Deep Security Center

Page 1 of 19:
1
2
3
4
5
6
7
8
9
10
...
19

RULE UPDATE: 18-057 (October 16, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Asterisk RTP Protocol
1008964 - Digium Asterisk Compound RTCP Out-Of-Bounds Write Vulnerability (CVE-2017-17664)

DCERPC Services - Client
1009331* - Microsoft Filter Manager Elevation Of Privilege Vulnerability (CVE-2018-8333)

Directory Server LDAP
1008842* - OpenLDAP 'deref_parseCtrl' Denial Of Service Vulnerability (CVE-2015-1545)

Mail Server Common
1009117* - Dovecot 'rfc822_parse_domain' Out Of Bounds Read Vulnerability (CVE-2017-14461)

Microsoft Office
1009073* - Microsoft Office Remote Code Execution Vulnerability (CVE-2018-8157)

Remote Desktop Protocol Server
1009343 - Identified Too Many SSL Alert Messages In SSLv3 Over RDP

Web Application Common
1009310 - Microsoft Exchange Server SSRF Vulnerability (CVE-2018-16793)

Web Client Common
1008937 - Apache Subversion Client svn-ssh URL Command Execution Vulnerability (CVE-2017-9800)
1009092* - Foxit PDF Reader JavaScript 'XFA Clone' Remote Code Execution Vulnerability (CVE-2018-3850)
1009237 - Foxit Reader Multiple Security Vulnerabilities - 1
1009231 - Foxit Reader Multiple Security Vulnerabilities - 2
1009236 - Foxit Reader Multiple Security Vulnerabilities - 3
1009232 - Foxit Reader Multiple Security Vulnerabilities - 4
1009235 - Foxit Reader Multiple Security Vulnerabilities - 5
1009147 - Microsoft Windows .NET Framework Device Guard Security Feature Bypass Vulnerability (CVE-2018-1039)
1009171* - Microsoft Windows Shell Remote Code Execution Vulnerability (CVE-2018-8414)
1009238* - Microsoft Windows Shell Remote Code Execution Vulnerability (CVE-2018-8414) - 1
1009338* - Microsoft Windows Shell Remote Code Execution Vulnerability (CVE-2018-8495)

Integrity Monitoring Rules:

1003105* - Database Server - PostgreSQL

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-056 (October 9, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services - Client
1004373* - Identified DLL Side Loading Attempt Over Network Share
1009331 - Microsoft Filter Manager Elevation Of Privilege Vulnerability (CVE-2018-8333)
1009330 - Microsoft MFC Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3190)

FTP Client Windows
1009113 - Multiple FTPShell Client Buffer Overflow Vulnerabilities

Web Application Common
1009312* - Ghostscript Remote Code Execution Vulnerability (CVE-2018-16509) - 1

Web Client Common
1009317 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 10
1009324 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 11
1009320 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 2
1009321 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 3
1009323 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 4
1009325 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 6
1009313 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 7
1009326 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 8
1009327 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 9
1009307* - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2018-8423)
1009341 - Microsoft MFC Insecure Library Loading Vulnerability Over WebDAV (CVE-2010-3190)
1009337 - Microsoft Windows Device Guard Code Integrity Policy Security Feature Bypass Vulnerability (CVE-2018-8492)
1009340 - Microsoft Windows Multiple Security Vulnerabilities (Oct-2018)
1009338 - Microsoft Windows Shell Remote Code Execution Vulnerability (CVE-2018-8495)
1009333 - Microsoft Windows Theme API Remote Code Execution Vulnerability (CVE-2018-8413)

Web Client Internet Explorer/Edge
1009339 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8505)
1009335 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8460)
1009336 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8491)

Web Server Apache Tika
1009129* - Apache Tika Chmparser Denial Of Service Vulnerability (CVE-2018-1339)

Web Server Oracle
1008898* - Oracle E-Business Suite Open Redirect Vulnerability (CVE-2017-3528)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-055 (October 2, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)
1008123* - Microsoft Windows Local Security Authority Subsystem Service Denial Of Service Vulnerability (CVE-2016-7237)
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1007699* - Oracle Job Scheduler Named Pipe Command Execution Vulnerability
1005140* - Print Spooler Service Format String Vulnerability (CVE-2012-1851)

