Rule Update
17-022 (May 15, 2017)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008227* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0147)
1008179 - Restrict File Extensions For Rename Activity Over Network Share
DCERPC Services - Client
1008328* - Identified Client Suspicious SMB Session
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
HP Intelligent Management Center (IMC)
1008299* - HP Intelligent Management Center 'accessMgrServlet' Insecure Deserialization Vulnerability
Intel AMT
1008369* - Intel Active Management Technology Escalation Of Privilege (CVE-2017-5689)
Mail Server Lotus Domino
1008310* - IBM Lotus Domino Server Examine Command Stack Buffer Overflow Vulnerability
NNTP Client Microsoft Outlook Express
1000780* - Microsoft Outlook Express NNTP Response Parsing Buffer Overflow
Sun Solaris RPC Services
1008314* - Oracle Solaris Remote Code Execution Vulnerability (CVE-2017-3623)
Web Application Common
1008261* - ImageMagick IsPixelGray Buffer Overflow Vulnerability (CVE-2016-9773)
Web Application PHP Based
1008322* - SquirrelMail Remote Code Execution Vulnerability (CVE-2017-7692)
Web Client Common
1008309* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 3
1008376 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-15)
Web Server MDaemon Web Mail
1008311 - MDaemon WorldClient Remote Code Execution Vulnerability
Web Server Squid
1005303* - Squid 'cachemgr.cgi' Remote Denial Of Service Vulnerability
Integrity Monitoring Rules:
1008385 - Ransomware - WannaCry
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008227* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0147)
1008179 - Restrict File Extensions For Rename Activity Over Network Share
DCERPC Services - Client
1008328* - Identified Client Suspicious SMB Session
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
HP Intelligent Management Center (IMC)
1008299* - HP Intelligent Management Center 'accessMgrServlet' Insecure Deserialization Vulnerability
Intel AMT
1008369* - Intel Active Management Technology Escalation Of Privilege (CVE-2017-5689)
Mail Server Lotus Domino
1008310* - IBM Lotus Domino Server Examine Command Stack Buffer Overflow Vulnerability
NNTP Client Microsoft Outlook Express
1000780* - Microsoft Outlook Express NNTP Response Parsing Buffer Overflow
Sun Solaris RPC Services
1008314* - Oracle Solaris Remote Code Execution Vulnerability (CVE-2017-3623)
Web Application Common
1008261* - ImageMagick IsPixelGray Buffer Overflow Vulnerability (CVE-2016-9773)
Web Application PHP Based
1008322* - SquirrelMail Remote Code Execution Vulnerability (CVE-2017-7692)
Web Client Common
1008309* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 3
1008376 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-15)
Web Server MDaemon Web Mail
1008311 - MDaemon WorldClient Remote Code Execution Vulnerability
Web Server Squid
1005303* - Squid 'cachemgr.cgi' Remote Denial Of Service Vulnerability
Integrity Monitoring Rules:
1008385 - Ransomware - WannaCry
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.