Cloud One Workload Security and Deep Security Updates

  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1006906* - Identified Usage Of PsExec Command Line Tool


    DNS Server
    1004747* - DNS Invalid Compression Denial Of Service


    FTP Server Common
    1008463 - Core FTP Server Heap Overflow Vulnerability


    Kerberos KDC Server
    1008475 - MIT Kerberos TGS RequestHandler Denial Of Service Vulnerability (CVE-2015-2697)


    Unix SSH
    1008515 - OpenSSH KEXINIT Denial Of Service Vulnerability (CVE-2016-8858)


    Web Client Common
    1008412 - FFmpeg mov_read_keys Integer Overflow Vulnerability (CVE-2016-5199)
    1008471 - Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
    1008517 - Google Chrome Array IndexOf Out-Of-Bounds Access Remote Code Execution Vulnerability (CVE-2017-5053)
    1008521 - Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2017-0291)


    Web Client Internet Explorer/Edge
    1004986* - Dell Webcam Central CrazyTalk4 ActiveX Control Buffer Overflow Vulnerability


    Integrity Monitoring Rules:

    1002776* - Microsoft Windows - Startup Programs Modified


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    BIND RNDC
    1008321* - ISC BIND Remote Denial Of Service Vulnerability (CVE-2017-3138)


    DCERPC Services
    1008227* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2017-0147)


    HP Intelligent Management Center (IMC)
    1008469 - HPE Intelligent Management Center CommonUtils ZIP Directory Traversal Vulnerability (CVE-2017-5793)


    Unix RPC Services
    1008433* - Solaris Calendar Manager Service Daemon (rpc.cmsd) Remote Code Execution Vulnerability


    VoIP Soft Phones
    1008430 - Asterisk Long Contact URIs REGISTER Requests Denial Of Service Vulnerability


    Web Application Common
    1008451* - ImageMagick 'MagickCore/blob.c' ReadOneJNGImage Assertion Vulnerability (CVE-2017-9142) - 1
    1008450* - ImageMagick 'MagickCore/profile.c' ReadDDSImage Assertion Vulnerability (CVE-2017-9141) - 1
    1008415 - ImageMagick 'pict.c' Denial Of Service Vulnerability (CVE-2017-8353)
    1008449* - ImageMagick ART File 'coders/art.c' ReadARTImage Denial Of Service Vulnerability (CVE-2017-9143) - 1
    1008496 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9407) - 1
    1008499 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9439) - 1
    1008500 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9440) - 1
    1008418 - ImageMagick Memory Corruption Vulnerability (CVE-2016-8862)


    Web Application PHP Based
    1008409 - PHP exif_process_IFD_in_TIFF Function Memory Leak Vulnerability (CVE-2016-7128)


    Web Client Common
    1008474 - Foxit Reader Safe Mode Bypass Information Disclosure Vulnerability
    1008416 - ImageMagick 'pict.c' Denial Of Service Vulnerability (CVE-2017-8353) - 1
    1008497 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9407)
    1008498 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9439)
    1008501 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9440)
    1008419 - ImageMagick Memory Corruption Vulnerability (CVE-2016-8862) - 1
    1008476 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability (CVE-2017-8558)
    1008504 - Microsoft Windows System Information Console Information Disclosure Vulnerability (CVE-2017-8557)


    Web Client Mozilla Firefox
    1008325 - Mozilla Firefox createImageBitmap Integer Overflow (CVE-2017-5428)


    Web Server HTTPS
    1008293* - Trend Micro Control Manager Download Multiple Directory Traversal Information Disclosure Vulnerabilities


    Web Server Miscellaneous
    1008491 - Apache Struts Security Bypass Vulnerability (CVE-2016-4436)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1008227* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0147)


    DNS Client
    1008495 - systemd Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2017-9445)
    1008502 - systemd Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2017-9445) -1


    Suspicious Server Application Activity
    1008492 - Identified SambaShell C&C Traffic


    Web Application Common
    1008192 - Identified Directory Traversal Sequence In Multipart HTTP Requests


    Web Client Common
    1008494 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-21)
    1008503 - Cisco WebEx Browser Extension Remote Code Execution Vulnerability (CVE-2017-6753)
    1008470 - Microsoft Windows Multiple Security Vulnerabilities (June-2017)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Apache OpenMeetings
    1008267* - Apache OpenMeetings ZIP File Path Traversal Vulnerability (CVE-2016-0784)


    DCERPC Services
    1008432* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2017-0267)
    1008445* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8543)


    DHCP Client
    1004653* - ISC DHCP 'dhclient' Shell Characters In Response Remote Code Execution Vulnerability


    HP Intelligent Management Center (IMC)
    1008379* - HP Intelligent Management Center Service Information Disclosure Vulnerability (CVE-2017-5797)


    Microsoft Office
    1004312* - Identified Suspicious Microsoft Word Document
    1008340* - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0243)


