Rule Update

16-028 (September 27, 2016)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1007598* - Identified Possible Ransomware File Rename Activity Over Network Share


Microsoft Office
1002929* - Microsoft Excel Calendar Object Validation Vulnerability
1007887* - Microsoft Graphics Component Memory Corruption Vulnerability (CVE-2016-3318)
1007884* - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3313)


NFS Server
1003401* - Disallow Device Node Creation Over NFS


OpenSSL
1007970 - OpenSSL OCSP Status Request Denial Of Service Vulnerability (CVE-2016-6304)


Web Application Common
1007518* - Identified Reflected File Download Attack


Web Application PHP Based
1007948* - Drupal RESTWS Module Page Callback Remote Code Execution Vulnerability
1007459* - Drupal XRDS Document Denial Of Service Vulnerability (CVE-2014-5267)
1007254* - PHP SplDoublyLinkedList Use After Free Vulnerability
1007252* - PHP jui_filter_rule Parsing Library Remote Code Execution Vulnerability


Web Application Ruby Based
1007530* - Ruby On Rails Action View Remote Code Execution Vulnerability (CVE-2016-0752)


Web Client Common
1007965 - Adobe Acrobat And Reader FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (APSB16-26) - 1
1007966 - Adobe Acrobat And Reader FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (APSB16-26) - 2
1007967 - Adobe Acrobat And Reader Font Stream Parsing Multiple Out-Of-Bounds Read Information Disclosure Vulnerability (APSB16-26) - 3
1007806 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2016-1103)
1007803 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1099)
1007804 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1100)
1007805 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-1102)
1007808 - Adobe Flash Player Type Confusion Vulnerability (CVE-2016-1105)
1007565* - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1013)
1007802 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1097)
1007809 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1106)
1007810 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-1109)
1007758* - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4227)
1007880* - Microsoft PDF Remote Code Execution Vulnerability (CVE-2016-3319)
1007936* - Microsoft Windows Elevation Of Privilege Vulnerability (CVE-2016-3373)
1007881* - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3301)
1007883* - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3304)
1007951 - Microsoft XML Core Services XMLHttpRequest 'SetCookie2' Header Information Disclosure Vulnerability
1005924* - Restrict Download Of EICAR Test File Over HTTP


Web Client Internet Explorer/Edge
1007615* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0191)
1007878* - Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3326)
1007428* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-0059)
1007896* - Microsoft Internet Explorer Information Disclosure Vulnerability Over WebDAV (CVE-2016-3321)
1007613* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0189)


Web Server Common
1007872* - HTTP Proxy Header Injection Vulnerabilities
1007185* - Java Unserialize Remote Code Execution Vulnerability
1007914* - Symfony Security Component Denial Of Service Vulnerability


Web Server Miscellaneous
1007646* - Apache Struts JRE URLDecoder Cross-Site Scripting Vulnerability (CVE-2016-4003)
1007737* - Apache Struts Url Validator Denial Of Service Vulnerability (CVE-2016-4465)
1005221* - Identified Suspicious Novell ZENworks Asset Management rtrlet Component Authentication Bypass


Windows Services RPC Client
1007913 - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
1007912 - Identified Possible Ransomware File Rename Activity Over Network Share - Client


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.