17-042 (September 5, 2017)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1003712* - Windows Vista SMB2.0 Negotiate Protocol Request Remote Code Execution


DCERPC Services - Client
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client


Directory Server LDAP
1008453 - OpenLDAP ldapsearch pagesize Double Free Denial Of Service Vulnerability (CVE-2017-9287)


Suspicious Client Ransomware Activity
1008572 - Ransomware Defray
1007602* - Ransomware Locky


VoIP Soft Phones
1008421* - Digium Asterisk CDR ast_cdr_setuserfield Buffer Overflow Vulnerability (CVE-2017-7617)


Web Application Common
1008514 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9262) - 1
1008508 - ImageMagick Heap-Based Buffer Overflow Vulnerability (CVE-2017-10928) - 1


Web Application PHP Based
1008524* - PHP INI Parsing Stack Buffer Overflow Vulnerability (CVE-2017-11628)


Web Application Ruby Based
1007645* - Ruby On Rails Rack Denial Of Service Vulnerability (CVE-2015-3225)


Web Client Common
1008545* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 2
1008544* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 4
1008513 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9262)
1008507 - ImageMagick Heap-Based Buffer Overflow Vulnerability (CVE-2017-10928)


Web Server Common
1006540* - Enable X-Forwarded-For HTTP Header Logging


Web Server RealVNC
1008557* - RealVNC NULL Authentication Mode Bypass Vulnerability (CVE-2006-2369)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.