnerabilities (October-2017)
Web Client Internet Explorer/Edge
1008595* - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8734)
1008637 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11798)
1008638 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11800)
1008586 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8657)
1008631 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8661)
1008624 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8729)
1008597* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8738)
1008625 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8740)
1008640 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-11822)
1008636 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11793)
1008639 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11810)
1008635 - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11763)
Web Server Apache
1008127 - Apache Commons File Upload Boundary Denial Of Service Vulnerability (CVE-2016-3092)
1008618* - Apache HTTP OPTIONS Information Disclosure Vulnerability (CVE-2017-9798)
Web Server Common
1008621* - Disallow Upload Of A JSP File
Web Server Miscellaneous
1008590* - Apache Struts 2 REST Plugin XStream Remote Code Execution Vulnerability (CVE-2017-9805)
1005528* - Identified Apache Struts Allow Direct Member Access Method In HTTP Request
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more
Abusing Argo CD, Helm, and Artifact Hub: An Analysis of Supply Chain Attacks in Cloud-Native ApplicationsWe provide an overview of cloud-native tools and examine how cybercriminals can exploit their vulnerabilities to launch supply chain attacks.Read more