Rule Update
17-014 (March 28, 2017)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008228* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)
DCERPC Services - Client
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
Suspicious Client Application Activity
1005067* - Identified Potentially Harmful Client Traffic
Suspicious Server Application Activity
1005090* - Identified Potentially Harmful Server Traffic
Web Application PHP Based
1008193 - PHP exif_convert_any_to_int Denial Of Service Vulnerability (CVE-2016-10158)
1008182* - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)
Web Client Common
1008255 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0061)
1008254 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0063)
1008252 - Microsoft Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0085)
1008067* - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2016-7274)
1008253 - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0084)
Web Client Internet Explorer/Edge
1008211* - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0065)
1008156* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0010)
Web Server Apache
1008117 - Apache Subversion mod_authz_svn Module Denial Of Service Vulnerability (CVE-2016-2168)
Web Server Common
1008194 - Oracle Java SE Remote Security Vulnerability (CVE-2017-3241)
Web Server IIS
1008266 - Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)
Web Server Miscellaneous
1008178 - Novell Service Desk clientImportUploadForm Directory Traversal Vulnerability (CVE-2016-1593)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008228* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)
DCERPC Services - Client
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
Suspicious Client Application Activity
1005067* - Identified Potentially Harmful Client Traffic
Suspicious Server Application Activity
1005090* - Identified Potentially Harmful Server Traffic
Web Application PHP Based
1008193 - PHP exif_convert_any_to_int Denial Of Service Vulnerability (CVE-2016-10158)
1008182* - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)
Web Client Common
1008255 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0061)
1008254 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0063)
1008252 - Microsoft Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0085)
1008067* - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2016-7274)
1008253 - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0084)
Web Client Internet Explorer/Edge
1008211* - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0065)
1008156* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0010)
Web Server Apache
1008117 - Apache Subversion mod_authz_svn Module Denial Of Service Vulnerability (CVE-2016-2168)
Web Server Common
1008194 - Oracle Java SE Remote Security Vulnerability (CVE-2017-3241)
Web Server IIS
1008266 - Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)
Web Server Miscellaneous
1008178 - Novell Service Desk clientImportUploadForm Directory Traversal Vulnerability (CVE-2016-1593)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.