    Port Mapper Windows
    1001033* - Windows Port Mapper Decoder


    Web Application Common
    1008451 - ImageMagick 'MagickCore/blob.c' ReadOneJNGImage Assertion Vulnerability (CVE-2017-9142) - 1
    1008450 - ImageMagick 'MagickCore/profile.c' ReadDDSImage Assertion Vulnerability (CVE-2017-9141) - 1
    1008449 - ImageMagick ART File 'coders/art.c' ReadARTImage Denial Of Service Vulnerability (CVE-2017-9143) - 1
    1008427* - ImageMagick Denial Of Service Vulnerability (CVE-2017-8346) - 1
    1008383* - ImageMagick Heap Buffer Overflow Vulnerability (CVE-2016-9556)
    1008388* - ImageMagick Use After Free Denial Of Service Vulnerability (CVE-2016-7906)


    Web Client Common
    1008387 - Foxit Reader ConvertToPDF TIFF Parsing Out Of Bounds Write Remote Code Execution Vulnerability
    1008401 - Foxit Reader FlateDecode Use After Free Remote Code Execution Vulnerability
    1008417 - Foxit Reader Stack Buffer Overflow Vulnerability
    1008425 - ImageMagick 'MagickCore/blob.c' ReadOneJNGImage Assertion Vulnerability (CVE-2017-9142)
    1008424 - ImageMagick 'MagickCore/profile.c' ReadDDSImage Assertion Vulnerability (CVE-2017-9141)
    1008426 - ImageMagick ART File 'coders/art.c' ReadARTImage Denial Of Service Vulnerability (CVE-2017-9143)
    1008377 - Microsoft Windows Media Format Remote Code Execution Vulnerability (CVE-2007-0064)
    1008489 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (July-2017)
    1008481 - Microsoft Windows Security Feature Bypass Vulnerability (CVE-2017-8592)
    1008452 - Oracle Java Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2016-3443)
    1008457* - Ransomware Erebus


    Web Client Internet Explorer/Edge
    1008439* - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8496)
    1008486 - Microsoft Edge Remote Code Execution Vulnerability (CVE-2017-8617)
    1008483 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8598)
    1008484 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8601)
    1008485 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8605)
    1008487 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8619)
    1008482 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-8594)
    1008488 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-8618)


    Web Server HTTPS
    1008293 - Trend Micro Control Manager Download Multiple Directory Traversal Information Disclosure Vulnerabilities


    Windows Services RPC Server DCERPC
    1008479 - Identified Usage Of WMI Execute Methods - Server


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Server Miscellaneous
    1008490 - Apache Struts2 Struts 1 Plugin Showcase Remote Code Execution Vulnerability (CVE-2017-9791)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    BIND RNDC
    1008321 - ISC BIND Remote Denial Of Service Vulnerability (CVE-2017-3138)


    DCERPC Services
    1008179* - Restrict File Extensions For Rename Activity Over Network Share
    1003712* - Windows Vista SMB2.0 Negotiate Protocol Request Remote Code Execution


    Instant Messenger Applications
    1002466* - ICQ


    Suspicious Client Ransomware Activity
    1007602* - Ransomware Locky


    Unix RPC Services
    1008433 - Solaris Calendar Manager Service Daemon (rpc.cmsd) Remote Code Execution Vulnerability


    Web Application Common
    1008427* - ImageMagick Denial Of Service Vulnerability (CVE-2017-8346) - 1


    Web Client Common
    1008398 - Adobe Reader DC JPEG2000 Parsing Out Of Bounds Read Information Disclosure Vulnerability (CVE-2016-7854)
    1008393 - Foxit Reader ConvertToPDF BMP Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
    1008394 - Foxit Reader ConvertToPDF BMP Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    1008404 - Foxit Reader ConvertToPDF GIF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    1008429 - Foxit Reader JBig2 Parser Information Disclosure Vulnerability (CVE-2016-8334)
    1008461* - Microsoft Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0285)
    1008285* - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)
    1008295* - Restrict Microsoft Word RTF File With Embedded OLE2link Object


    Windows Services RPC Client DCERPC
    1008477 - Identified Usage Of WMI Execute Methods - Client


    Integrity Monitoring Rules:

    1005195* - Microsoft Windows - Log File Attributes Changes Detected
    1005193* - Unix - Log File Attributes Changes Detected


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Apache OpenMeetings
    1008267 - Apache OpenMeetings ZIP File Path Traversal Vulnerability (CVE-2016-0784)


    DCERPC Services
    1008432 - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2017-0267)
    1008468 - Microsoft Windows SMBv1 Information Disclosure Vulnerability (CVE-2017-0271)


    Unix Samba
    1008420* - Samba Shared Library Remote Code Execution Vulnerability (CVE-2017-7494)