DCERPC Services - Client
1004821* - Active Accessibility Insecure Library Loading Vulnerability (CVE-2011-1247)
1007494* - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability (CVE-2016-1008)
1007695* - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-4140)
1004930* - Adobe Flash Player Remote Security Bypass Vulnerability Over Network Share (CVE-2012-0756)
1004924* - Color Control Panel Insecure Library Loading Vulnerability Over Network Share (CVE-2010-5082)
1004700* - DFS Memory Corruption Vulnerability (CVE-2011-1868)
1005261* - Foxit Reader Arbitrary DLL Injection Code Execution Vulnerability Over Network Share
1004926* - Indeo Codec Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3138)
1004878* - Internet Explorer Insecure Library Loading Vulnerability Over Network Share (CVE-2011-2019)
1004946* - Microsoft Expression Design Insecure Library Loading Vulnerability Over Network Share (CVE-2012-0016)
1007897* - Microsoft Internet Explorer Information Disclosure Vulnerability Over SMB (CVE-2016-3321)
1005080* - Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability Over Network Share (CVE-2012-1854)
1005281* - Microsoft Windows Briefcase Integer Overflow Vulnerability Over Network Share (CVE-2012-1528)
1007369* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
1007531* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128)
1004897* - Object Packager Insecure Executable Launching Vulnerability Over Network Share (CVE-2012-0009)
1004741* - Oracle Java JRE Insecure Executable Loading Vulnerability Over Network Share
1004877* - PowerPoint Insecure Library Loading Vulnerability Over Network Share (CVE-2011-3396)
1005153* - Print Spooler Service Format String Vulnerability (CVE-2012-1851) II
1005139* - Remote Administration Protocol Denial Of Service Vulnerability (CVE-2012-1850)
1005142* - Remote Administration Protocol Stack Overflow Vulnerability
1004775* - Telnet Handler Remote Code Execution Vulnerability Over Network Share (CVE-2011-1961)
1004797* - Windows Components Insecure Library Loading Vulnerability Over Network Share (CVE-2011-1991)

DNS Client
1008203* - DNSMessenger Malware C&C Traffic Over DNS Protocol
1009135* - Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2018-8225)

Directory Server LDAP
1008842 - OpenLDAP 'deref_parseCtrl' Denial Of Service Vulnerability (CVE-2015-1545)

RTMP Client
1006288* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0551)
1005000* - Adobe Flash Player Object Confusion Vulnerability (CVE-2012-0779)
1005456* - Adobe Flash Player Remote Arbitrary Code Execution Vulnerability (CVE-2013-2555)

Remote Desktop Protocol Client
1009031* - Microsoft Windows CredSSP Remote Code Execution Vulnerability (CVE-2018-0886)

Remote Desktop Protocol Server
1006870* - Microsoft Windows Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability (CVE-2015-2373)
1004949* - Remote Desktop Protocol Vulnerability (CVE-2012-0002)
1005138* - Remote Desktop Protocol Vulnerability (CVE-2012-2526)

Suspicious Client Application Activity
1005067* - Identified Potentially Harmful Client Traffic
1005283* - Identified Potentially Malicious RAT Traffic - I
1005299* - Identified Potentially Malicious RAT Traffic - III
1005300* - Identified Potentially Malicious RAT Traffic - IV
1005473* - Identified Potentially Malicious RAT Traffic - V
1008756* - Identified Potentially Malicious RAT Traffic - VII
1005401* - Identified Suspicious HTTP Traffic
1005294* - TMTR-0004: GHOST RAT HTTP Request

Suspicious Server Application Activity
1005090* - Identified Potentially Harmful Server Traffic

Web Application Common
1009312 - Ghostscript Remote Code Execution Vulnerability (CVE-2018-16509) - 1
1009040* - Identified Directory Traversal Sequence In URI

Web Client Common
1009311 - Ghostscript Remote Code Execution Vulnerability (CVE-2018-16509)

