Rule Update
16-031 (October 18, 2016)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
DNS Client
1007425 - ISC BIND OpenPGP Key Handler Denial Of Service Vulnerability (CVE-2015-5986)
1007465 - ISC BIND Response Handler Denial Of Service Vulnerability (CVE-2015-8000)
Microsoft Office
1007667* - Microsoft Office Information Disclosure Vulnerability (CVE-2016-3234)
1007617* - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0126)
1007885* - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3316)
Remote Desktop Protocol Server
1007969 - Identified Suspicious Remote Desktop Protocol (RDP) Brute Force Attempt
Web Client Common
1007998 - Adobe Acrobat And Reader Multiple Memory Corruption Vulnerabilities (APSB16-33) - 1
1007997 - Adobe Acrobat And Reader Multiple Memory Corruption Vulnerabilities (APSB16-33) - 2
1007999 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB16-33) - 1
1008000 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB16-33) - 2
1007678* - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2016-4138)
1007996 - Adobe Flash Player Multiple Security Vulnerabilities (APSB16-32)
1006391* - Identified Suspicious Obfuscated JavaScript - 1
1007929* - Microsoft PDF Library Remote Code Execution Vulnerability (CVE-2016-3370)
1007975* - Microsoft Windows Multiple Security Vulnerabilities (MS16-123)
Web Client Internet Explorer/Edge
1007529 - Cumulative Security Update Of ActiveX Kill Bits - January 2016
1007926* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3294)
1007921* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3295)
1007928* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3324)
Web Server Common
1005434* - Disallow Upload Of A PHP File
1007185* - Java Unserialize Remote Code Execution Vulnerability
Windows Services RPC Client
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
DNS Client
1007425 - ISC BIND OpenPGP Key Handler Denial Of Service Vulnerability (CVE-2015-5986)
1007465 - ISC BIND Response Handler Denial Of Service Vulnerability (CVE-2015-8000)
Microsoft Office
1007667* - Microsoft Office Information Disclosure Vulnerability (CVE-2016-3234)
1007617* - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0126)
1007885* - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3316)
Remote Desktop Protocol Server
1007969 - Identified Suspicious Remote Desktop Protocol (RDP) Brute Force Attempt
Web Client Common
1007998 - Adobe Acrobat And Reader Multiple Memory Corruption Vulnerabilities (APSB16-33) - 1
1007997 - Adobe Acrobat And Reader Multiple Memory Corruption Vulnerabilities (APSB16-33) - 2
1007999 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB16-33) - 1
1008000 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB16-33) - 2
1007678* - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2016-4138)
1007996 - Adobe Flash Player Multiple Security Vulnerabilities (APSB16-32)
1006391* - Identified Suspicious Obfuscated JavaScript - 1
1007929* - Microsoft PDF Library Remote Code Execution Vulnerability (CVE-2016-3370)
1007975* - Microsoft Windows Multiple Security Vulnerabilities (MS16-123)
Web Client Internet Explorer/Edge
1007529 - Cumulative Security Update Of ActiveX Kill Bits - January 2016
1007926* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3294)
1007921* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3295)
1007928* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3324)
Web Server Common
1005434* - Disallow Upload Of A PHP File
1007185* - Java Unserialize Remote Code Execution Vulnerability
Windows Services RPC Client
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.