    Web Application Common
    1008383 - ImageMagick Heap Buffer Overflow Vulnerability (CVE-2016-9556)
    1008388 - ImageMagick Use After Free Denial Of Service Vulnerability (CVE-2016-7906)


    Web Application Tomcat
    1006107* - Apache Tomcat Chunk Request Remote Denial Of Service Vulnerability


    Web Client Common
    1008304* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 2
    1008406 - Adobe Reader DC Graphics State Dictionary Double Free Remote Code Execution Vulnerability (CVE-2016-1111)
    1008400 - Foxit Reader ConvertToPDF TIFF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
    1008403 - Foxit Reader ExportData Restrictions Bypass Remote Code Execution Vulnerability
    1008402 - Foxit Reader FlateDecode Use-After-Free Remote Code Execution Vulnerability
    1008405 - Foxit Reader JPEG Parsing Out Of Bounds Read Information Disclosure Vulnerability
    1008413 - Foxit Reader JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
    1008395 - Foxit Reader JPEG2000 Parsing Out Of Bounds Write Remote Code Execution Vulnerability
    1008396 - Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
    1008414 - Foxit Reader Pattern Uninitialized Pointer Remote Code Execution Vulnerability
    1008386 - Foxit Reader TIFF Parsing Out Of Bounds Write Remote Code Execution Vulnerability
    1008384 - ImageMagick Heap Buffer Overflow Vulnerability (CVE-2016-9556) - 1
    1008389 - ImageMagick Use After Free Denial Of Service Vulnerability (CVE-2016-7906) - 1
    1008381 - Microsoft Windows Media Format ASF Parsing Vulnerability (CVE-2006-4702)


    Web Client Internet Explorer/Edge
    1008399 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0093)
    1008209* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0130)
    1008374 - Microsoft XML Memory Corruption Vulnerability (CVE-2007-0099)


    Integrity Monitoring Rules:

    1002770* - Unix - File Attributes Changes In /usr/bin And /usr/sbin Locations
    1008464 - Unix - File Attributes Changes In /usr/etc, /usr/lib, /usr/lib64, /usr/libexec And /usr/local Locations


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DNS Server
    1008332* - Microsoft DNS Server Denial Of Service Vulnerability (CVE-2017-0171)


    Database MySQL
    1008330* - MySQL Denial Of Service Vulnerability (CVE-2017-3599)


    HP Intelligent Management Center (IMC)
    1008329* - HP Intelligent Management Center RedirectServlet 'parafile' Directory Traversal Vulnerability
    1008379 - HP Intelligent Management Center Service Information Disclosure Vulnerability (CVE-2017-5797)
    1008296* - HP Intelligent Management Center UrlAccessController Filter Authentication Bypass Vulnerability


    Mail Server Lotus Domino
    1008310* - IBM Lotus Domino Server Stack Buffer Overflow Vulnerability (CVE-2017-1274)


    OpenSSL
    1008270* - OpenSSL ChaCha20/Poly1305 Cipher Suite Heap Buffer Overflow Vulnerability (CVE-2016-7054)


    Unix RPC Services
    1008371* - rpcbind Remote Denial Of Service Vulnerability (CVE-2017-8779)


    Web Application PHP Based
    1008391* - PHPMailer Remote Code Execution Vulnerability
    1008411* - WordPress Tracking Code Manager Plugin Denial Of Service Vulnerability


    Web Client Common
    1008456 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-17)
    1008462 - Google Chrome V8 Private Property Arbitrary Code Execution Vulnerability (CVE-2016-9651)
    1008460 - Microsoft Windows Graphics Information Disclosure Vulnerability (CVE-2017-8532)
    1008461 - Microsoft Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0285)
    1008458 - VideoLAN VLC Heap Based Buffer Overflow Vulnerability (CVE-2017-8311)


    Web Server Oracle
    1008378 - Oracle WebLogic Server Untrusted Data Deserialization Vulnerability (CVE-2017-3248)


    Web Server Squid
    1005303* - Squid 'cachemgr.cgi' Remote Denial Of Service Vulnerability


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1008445 - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8543)


    Suspicious Client Ransomware Activity
    1008457 - Ransomware Erebus


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Microsoft Office
    1008441 - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8509)
    1008442 - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8510)


    Web Application Common
    1008427 - ImageMagick Denial Of Service Vulnerability (CVE-2017-8346) - 1


    Web Client Common
    1008428 - ImageMagick Denial Of Service Vulnerability (CVE-2017-8346)
    1008434 - Microsoft Device Guard Code Integrity Policy Security Feature Bypass Vulnerability (CVE-2017-0215)
    1008435 - Microsoft Windows LNK Remote Code Execution Vulnerability (CVE-2017-8464)
    1008448 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (June-2017)


    Web Client Internet Explorer/Edge
    1008439 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8496)
    1008440 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8497)
    1008444 - Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2017-8529)
    1008443 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8524)
    1008446 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-8547)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1003835* - Web Server - Microsoft IIS Server Security