Web Server Apache Tika
1009129 - Apache Tika Chmparser Denial Of Service Vulnerability (CVE-2018-1339)

Windows Services RPC Client DCERPC
1007539* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128) - 1

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

1008670* - Microsoft Windows Security Events - 3

RULE UPDATE: 18-054 (September 25, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1008679* - Identified BADRABBIT Ransomware Propagation Over SMB
1008327* - Identified Server Suspicious SMB Session
1003015* - Microsoft SMB Credential Reflection Vulnerability
1006579* - Microsoft Windows NETLOGON Spoofing Vulnerability (CVE-2015-0005)
1008227* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2017-0147)
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008228* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)
1008306* - Microsoft Windows SMB Remote Code Execution Vulnerability (MS17-010)
1008305* - Microsoft Windows SMBv1 Remote Code Execution Vulnerability
1007432* - Microsoft Windows Server Message Block Memory Corruption Vulnerability (CVE-2015-2474)
1004696* - SMB Request Parsing Vulnerability (CVE-2011-1267)

DCERPC Services - Client
1007494* - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability (CVE-2016-1008)
1008300* - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability Over Network Share (CVE-2017-3013)
1007566* - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-1014)
1004700* - DFS Memory Corruption Vulnerability (CVE-2011-1868)
1006994* - Executable File Download On Network Share Detected
1008328* - Identified Client Suspicious SMB Session
1005857* - Kingsoft Office Path Subversion Arbitrary DLL Injection Code Execution Vulnerability Over Network Share
1006074* - Microsoft Office Chinese Grammar Checking Vulnerability Over Network Share (CVE-2014-1756)
1008284* - Microsoft Office DLL Loading Vulnerability Over Network Share (CVE-2017-0197)
1004730* - Microsoft Visio Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3148)
1008577* - Microsoft Visio OLE DLL Loading Arbitrary Code Execution Vulnerability Over Network Share (CVE-2016-3235)
1007592* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (CVE-2016-0160 and CVE-2016-0148)
1007381* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS15-132)
1007369* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
1007426* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-014)
1006554* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)
1006013* - Microsoft Windows Insecure Binary Loading Vulnerability Over Network Share (CVE-2014-0315)
1008585* - Microsoft Windows LNK Remote Code Execution Over SMB (CVE-2017-8464)
1006292* - Microsoft Windows OLE Remote Code Execution Vulnerability Over SMB
1007531* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128)
1008138* - Microsoft Windows SMB Tree Connect Response Denial Of Service Vulnerability (CVE-2017-0016)
1008915* - Microsoft Windows SMBv3 Denial Of Service Vulnerability (CVE-2018-0833)
1004697* - OLE Automation Underflow Vulnerability ( CVE-2011-0658 )
1003014* - SMB Credential Reflection Vulnerability
1007120* - SMB DLL Injection Exploit Detected
1004692* - SMB Response Parsing Vulnerability (CVE-2011-1268)
1008407* - Skype Insecure Library Loading Vulnerability Over Network Share (CVE-2017-6517)

DNS Client
1007456* - DNS Malformed Response Detected
1008571* - DNS Request To ShadowPad Domain Detection
1008203* - DNSMessenger Malware C&C Traffic Over DNS Protocol
1008204* - DNSMessenger Malware Domain Blocker
1008666* - Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2017-11779)
1009135* - Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2018-8225)

EMC Data Protector Advisor
1008814* - EMC Data Protection Advisor Application Service Static Credentials Authentication Bypass Vulnerability (CVE-2017-8013)

Intel AMT
1008369* - Intel Active Management Technology Escalation Of Privilege (CVE-2017-5689)

Mail Server Common
1009117 - Dovecot 'rfc822_parse_domain' Out Of Bounds Read Vulnerability (CVE-2017-14461)

Microsoft Office
1009075* - Microsoft Excel Multiple Remote Code Execution Vulnerabilities (May-2018)

RTMP Client
1006264* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0549)

Remote Desktop Protocol Client
1009031* - Microsoft Windows CredSSP Remote Code Execution Vulnerability (CVE-2018-0886)

Remote Desktop Protocol Server
1006870* - Microsoft Windows Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability (CVE-2015-2373)
1008307* - Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2017-0176)

