Rule Update
16-023 (August 9, 2016)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
HP OpenView Network Node Manager Web
1003602* - HP OpenView Network Node Manager rping Stack Buffer Overflow
Microsoft Office
1007887 - Microsoft Graphics Component Memory Corruption Vulnerability (CVE-2016-3318)
1007884 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3313)
1007885 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3316)
1007886 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3317)
OpenSSL Client
1006546* - OpenSSL ECDHE Downgrade Vulnerability (CVE-2014-3572)
Suspicious Client Ransomware Activity
1007704 - Ransomware Bucbi
1007706 - Ransomware CRIPTODC
1007705 - Ransomware Crilock
1007707 - Ransomware Crypshed
1007708 - Ransomware Democry
1007709 - Ransomware MadLocker
1007710 - Ransomware SNSLocker
1007711 - Ransomware XORBAT
1007712 - Ransomware Zcrypt
Web Application PHP Based
1007459 - Drupal XRDS Document Denial Of Service Vulnerability (CVE-2014-5267)
1007252 - PHP jui_filter_rule Parsing Library Remote Code Execution Vulnerability
Web Application Ruby Based
1007530 - Ruby On Rails Action View Remote Code Execution Vulnerability (CVE-2016-0752)
Web Client Common
1007811 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4108)
1007880 - Microsoft PDF Remote Code Execution Vulnerability (CVE-2016-3319)
1007881 - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3301)
1007882 - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3303)
1007883 - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3304)
Web Client Internet Explorer/Edge
1007726* - Microsoft Edge Security Feature Bypass Vulnerability (CVE-2016-3244)
1007878 - Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3326)
1007879 - Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3327)
1007874 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3289)
1007876 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3293)
1007877 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3322)
1007896 - Microsoft Internet Explorer Information Disclosure Vulnerability Over WebDAV (CVE-2016-3321)
1007873 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3288)
1007875 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3290)
Web Server Common
1007872 - HTTP Proxy Header Injection Vulnerabilities
Web Server Miscellaneous
1007737 - Apache Struts Url Validator Denial Of Service Vulnerability (CVE-2016-4465)
Windows Services RPC Client
1007566* - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-1014)
1007897 - Microsoft Internet Explorer Information Disclosure Vulnerability Over SMB (CVE-2016-3321)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
HP OpenView Network Node Manager Web
1003602* - HP OpenView Network Node Manager rping Stack Buffer Overflow
Microsoft Office
1007887 - Microsoft Graphics Component Memory Corruption Vulnerability (CVE-2016-3318)
1007884 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3313)
1007885 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3316)
1007886 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3317)
OpenSSL Client
1006546* - OpenSSL ECDHE Downgrade Vulnerability (CVE-2014-3572)
Suspicious Client Ransomware Activity
1007704 - Ransomware Bucbi
1007706 - Ransomware CRIPTODC
1007705 - Ransomware Crilock
1007707 - Ransomware Crypshed
1007708 - Ransomware Democry
1007709 - Ransomware MadLocker
1007710 - Ransomware SNSLocker
1007711 - Ransomware XORBAT
1007712 - Ransomware Zcrypt
Web Application PHP Based
1007459 - Drupal XRDS Document Denial Of Service Vulnerability (CVE-2014-5267)
1007252 - PHP jui_filter_rule Parsing Library Remote Code Execution Vulnerability
Web Application Ruby Based
1007530 - Ruby On Rails Action View Remote Code Execution Vulnerability (CVE-2016-0752)
Web Client Common
1007811 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4108)
1007880 - Microsoft PDF Remote Code Execution Vulnerability (CVE-2016-3319)
1007881 - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3301)
1007882 - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3303)
1007883 - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3304)
Web Client Internet Explorer/Edge
1007726* - Microsoft Edge Security Feature Bypass Vulnerability (CVE-2016-3244)
1007878 - Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3326)
1007879 - Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3327)
1007874 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3289)
1007876 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3293)
1007877 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3322)
1007896 - Microsoft Internet Explorer Information Disclosure Vulnerability Over WebDAV (CVE-2016-3321)
1007873 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3288)
1007875 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3290)
Web Server Common
1007872 - HTTP Proxy Header Injection Vulnerabilities
Web Server Miscellaneous
1007737 - Apache Struts Url Validator Denial Of Service Vulnerability (CVE-2016-4465)
Windows Services RPC Client
1007566* - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-1014)
1007897 - Microsoft Internet Explorer Information Disclosure Vulnerability Over SMB (CVE-2016-3321)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.