Rule Update
19-054 (29 Oktober 2019)
Publish Date: 29 Oktober 2019
Beschreibung
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1009703 - Identified Domain-Level Groups/Accounts Enumeration Over SMB (ATT&CK T1069, T1087, T1018)
Remote Desktop Protocol Server
1009562 - Identified Remote Desktop Protocol (RDP) Brute Force Attempt (ATT&CK T1076)
Trend Micro OfficeScan
1010041 - Trend Micro ApexOne And OfficeScan Directory Traversal Vulnerability (CVE-2019-18189)
1010040 - Trend Micro ApexOne Command Injection Vulnerability (CVE-2019-18188)
1010039 - Trend Micro OfficeScan Directory Traversal Vulnerability (CVE-2019-18187)
Web Application Common
1010013 - Identified Encoded PowerShell Script Execution on Server
1010035* - PHP EXIF Uninitialized Read Vulnerability (CVE-2019-9640)
1010037 - PHP Out Of Bounds Read Vulnerability (CVE-2018-20783)
1010036 - SDCMS Remote Code Execution Vulnerability (CVE-2018-19520)
Web Server Common
1010044 - PHP Unauthenticated Remote Code Execution Vulnerability (CVE-2019-11043)
Webmin
1010043 - Webmin Unauthenticated Remote Code Execution Vulnerability (CVE-2019-15107)
Windows Remote Management
1009894 - Identified Usage Of Windows Remote Management (ATT&CK T1028)
Windows Services RPC Server DCERPC
1009892 - Identified Domain-Level Credentials Dumping Over DCERPC (ATT&CK T1003)
1009615 - Identified Initialization Of WMI - Server (ATT&CK T1047)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1009703 - Identified Domain-Level Groups/Accounts Enumeration Over SMB (ATT&CK T1069, T1087, T1018)
Remote Desktop Protocol Server
1009562 - Identified Remote Desktop Protocol (RDP) Brute Force Attempt (ATT&CK T1076)
Trend Micro OfficeScan
1010041 - Trend Micro ApexOne And OfficeScan Directory Traversal Vulnerability (CVE-2019-18189)
1010040 - Trend Micro ApexOne Command Injection Vulnerability (CVE-2019-18188)
1010039 - Trend Micro OfficeScan Directory Traversal Vulnerability (CVE-2019-18187)
Web Application Common
1010013 - Identified Encoded PowerShell Script Execution on Server
1010035* - PHP EXIF Uninitialized Read Vulnerability (CVE-2019-9640)
1010037 - PHP Out Of Bounds Read Vulnerability (CVE-2018-20783)
1010036 - SDCMS Remote Code Execution Vulnerability (CVE-2018-19520)
Web Server Common
1010044 - PHP Unauthenticated Remote Code Execution Vulnerability (CVE-2019-11043)
Webmin
1010043 - Webmin Unauthenticated Remote Code Execution Vulnerability (CVE-2019-15107)
Windows Remote Management
1009894 - Identified Usage Of Windows Remote Management (ATT&CK T1028)
Windows Services RPC Server DCERPC
1009892 - Identified Domain-Level Credentials Dumping Over DCERPC (ATT&CK T1003)
1009615 - Identified Initialization Of WMI - Server (ATT&CK T1047)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.