Web Application Common
1009272* - Ghostscript '.rsdparams' Type Confusion Vulnerability (CVE-2017-8291) - 1
1008963* - ImageMagick Multiple Security Vulnerabilities (Server) - 16
1008972* - ImageMagick Multiple Security Vulnerabilities (Server) - 20
1008976* - ImageMagick Multiple Security Vulnerabilities (Server) - 22
1008978* - ImageMagick Multiple Security Vulnerabilities (Server) - 24

Web Application PHP Based
1009157* - Joomla Component Ekrishta SQL Injection Vulnerability (CVE-2018-12254)
1009263* - PHP 'exif_process_IFD_in_MAKERNOTE' Buffer Over Read Vulnerability (CVE-2018-14851)
1009261* - PHP 'exif_thumbnail_extract' Heap Overflow Vulnerability (CVE-2018-14883)
1008815* - PHP Heap Based Buffer Overflow Vulnerability (CVE-2017-16642)

Web Client Common
1008866* - Microsoft Windows StructuredQuery Remote Code Execution Vulnerability (CVE-2018-0825)
1009030 - Microsoft Windows Win32k Elevation Of Privilege Vulnerability (CVE-2018-0977)

Web Client Internet Explorer/Edge
1009182* - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8288)

Web Server Miscellaneous
1009298* - SonicWall GMS XML-RPC Remote Code Execution Vulnerability (CVE-2018-9866)

Web Server Oracle
1008898 - Oracle E-Business Suite Open Redirect Vulnerability (CVE-2017-3528)

Windows Services RPC Client DCERPC
1007539* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128) - 1
1007538* - Windows Client Port Mapper Decoder

Windows Services RPC Server DCERPC
1007561* - Identified Windows DCERPC AUTH LEVEL CONNECT Password Validate Request

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-053 (September 21, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Client Common
1009307 - Microsoft JET Database Engine Remote Code Execution Vulnerability (ZDI-CAN-6135)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-052 (September 19, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Client Common
1009302 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-34) - 1

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-051 (September 18, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)
1008123* - Microsoft Windows Local Security Authority Subsystem Service Denial Of Service Vulnerability (CVE-2016-7237)
1006579* - Microsoft Windows NETLOGON Spoofing Vulnerability (CVE-2015-0005)
1008227* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2017-0147)
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008228* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)
1008306* - Microsoft Windows SMB Remote Code Execution Vulnerability (MS17-010)
1008305* - Microsoft Windows SMBv1 Remote Code Execution Vulnerability
1007432* - Microsoft Windows Server Message Block Memory Corruption Vulnerability (CVE-2015-2474)
1007699* - Oracle Job Scheduler Named Pipe Command Execution Vulnerability

DCERPC Services - Client
1007494* - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability (CVE-2016-1008)
1008300* - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability Over Network Share (CVE-2017-3013)
1007566* - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-1014)
1007695* - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-4140)
1006994* - Executable File Download On Network Share Detected
1005857* - Kingsoft Office Path Subversion Arbitrary DLL Injection Code Execution Vulnerability Over Network Share
1007897* - Microsoft Internet Explorer Information Disclosure Vulnerability Over SMB (CVE-2016-3321)
1006074* - Microsoft Office Chinese Grammar Checking Vulnerability Over Network Share (CVE-2014-1756)
1008284* - Microsoft Office DLL Loading Vulnerability Over Network Share (CVE-2017-0197)
1007592* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (CVE-2016-0160 and CVE-2016-0148)
1007381* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS15-132)
1007369* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
1007426* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-014)
1006554* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)
1006013* - Microsoft Windows Insecure Binary Loading Vulnerability Over Network Share (CVE-2014-0315)
1006292* - Microsoft Windows OLE Remote Code Execution Vulnerability Over SMB
1007531* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128)
1008138* - Microsoft Windows SMB Tree Connect Response Denial Of Service Vulnerability (CVE-2017-0016)
1007120* - SMB DLL Injection Exploit Detected

