Rule Update
18-051 (September 18, 2018)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)
1008123* - Microsoft Windows Local Security Authority Subsystem Service Denial Of Service Vulnerability (CVE-2016-7237)
1006579* - Microsoft Windows NETLOGON Spoofing Vulnerability (CVE-2015-0005)
1008227* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2017-0147)
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008228* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)
1008306* - Microsoft Windows SMB Remote Code Execution Vulnerability (MS17-010)
1008305* - Microsoft Windows SMBv1 Remote Code Execution Vulnerability
1007432* - Microsoft Windows Server Message Block Memory Corruption Vulnerability (CVE-2015-2474)
1007699* - Oracle Job Scheduler Named Pipe Command Execution Vulnerability
DCERPC Services - Client
1007494* - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability (CVE-2016-1008)
1008300* - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability Over Network Share (CVE-2017-3013)
1007566* - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-1014)
1007695* - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-4140)
1006994* - Executable File Download On Network Share Detected
1005857* - Kingsoft Office Path Subversion Arbitrary DLL Injection Code Execution Vulnerability Over Network Share
1007897* - Microsoft Internet Explorer Information Disclosure Vulnerability Over SMB (CVE-2016-3321)
1006074* - Microsoft Office Chinese Grammar Checking Vulnerability Over Network Share (CVE-2014-1756)
1008284* - Microsoft Office DLL Loading Vulnerability Over Network Share (CVE-2017-0197)
1007592* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (CVE-2016-0160 and CVE-2016-0148)
1007381* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS15-132)
1007369* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
1007426* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-014)
1006554* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)
1006013* - Microsoft Windows Insecure Binary Loading Vulnerability Over Network Share (CVE-2014-0315)
1006292* - Microsoft Windows OLE Remote Code Execution Vulnerability Over SMB
1007531* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128)
1008138* - Microsoft Windows SMB Tree Connect Response Denial Of Service Vulnerability (CVE-2017-0016)
1007120* - SMB DLL Injection Exploit Detected
DNS Client
1007456* - DNS Malformed Response Detected
1008203* - DNSMessenger Malware C&C Traffic Over DNS Protocol
1008204* - DNSMessenger Malware Domain Blocker
Port Mapper Windows
1001033* - Windows Port Mapper Decoder
RTMP Client
1006264* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0549)
1006288* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0551)
Remote Desktop Protocol Server
1006870* - Microsoft Windows Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability (CVE-2015-2373)
1008307* - Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2017-0176)
Web Client Common
1009104* - Adobe Acrobat Reader Out Of Bounds Read Vulnerability (CVE-2017-16397)
1009300 - Google Chrome Cross Site Resource Size Estimation Via OnProgress Events Vulnerability (CVE-2018-6177)
Web Server Miscellaneous
1009298 - SonicWall GMS XML-RPC Remote Code Execution Vulnerability (CVE-2018-9866)
Windows Services RPC Client DCERPC
1007539* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128) - 1
1007538* - Windows Client Port Mapper Decoder
Windows Services RPC Server DCERPC
1007561* - Identified Windows DCERPC AUTH LEVEL CONNECT Password Validate Request
1007054* - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected
1007053* - Remote Schedule Task 'Delete' Through SMBv2 Protocol Detected
1007017* - Remote Schedule Task 'Run' Through SMBv2 Protocol Detected
1007068* - Remote Service Execution Through SMBv2 Protocol Detected
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)
1008123* - Microsoft Windows Local Security Authority Subsystem Service Denial Of Service Vulnerability (CVE-2016-7237)
1006579* - Microsoft Windows NETLOGON Spoofing Vulnerability (CVE-2015-0005)
1008227* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2017-0147)
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008228* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)
1008306* - Microsoft Windows SMB Remote Code Execution Vulnerability (MS17-010)
1008305* - Microsoft Windows SMBv1 Remote Code Execution Vulnerability
1007432* - Microsoft Windows Server Message Block Memory Corruption Vulnerability (CVE-2015-2474)
1007699* - Oracle Job Scheduler Named Pipe Command Execution Vulnerability
DCERPC Services - Client
1007494* - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability (CVE-2016-1008)
1008300* - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability Over Network Share (CVE-2017-3013)
1007566* - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-1014)
1007695* - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-4140)
1006994* - Executable File Download On Network Share Detected
1005857* - Kingsoft Office Path Subversion Arbitrary DLL Injection Code Execution Vulnerability Over Network Share
1007897* - Microsoft Internet Explorer Information Disclosure Vulnerability Over SMB (CVE-2016-3321)
1006074* - Microsoft Office Chinese Grammar Checking Vulnerability Over Network Share (CVE-2014-1756)
1008284* - Microsoft Office DLL Loading Vulnerability Over Network Share (CVE-2017-0197)
1007592* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (CVE-2016-0160 and CVE-2016-0148)
1007381* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS15-132)
1007369* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
1007426* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-014)
1006554* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)
1006013* - Microsoft Windows Insecure Binary Loading Vulnerability Over Network Share (CVE-2014-0315)
1006292* - Microsoft Windows OLE Remote Code Execution Vulnerability Over SMB
1007531* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128)
1008138* - Microsoft Windows SMB Tree Connect Response Denial Of Service Vulnerability (CVE-2017-0016)
1007120* - SMB DLL Injection Exploit Detected
DNS Client
1007456* - DNS Malformed Response Detected
1008203* - DNSMessenger Malware C&C Traffic Over DNS Protocol
1008204* - DNSMessenger Malware Domain Blocker
Port Mapper Windows
1001033* - Windows Port Mapper Decoder
RTMP Client
1006264* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0549)
1006288* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0551)
Remote Desktop Protocol Server
1006870* - Microsoft Windows Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability (CVE-2015-2373)
1008307* - Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2017-0176)
Web Client Common
1009104* - Adobe Acrobat Reader Out Of Bounds Read Vulnerability (CVE-2017-16397)
1009300 - Google Chrome Cross Site Resource Size Estimation Via OnProgress Events Vulnerability (CVE-2018-6177)
Web Server Miscellaneous
1009298 - SonicWall GMS XML-RPC Remote Code Execution Vulnerability (CVE-2018-9866)
Windows Services RPC Client DCERPC
1007539* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128) - 1
1007538* - Windows Client Port Mapper Decoder
Windows Services RPC Server DCERPC
1007561* - Identified Windows DCERPC AUTH LEVEL CONNECT Password Validate Request
1007054* - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected
1007053* - Remote Schedule Task 'Delete' Through SMBv2 Protocol Detected
1007017* - Remote Schedule Task 'Run' Through SMBv2 Protocol Detected
1007068* - Remote Service Execution Through SMBv2 Protocol Detected
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more