Rule Update
17-058 (December 12, 2017)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)
DHCP Server
1008591 - FreeRADIUS Integer Underflow Out Of Bounds Read Vulnerability (CVE-2017-10986)
Microsoft Office
1008788 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2017-11935)
1008661* - Microsoft Office Memory Corruption Vulnerability (CVE-2017-11826)
RRAS Service
1008769 - Microsoft Windows RRAS Service Remote Code Execution Vulnerability (CVE-2017-11885)
Solr Service
1008691* - Apache Solr XML External Entity Expansion Remote Code Execution (CVE-2017-12629)
Unix RPC Services
1008371* - rpcbind Remote Denial Of Service Vulnerability (CVE-2017-8779)
Unix Samba
1008791 - Samba Arbitrary Code Execution Vulnerability (CVE-2017-14746)
VoIP Smart
1008465 - Asterisk PJSIP Heap Overflow Vulnerability (CVE-2017-9372)
Web Client Common
1008736* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 6
1008740* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 7
1008789 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability (CVE-2017-11937)
1008643* - Microsoft Windows Shell Memory Corruption Vulnerability (CVE-2017-8727)
1008672 - Microsoft Windows XML External Entity Information Disclosure Vulnerability (CVE-2017-8710)
Web Client Internet Explorer/Edge
1008771 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11888)
1008772 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11889)
1008774 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11893)
1008780 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11909)
1008781 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11911)
1008783 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11914)
1008784 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11916)
1008785 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11918)
1008682 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11811)
1008775 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-11894)
1008776 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-11895)
1008787 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-11930)
1008770 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11886)
1008773 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11890)
1008777 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11901)
1008778 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11903)
1008779 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11907)
1008782 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11913)
Web Server Apache
1008683* - Apache HTTP Server Memory Corruption Vulnerability (CVE-2017-9788)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1003843* - Microsoft Windows Security Events
1004057* - Microsoft Windows Security Events - 1
1003987* - Microsoft Windows Security Events - 2
1008670 - Microsoft Windows Security Events - 3
Deep Packet Inspection Rules:
DCERPC Services
1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)
DHCP Server
1008591 - FreeRADIUS Integer Underflow Out Of Bounds Read Vulnerability (CVE-2017-10986)
Microsoft Office
1008788 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2017-11935)
1008661* - Microsoft Office Memory Corruption Vulnerability (CVE-2017-11826)
RRAS Service
1008769 - Microsoft Windows RRAS Service Remote Code Execution Vulnerability (CVE-2017-11885)
Solr Service
1008691* - Apache Solr XML External Entity Expansion Remote Code Execution (CVE-2017-12629)
Unix RPC Services
1008371* - rpcbind Remote Denial Of Service Vulnerability (CVE-2017-8779)
Unix Samba
1008791 - Samba Arbitrary Code Execution Vulnerability (CVE-2017-14746)
VoIP Smart
1008465 - Asterisk PJSIP Heap Overflow Vulnerability (CVE-2017-9372)
Web Client Common
1008736* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 6
1008740* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 7
1008789 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability (CVE-2017-11937)
1008643* - Microsoft Windows Shell Memory Corruption Vulnerability (CVE-2017-8727)
1008672 - Microsoft Windows XML External Entity Information Disclosure Vulnerability (CVE-2017-8710)
Web Client Internet Explorer/Edge
1008771 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11888)
1008772 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11889)
1008774 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11893)
1008780 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11909)
1008781 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11911)
1008783 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11914)
1008784 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11916)
1008785 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11918)
1008682 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11811)
1008775 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-11894)
1008776 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-11895)
1008787 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-11930)
1008770 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11886)
1008773 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11890)
1008777 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11901)
1008778 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11903)
1008779 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11907)
1008782 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11913)
Web Server Apache
1008683* - Apache HTTP Server Memory Corruption Vulnerability (CVE-2017-9788)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1003843* - Microsoft Windows Security Events
1004057* - Microsoft Windows Security Events - 1
1003987* - Microsoft Windows Security Events - 2
1008670 - Microsoft Windows Security Events - 3
Featured Stories
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more
Abusing Argo CD, Helm, and Artifact Hub: An Analysis of Supply Chain Attacks in Cloud-Native ApplicationsWe provide an overview of cloud-native tools and examine how cybercriminals can exploit their vulnerabilities to launch supply chain attacks.Read more