DNS Client
1007456* - DNS Malformed Response Detected
1008203* - DNSMessenger Malware C&C Traffic Over DNS Protocol
1008204* - DNSMessenger Malware Domain Blocker

Port Mapper Windows
1001033* - Windows Port Mapper Decoder

RTMP Client
1006264* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0549)
1006288* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0551)

Remote Desktop Protocol Server
1006870* - Microsoft Windows Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability (CVE-2015-2373)
1008307* - Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2017-0176)

Web Client Common
1009104* - Adobe Acrobat Reader Out Of Bounds Read Vulnerability (CVE-2017-16397)
1009300 - Google Chrome Cross Site Resource Size Estimation Via OnProgress Events Vulnerability (CVE-2018-6177)

Web Server Miscellaneous
1009298 - SonicWall GMS XML-RPC Remote Code Execution Vulnerability (CVE-2018-9866)

Windows Services RPC Client DCERPC
1007539* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128) - 1
1007538* - Windows Client Port Mapper Decoder

Windows Services RPC Server DCERPC
1007561* - Identified Windows DCERPC AUTH LEVEL CONNECT Password Validate Request
1007054* - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected
1007053* - Remote Schedule Task 'Delete' Through SMBv2 Protocol Detected
1007017* - Remote Schedule Task 'Run' Through SMBv2 Protocol Detected
1007068* - Remote Service Execution Through SMBv2 Protocol Detected

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-050 (September 11, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1005140* - Print Spooler Service Format String Vulnerability (CVE-2012-1851)
1004696* - SMB Request Parsing Vulnerability (CVE-2011-1267)

DCERPC Services - Client
1004821* - Active Accessibility Insecure Library Loading Vulnerability (CVE-2011-1247)
1004930* - Adobe Flash Player Remote Security Bypass Vulnerability Over Network Share (CVE-2012-0756)
1004924* - Color Control Panel Insecure Library Loading Vulnerability Over Network Share (CVE-2010-5082)
1004700* - DFS Memory Corruption Vulnerability (CVE-2011-1868)
1004762* - Data Access Components Insecure Library Loading Vulnerability Over Network Share (CVE-2011-1975)
1005261* - Foxit Reader Arbitrary DLL Injection Code Execution Vulnerability Over Network Share
1004926* - Indeo Codec Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3138)
1004878* - Internet Explorer Insecure Library Loading Vulnerability Over Network Share (CVE-2011-2019)
1004946* - Microsoft Expression Design Insecure Library Loading Vulnerability Over Network Share (CVE-2012-0016)
1005050* - Microsoft Lync Insecure Library Loading Vulnerability Over Network Share (CVE-2012-1849)
1004730* - Microsoft Visio Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3148)
1005080* - Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability Over Network Share (CVE-2012-1854)
1005281* - Microsoft Windows Briefcase Integer Overflow Vulnerability Over Network Share (CVE-2012-1528)
1005280* - Microsoft Windows Briefcase Integer Underflow Vulnerability Over Network Share (CVE-2012-1527)
1004697* - OLE Automation Underflow Vulnerability ( CVE-2011-0658 )
1004897* - Object Packager Insecure Executable Launching Vulnerability Over Network Share (CVE-2012-0009)
1004741* - Oracle Java JRE Insecure Executable Loading Vulnerability Over Network Share
1004877* - PowerPoint Insecure Library Loading Vulnerability Over Network Share (CVE-2011-3396)
1005153* - Print Spooler Service Format String Vulnerability (CVE-2012-1851) II
1005139* - Remote Administration Protocol Denial Of Service Vulnerability (CVE-2012-1850)
1005142* - Remote Administration Protocol Stack Overflow Vulnerability
1004692* - SMB Response Parsing Vulnerability (CVE-2011-1268)
1004775* - Telnet Handler Remote Code Execution Vulnerability Over Network Share (CVE-2011-1961)
1005081* - Vulnerability In Windows Shell Could Allow Remote Code Execution (CVE-2012-0175)
1004797* - Windows Components Insecure Library Loading Vulnerability Over Network Share (CVE-2011-1991)
1004843* - Windows Mail Insecure Library Loading Vulnerability Over Network Share (CVE-2011-2016)

