Rule Update
18-055 (October 2, 2018)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)
1008123* - Microsoft Windows Local Security Authority Subsystem Service Denial Of Service Vulnerability (CVE-2016-7237)
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1007699* - Oracle Job Scheduler Named Pipe Command Execution Vulnerability
1005140* - Print Spooler Service Format String Vulnerability (CVE-2012-1851)
DCERPC Services - Client
1004821* - Active Accessibility Insecure Library Loading Vulnerability (CVE-2011-1247)
1007494* - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability (CVE-2016-1008)
1007695* - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-4140)
1004930* - Adobe Flash Player Remote Security Bypass Vulnerability Over Network Share (CVE-2012-0756)
1004924* - Color Control Panel Insecure Library Loading Vulnerability Over Network Share (CVE-2010-5082)
1004700* - DFS Memory Corruption Vulnerability (CVE-2011-1868)
1005261* - Foxit Reader Arbitrary DLL Injection Code Execution Vulnerability Over Network Share
1004926* - Indeo Codec Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3138)
1004878* - Internet Explorer Insecure Library Loading Vulnerability Over Network Share (CVE-2011-2019)
1004946* - Microsoft Expression Design Insecure Library Loading Vulnerability Over Network Share (CVE-2012-0016)
1007897* - Microsoft Internet Explorer Information Disclosure Vulnerability Over SMB (CVE-2016-3321)
1005080* - Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability Over Network Share (CVE-2012-1854)
1005281* - Microsoft Windows Briefcase Integer Overflow Vulnerability Over Network Share (CVE-2012-1528)
1007369* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
1007531* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128)
1004897* - Object Packager Insecure Executable Launching Vulnerability Over Network Share (CVE-2012-0009)
1004741* - Oracle Java JRE Insecure Executable Loading Vulnerability Over Network Share
1004877* - PowerPoint Insecure Library Loading Vulnerability Over Network Share (CVE-2011-3396)
1005153* - Print Spooler Service Format String Vulnerability (CVE-2012-1851) II
1005139* - Remote Administration Protocol Denial Of Service Vulnerability (CVE-2012-1850)
1005142* - Remote Administration Protocol Stack Overflow Vulnerability
1004775* - Telnet Handler Remote Code Execution Vulnerability Over Network Share (CVE-2011-1961)
1004797* - Windows Components Insecure Library Loading Vulnerability Over Network Share (CVE-2011-1991)
DNS Client
1008203* - DNSMessenger Malware C&C Traffic Over DNS Protocol
1009135* - Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2018-8225)
Directory Server LDAP
1008842 - OpenLDAP 'deref_parseCtrl' Denial Of Service Vulnerability (CVE-2015-1545)
RTMP Client
1006288* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0551)
1005000* - Adobe Flash Player Object Confusion Vulnerability (CVE-2012-0779)
1005456* - Adobe Flash Player Remote Arbitrary Code Execution Vulnerability (CVE-2013-2555)
Remote Desktop Protocol Client
1009031* - Microsoft Windows CredSSP Remote Code Execution Vulnerability (CVE-2018-0886)
Remote Desktop Protocol Server
1006870* - Microsoft Windows Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability (CVE-2015-2373)
1004949* - Remote Desktop Protocol Vulnerability (CVE-2012-0002)
1005138* - Remote Desktop Protocol Vulnerability (CVE-2012-2526)
Suspicious Client Application Activity
1005067* - Identified Potentially Harmful Client Traffic
1005283* - Identified Potentially Malicious RAT Traffic - I
1005299* - Identified Potentially Malicious RAT Traffic - III
1005300* - Identified Potentially Malicious RAT Traffic - IV
1005473* - Identified Potentially Malicious RAT Traffic - V
1008756* - Identified Potentially Malicious RAT Traffic - VII
1005401* - Identified Suspicious HTTP Traffic
1005294* - TMTR-0004: GHOST RAT HTTP Request
Suspicious Server Application Activity
1005090* - Identified Potentially Harmful Server Traffic
Web Application Common
1009312 - Ghostscript Remote Code Execution Vulnerability (CVE-2018-16509) - 1
1009040* - Identified Directory Traversal Sequence In URI
Web Client Common
1009311 - Ghostscript Remote Code Execution Vulnerability (CVE-2018-16509)
Web Server Apache Tika
1009129 - Apache Tika Chmparser Denial Of Service Vulnerability (CVE-2018-1339)
Windows Services RPC Client DCERPC
1007539* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128) - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008670* - Microsoft Windows Security Events - 3
Deep Packet Inspection Rules:
DCERPC Services
1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)
1008123* - Microsoft Windows Local Security Authority Subsystem Service Denial Of Service Vulnerability (CVE-2016-7237)
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1007699* - Oracle Job Scheduler Named Pipe Command Execution Vulnerability
1005140* - Print Spooler Service Format String Vulnerability (CVE-2012-1851)
DCERPC Services - Client
1004821* - Active Accessibility Insecure Library Loading Vulnerability (CVE-2011-1247)
1007494* - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability (CVE-2016-1008)
1007695* - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-4140)
1004930* - Adobe Flash Player Remote Security Bypass Vulnerability Over Network Share (CVE-2012-0756)
1004924* - Color Control Panel Insecure Library Loading Vulnerability Over Network Share (CVE-2010-5082)
1004700* - DFS Memory Corruption Vulnerability (CVE-2011-1868)
1005261* - Foxit Reader Arbitrary DLL Injection Code Execution Vulnerability Over Network Share
1004926* - Indeo Codec Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3138)
1004878* - Internet Explorer Insecure Library Loading Vulnerability Over Network Share (CVE-2011-2019)
1004946* - Microsoft Expression Design Insecure Library Loading Vulnerability Over Network Share (CVE-2012-0016)
1007897* - Microsoft Internet Explorer Information Disclosure Vulnerability Over SMB (CVE-2016-3321)
1005080* - Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability Over Network Share (CVE-2012-1854)
1005281* - Microsoft Windows Briefcase Integer Overflow Vulnerability Over Network Share (CVE-2012-1528)
1007369* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
1007531* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128)
1004897* - Object Packager Insecure Executable Launching Vulnerability Over Network Share (CVE-2012-0009)
1004741* - Oracle Java JRE Insecure Executable Loading Vulnerability Over Network Share
1004877* - PowerPoint Insecure Library Loading Vulnerability Over Network Share (CVE-2011-3396)
1005153* - Print Spooler Service Format String Vulnerability (CVE-2012-1851) II
1005139* - Remote Administration Protocol Denial Of Service Vulnerability (CVE-2012-1850)
1005142* - Remote Administration Protocol Stack Overflow Vulnerability
1004775* - Telnet Handler Remote Code Execution Vulnerability Over Network Share (CVE-2011-1961)
1004797* - Windows Components Insecure Library Loading Vulnerability Over Network Share (CVE-2011-1991)
DNS Client
1008203* - DNSMessenger Malware C&C Traffic Over DNS Protocol
1009135* - Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2018-8225)
Directory Server LDAP
1008842 - OpenLDAP 'deref_parseCtrl' Denial Of Service Vulnerability (CVE-2015-1545)
RTMP Client
1006288* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0551)
1005000* - Adobe Flash Player Object Confusion Vulnerability (CVE-2012-0779)
1005456* - Adobe Flash Player Remote Arbitrary Code Execution Vulnerability (CVE-2013-2555)
Remote Desktop Protocol Client
1009031* - Microsoft Windows CredSSP Remote Code Execution Vulnerability (CVE-2018-0886)
Remote Desktop Protocol Server
1006870* - Microsoft Windows Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability (CVE-2015-2373)
1004949* - Remote Desktop Protocol Vulnerability (CVE-2012-0002)
1005138* - Remote Desktop Protocol Vulnerability (CVE-2012-2526)
Suspicious Client Application Activity
1005067* - Identified Potentially Harmful Client Traffic
1005283* - Identified Potentially Malicious RAT Traffic - I
1005299* - Identified Potentially Malicious RAT Traffic - III
1005300* - Identified Potentially Malicious RAT Traffic - IV
1005473* - Identified Potentially Malicious RAT Traffic - V
1008756* - Identified Potentially Malicious RAT Traffic - VII
1005401* - Identified Suspicious HTTP Traffic
1005294* - TMTR-0004: GHOST RAT HTTP Request
Suspicious Server Application Activity
1005090* - Identified Potentially Harmful Server Traffic
Web Application Common
1009312 - Ghostscript Remote Code Execution Vulnerability (CVE-2018-16509) - 1
1009040* - Identified Directory Traversal Sequence In URI
Web Client Common
1009311 - Ghostscript Remote Code Execution Vulnerability (CVE-2018-16509)
Web Server Apache Tika
1009129 - Apache Tika Chmparser Denial Of Service Vulnerability (CVE-2018-1339)
Windows Services RPC Client DCERPC
1007539* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128) - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008670* - Microsoft Windows Security Events - 3
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more