Rule Update

16-031 (October 18, 2016)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share


DNS Client
1007425 - ISC BIND OpenPGP Key Handler Denial Of Service Vulnerability (CVE-2015-5986)
1007465 - ISC BIND Response Handler Denial Of Service Vulnerability (CVE-2015-8000)


Microsoft Office
1007667* - Microsoft Office Information Disclosure Vulnerability (CVE-2016-3234)
1007617* - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0126)
1007885* - Microsoft Office Memory Corruption Vulnerability (CVE-2016-3316)


Remote Desktop Protocol Server
1007969 - Identified Suspicious Remote Desktop Protocol (RDP) Brute Force Attempt


Web Client Common
1007998 - Adobe Acrobat And Reader Multiple Memory Corruption Vulnerabilities (APSB16-33) - 1
1007997 - Adobe Acrobat And Reader Multiple Memory Corruption Vulnerabilities (APSB16-33) - 2
1007999 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB16-33) - 1
1008000 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB16-33) - 2
1007678* - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2016-4138)
1007996 - Adobe Flash Player Multiple Security Vulnerabilities (APSB16-32)
1006391* - Identified Suspicious Obfuscated JavaScript - 1
1007929* - Microsoft PDF Library Remote Code Execution Vulnerability (CVE-2016-3370)
1007975* - Microsoft Windows Multiple Security Vulnerabilities (MS16-123)


Web Client Internet Explorer/Edge
1007529 - Cumulative Security Update Of ActiveX Kill Bits - January 2016
1007926* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3294)
1007921* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3295)
1007928* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3324)


Web Server Common
1005434* - Disallow Upload Of A PHP File
1007185* - Java Unserialize Remote Code Execution Vulnerability


Windows Services RPC Client
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.