Database IBM DB2
1003956* - IBM DB2 kuddb2 DoS

EMC Data Protector Advisor
1008814 - EMC Data Protection Advisor Application Service Static Credentials Authentication Bypass Vulnerability (CVE-2017-8013)

RTMP Client
1005000* - Adobe Flash Player Object Confusion Vulnerability (CVE-2012-0779)
1005456* - Adobe Flash Player Remote Arbitrary Code Execution Vulnerability (CVE-2013-2555)

Remote Desktop Protocol Server
1004949* - Remote Desktop Protocol Vulnerability (CVE-2012-0002)
1005138* - Remote Desktop Protocol Vulnerability (CVE-2012-2526)

Suspicious Client Ransomware Activity
1007706* - Ransomware Network Traffic - 3

Symantec Alert Management System
1003488* - Multiple Symantec Products Intel Common Base Agent Remote Command Execution Vulnerability

Web Application Common
1009272 - Ghostscript '.rsdparams' Type Confusion Vulnerability (CVE-2017-8291) - 1

Web Application PHP Based
1006432* - WordPress Slider Revolution Responsive/Showbiz Pro Responsive Teaser Multiple Security Bypass Vulnerabilities (CVE-2014-9735)

Web Client Common
1009271 - Ghostscript '.rsdparams' Type Confusion Vulnerability (CVE-2017-8291)
1009280 - Microsoft Windows Kernel Information Disclosure Vulnerability (CVE-2018-8442)
1009279 - Microsoft Windows MSXML Remote Code Execution Vulnerability (CVE-2018-8420)
1009290 - Microsoft Windows Multiple Security Vulnerabilities (Sep-2018)
1009293 - Microsoft Windows Remote Code Execution Vulnerability (CVE-2018-8475)
1009270* - Microsoft Windows Task Scheduler ALPC Privilege Escalation Vulnerability (CVE-2018-8440)

Web Client Internet Explorer/Edge
1009276 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8367)
1009277 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8391)
1009287 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8466)
1009288 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8467)
1009286 - Microsoft Edge PDF Remote Code Execution Vulnerability (CVE-2018-8464)
1009283 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8456)
1009284 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8459)
1009281 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8447)
1009285 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8461)
1009289 - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2018-8470)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-049 (September 4, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1002937* - Integer Overflow In IPP Service Vulnerability
1003824* - License Logging Server Heap Overflow Vulnerability
1004600* - Microsoft Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability
1002931* - Microsoft Windows SMB Buffer Underflow Vulnerability
1000972* - Microsoft Windows svcctl ChangeServiceConfig2A() Memory Corruption Vulnerability
1003564* - Print Spooler Load Library Vulnerability
1004401* - Print Spooler Service Impersonation Vulnerability
1003985* - SMB Memory Corruption Vulnerability
1003984* - SMB NTLM Authentication Lack Of Entropy Vulnerability
1003979* - SMB Null Pointer Vulnerability
1003978* - SMB Pathname Overflow Vulnerability
1004346* - SMB Pool Overflow Vulnerability
1004355* - SMB Stack Exhaustion Vulnerability
1004641* - SMB Transaction Parsing Vulnerability (CVE-2011-0661)
1004348* - SMB Variable Validation Vulnerability
1003761* - SMBv2 Infinite Loop Vulnerability
1002975* - Server Service Vulnerability (wkssvc)
1004542* - Windows Netlogon Service Denial Of Service (CVE-2010-2742)
1003712* - Windows Vista SMB2.0 Negotiate Protocol Request Remote Code Execution

DCERPC Services - Client
1004566* - Identified Suspicious Microsoft DLL File Over Network Share
1004304* - Identified Suspicious Microsoft Windows Shortcut File Over Network Share
1004563* - Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Buffer Overflow Vulnerability Over Network Share
1003832* - Microsoft Windows 'KeAccumulateTicks()' SMB2 Packet Remote Denial Of Service Vulnerability
1004053* - Microsoft Windows CHM Notepad Remote Code Execution
1004094* - SMB Client Memory Allocation Vulnerability
1004100* - SMB Client Message Size Vulnerability
1003973* - SMB Client Pool Corruption Vulnerability
1003980* - SMB Client Race Condition Vulnerability
1004096* - SMB Client Response Parsing Vulnerability
1004637* - SMB Client Response Parsing Vulnerability (CVE-2011-0660)
1004095* - SMB Client Transaction Vulnerability

