Rule Update
17-031 (July 4, 2017)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
BIND RNDC
1008321 - ISC BIND Remote Denial Of Service Vulnerability (CVE-2017-3138)
DCERPC Services
1008179* - Restrict File Extensions For Rename Activity Over Network Share
1003712* - Windows Vista SMB2.0 Negotiate Protocol Request Remote Code Execution
Instant Messenger Applications
1002466* - ICQ
Suspicious Client Ransomware Activity
1007602* - Ransomware Locky
Unix RPC Services
1008433 - Solaris Calendar Manager Service Daemon (rpc.cmsd) Remote Code Execution Vulnerability
Web Application Common
1008427* - ImageMagick Denial Of Service Vulnerability (CVE-2017-8346) - 1
Web Client Common
1008398 - Adobe Reader DC JPEG2000 Parsing Out Of Bounds Read Information Disclosure Vulnerability (CVE-2016-7854)
1008393 - Foxit Reader ConvertToPDF BMP Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
1008394 - Foxit Reader ConvertToPDF BMP Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
1008404 - Foxit Reader ConvertToPDF GIF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
1008429 - Foxit Reader JBig2 Parser Information Disclosure Vulnerability (CVE-2016-8334)
1008461* - Microsoft Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0285)
1008285* - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)
1008295* - Restrict Microsoft Word RTF File With Embedded OLE2link Object
Windows Services RPC Client DCERPC
1008477 - Identified Usage Of WMI Execute Methods - Client
Integrity Monitoring Rules:
1005195* - Microsoft Windows - Log File Attributes Changes Detected
1005193* - Unix - Log File Attributes Changes Detected
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
BIND RNDC
1008321 - ISC BIND Remote Denial Of Service Vulnerability (CVE-2017-3138)
DCERPC Services
1008179* - Restrict File Extensions For Rename Activity Over Network Share
1003712* - Windows Vista SMB2.0 Negotiate Protocol Request Remote Code Execution
Instant Messenger Applications
1002466* - ICQ
Suspicious Client Ransomware Activity
1007602* - Ransomware Locky
Unix RPC Services
1008433 - Solaris Calendar Manager Service Daemon (rpc.cmsd) Remote Code Execution Vulnerability
Web Application Common
1008427* - ImageMagick Denial Of Service Vulnerability (CVE-2017-8346) - 1
Web Client Common
1008398 - Adobe Reader DC JPEG2000 Parsing Out Of Bounds Read Information Disclosure Vulnerability (CVE-2016-7854)
1008393 - Foxit Reader ConvertToPDF BMP Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
1008394 - Foxit Reader ConvertToPDF BMP Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
1008404 - Foxit Reader ConvertToPDF GIF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
1008429 - Foxit Reader JBig2 Parser Information Disclosure Vulnerability (CVE-2016-8334)
1008461* - Microsoft Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0285)
1008285* - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)
1008295* - Restrict Microsoft Word RTF File With Embedded OLE2link Object
Windows Services RPC Client DCERPC
1008477 - Identified Usage Of WMI Execute Methods - Client
Integrity Monitoring Rules:
1005195* - Microsoft Windows - Log File Attributes Changes Detected
1005193* - Unix - Log File Attributes Changes Detected
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.