Rule Update
15-030 (September 22, 2015)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Application Control For File Sharing
1003655* - Application Control For Share NT5
Application Control Packet Size Detection
1007034 - Application Control For Share EX2 P2P
Microsoft Office
1007039* - Microsoft Graphics Component Buffer Overflow Vulnerability (CVE-2015-2510)
1006940* - Microsoft Office Integer Underflow Vulnerability (CVE-2015-2470)
1007040* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2520)
1007050* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2521)
1007051* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2523)
1006323* - Microsoft Office Remote Code Execution Vulnerability (CVE-2014-6333)
1006471* - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-0064)
1007059 - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-2545)
Port Mapper Windows
1001033* - Windows Port Mapper Decoder
Remote Desktop Protocol Server
1004949* - Remote Desktop Protocol Vulnerability (CVE-2012-0002)
TFTP Server
1000929* - 3CDaemon Reserved Device Name DoS
Web Application Common
1000608* - Generic SQL Injection Prevention
Web Application Miscellaneous
1003707* - Adobe JRun 'logviewer.jsp' Directory Traversal Vulnerability
Web Client Common
1006810* - Adobe Flash Player Nellymoser Heap Buffer Overflow Vulnerabilities
1006907 - Google Chrome Type Confusion Remote Code Execution Vulnerability (CVE-2015-1230)
1006996* - Identified Suspicious Microsoft Word RTF File - 1
1006947* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459)
1006949* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2461)
1005351* - Oracle Outside In Technology Paradox Database Stream Filter Vulnerability
1007047* - Windows Media Center Remote Code Execution Vulnerability (CVE-2015-2509)
Web Client Internet Explorer
1007026* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2487)
1007046* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2499)
Web Client Mozilla Firefox
1006954* - Mozilla Firefox PDF Viewer Same Origin Policy Information Disclosure Vulnerability (CVE-2015-4495)
Windows Media Service
1004097* - Media Services Stack-based Buffer Overflow Vulnerability
Windows Services DNS Server RPC Interface
1000986* - Microsoft Windows DNS Server RPC Buffer Overflow
Windows Services RPC Client
1006994 - Executable File Download On Network Share Detected
Windows Services RPC Server
1006995 - Remote Add Job Through SMBv1 Protocol Detected
1007037 - Remote Add Job Through SMBv2 Protocol Detected
1007020 - Remote CreateService Request Detected Through SMBv1 Protocol
1007066 - Remote Delete Job Through SMBv1 Protocol Detected
1007038 - Remote Delete Job Through SMBv2 Protocol Detected
1007035 - Remote DeleteService Request Through SMBv1 Detected
1007070 - Remote PWDUMP Through SMBv1 Protocol Detected
1007057 - Remote Registry Access Through SMBv1 Protocol Detected
1007021 - Remote Registry Access Through SMBv2 Protocol Detected
1007032 - Remote Schedule Task Create Through SMBv1 Protocol Detected
1007033 - Remote Scheduled Task Access Through SMBv1 Protocol Detected
1007069 - Remote Service Execution Through SMBv1 Detected
Windows Services RPC Server DCERPC
1007054 - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected
1007053 - Remote Schedule Task 'Delete' Through SMBv2 Protocol Detected
1007017 - Remote Schedule Task 'Run' Through SMBv2 Protocol Detected
1007068 - Remote Service Execution Through SMBv2 Protocol Detected
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Application Control For File Sharing
1003655* - Application Control For Share NT5
Application Control Packet Size Detection
1007034 - Application Control For Share EX2 P2P
Microsoft Office
1007039* - Microsoft Graphics Component Buffer Overflow Vulnerability (CVE-2015-2510)
1006940* - Microsoft Office Integer Underflow Vulnerability (CVE-2015-2470)
1007040* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2520)
1007050* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2521)
1007051* - Microsoft Office Memory Corruption Vulnerability (CVE-2015-2523)
1006323* - Microsoft Office Remote Code Execution Vulnerability (CVE-2014-6333)
1006471* - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-0064)
1007059 - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-2545)
Port Mapper Windows
1001033* - Windows Port Mapper Decoder
Remote Desktop Protocol Server
1004949* - Remote Desktop Protocol Vulnerability (CVE-2012-0002)
TFTP Server
1000929* - 3CDaemon Reserved Device Name DoS
Web Application Common
1000608* - Generic SQL Injection Prevention
Web Application Miscellaneous
1003707* - Adobe JRun 'logviewer.jsp' Directory Traversal Vulnerability
Web Client Common
1006810* - Adobe Flash Player Nellymoser Heap Buffer Overflow Vulnerabilities
1006907 - Google Chrome Type Confusion Remote Code Execution Vulnerability (CVE-2015-1230)
1006996* - Identified Suspicious Microsoft Word RTF File - 1
1006947* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459)
1006949* - Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2461)
1005351* - Oracle Outside In Technology Paradox Database Stream Filter Vulnerability
1007047* - Windows Media Center Remote Code Execution Vulnerability (CVE-2015-2509)
Web Client Internet Explorer
1007026* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2487)
1007046* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2499)
Web Client Mozilla Firefox
1006954* - Mozilla Firefox PDF Viewer Same Origin Policy Information Disclosure Vulnerability (CVE-2015-4495)
Windows Media Service
1004097* - Media Services Stack-based Buffer Overflow Vulnerability
Windows Services DNS Server RPC Interface
1000986* - Microsoft Windows DNS Server RPC Buffer Overflow
Windows Services RPC Client
1006994 - Executable File Download On Network Share Detected
Windows Services RPC Server
1006995 - Remote Add Job Through SMBv1 Protocol Detected
1007037 - Remote Add Job Through SMBv2 Protocol Detected
1007020 - Remote CreateService Request Detected Through SMBv1 Protocol
1007066 - Remote Delete Job Through SMBv1 Protocol Detected
1007038 - Remote Delete Job Through SMBv2 Protocol Detected
1007035 - Remote DeleteService Request Through SMBv1 Detected
1007070 - Remote PWDUMP Through SMBv1 Protocol Detected
1007057 - Remote Registry Access Through SMBv1 Protocol Detected
1007021 - Remote Registry Access Through SMBv2 Protocol Detected
1007032 - Remote Schedule Task Create Through SMBv1 Protocol Detected
1007033 - Remote Scheduled Task Access Through SMBv1 Protocol Detected
1007069 - Remote Service Execution Through SMBv1 Detected
Windows Services RPC Server DCERPC
1007054 - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected
1007053 - Remote Schedule Task 'Delete' Through SMBv2 Protocol Detected
1007017 - Remote Schedule Task 'Run' Through SMBv2 Protocol Detected
1007068 - Remote Service Execution Through SMBv2 Protocol Detected
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more