DHCP Client
1000861* - Microsoft Windows DHCP Client Service Remote Code Execution

DNS Client
1002537* - Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability
1002358* - Adobe Multiple Products PDF JavaScript Method Buffer Overflow
1003328* - Disallow Intra-Site Automatic Tunnel Addressing Protocol
1003189* - Malware AGENT.BTZ Domain Blocker
1000468* - Microsoft Word Malformed Object Pointer Remote Code Execution
1003133* - Pointer Reference Memory Corruption Vulnerability Domain Blocker

Database Oracle
1009179* - Oracle Database Server 'ORACLE.EXE' Buffer Overflow Vulnerability (CVE-2003-0095)
1000407* - Oracle Database Server Buffer Overflow In Interval And Timestamp Functions

ISC DHCP OMAPI
1008902* - Identified Too Many DHCP OMAPI Connections

Microsoft Office
1009173 - Microsoft Excel Information Disclosure Vulnerability (CVE-2018-8163)

Web Application Common
1008959* - ImageMagick Multiple Security Vulnerabilities (Server) - 13
1008963 - ImageMagick Multiple Security Vulnerabilities (Server) - 16
1008972 - ImageMagick Multiple Security Vulnerabilities (Server) - 20
1008976 - ImageMagick Multiple Security Vulnerabilities (Server) - 22
1008978 - ImageMagick Multiple Security Vulnerabilities (Server) - 24

Web Application PHP Based
1009157 - Joomla Component Ekrishta SQL Injection Vulnerability (CVE-2018-12254)
1009263 - PHP 'exif_process_IFD_in_MAKERNOTE' Buffer Over Read Vulnerability (CVE-2018-14851)
1009261 - PHP 'exif_thumbnail_extract' Heap Overflow Vulnerability (CVE-2018-14883)
1008815 - PHP Heap Based Buffer Overflow Vulnerability (CVE-2017-16642)

Web Client Common
1008960 - ImageMagick Multiple Security Vulnerabilities (Client) - 16
1008971 - ImageMagick Multiple Security Vulnerabilities (Client) - 20
1008975 - ImageMagick Multiple Security Vulnerabilities (Client) - 22
1008977 - ImageMagick Multiple Security Vulnerabilities (Client) - 24

Web Server Common
1007185* - Java Unserialize Remote Code Execution Vulnerability

Web Server Miscellaneous
1009265* - Apache Struts OGNL Expression Remote Command Execution Vulnerability (CVE-2018-11776)

Windows Services RPC Server DCERPC
1003766* - Local Security Authority Subsystem Service Integer Overflow Vulnerability

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-048 (August 29, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Client Common
1009270 - Microsoft Windows Task Scheduler ALPC Privilege Escalation Vulnerability

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

Featured Stories

View All

$hacker machine interface$
The State of SCADA HMI Vulnerabilities
A complete discussion of the different vulnerability categories, including case studies of vulnerable SCADA HMIs. The paper also provides a guide for vulnerability researchers, as well as vendors on quick and efficient bug discovery.
Read more
Rogue Robots: Testing the Limits of an Industrial Robot’s Security
The modern world relies heavily on industrial robots. But is the current robotics ecosystem secure enough to withstand a cyber attack?
Read more
$two years of pawn storm$
From Espionage to Cyber Propaganda: Pawn Storm's Activities over the Past Two Years
This paper takes a look at Pawn Storm's operations within the last two years, and how the group has expanded their activities from espionage to the use of cyber propaganda tactics.
Read more
$securing home routers$
Securing Your Routers Against Mirai and Other Home Network Attacks
Cybercriminals can turn unsecure home routers into slaves for their botnets or even abuse them to steal banking credentials. Know about your router’s hidden weaknesses and the many ways you can defend your homes and businesses against these threats.
Read more