All Vulnerabilities

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services - Client
1008284 - Microsoft Office DLL Loading Vulnerability Over Network Share (CVE-2017-0197)
1008201 - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2016-0100)


DNS Server
1008188 - PowerDNS Authoritative Server Dot Character Denial Of Service Vulnerability (CVE-2016-5427)


Directory Server LDAP
1008278 - Microsoft LDAP Elevation Of Privilege Vulnerability (CVE-2017-0166)


FTP Server ProFTPD
1006743* - ProFTPD Remote Command Execution Vulnerability (CVE-2015-3306)


HP OpenView
1008256 - HP Data Protector EXEC_SETUP Remote Code Execution Vulnerability (CVE-2011-0922)


Microsoft Office
1004311* - Identified Suspicious Microsoft PowerPoint Document


Suspicious Client Ransomware Activity
1007705* - Ransomware Network Traffic - 2
1007706* - Ransomware Network Traffic - 3


Web Application Common
1008205 - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049)
1008190 - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677)


Web Application PHP Based
1008143 - Joomla Media Manager Privilege Escalation Vulnerability (CVE-2013-5576)
1008146 - WordPress UserPro Plugin Remote File Upload Vulnerability


Web Application Ruby Based
1008181 - Ruby On Rails Action Pack Remote Code Execution Vulnerability (CVE-2016-2098)


Web Client Common
1004593* - Heuristic Detection Of Malicious PDF Documents - 2
1008297 - Identified Suspicious RTF File With Obfuscated Powershell Execution
1008206 - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049) - 1
1008189 - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677) - 1
1008292 - Microsoft Office DLL Loading Vulnerability Over WebDAV (CVE-2017-0197)
1008283 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0194)
1008282 - Microsoft Windows ATMFD.dll Information Disclosure Vulnerability (CVE-2017-0192)
1008202 - Microsoft Windows DLL Loading Vulnerability Over WebDAV (CVE-2016-0100)
1008238* - Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0060)
1008241* - Microsoft Windows GDI+ Remote Code Execution Vulnerability (CVE-2017-0108)
1008169* - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2017-0014)
1008274 - Microsoft Windows Multiple Security Vulnerabilities (April-2017)
1008168* - Microsoft Windows PDF Library Memory Corruption Vulnerability (CVE-2017-0023)
1008247* - Microsoft Windows Registry Elevation Of Privilege Vulnerability (CVE-2017-0103)
1008235* - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011) - 2
1008285 - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)
1008175 - Oracle Java Runtime Environment Use After Free Remote Code Execution Vulnerability (CVE-2016-5568)
1008295 - Restrict Microsoft Word RTF File With Embedded OLE2link Object


Web Client Internet Explorer/Edge
1007662* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3222)
1008286 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0200)
1008290 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0205)
1008291 - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2017-0208)
1008217* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0071)
1008218* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0094)
1008153* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0037)
1008152* - Microsoft Internet Explorer And Edge Spoofing Vulnerability (CVE-2017-0033)
1008294 - Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2017-0210)
1008208* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0059)
1008288 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0202)
1008275 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0158)
1008287 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0201)
1008174* - Microsoft Windows DirectShow Information Disclosure Vulnerability (CVE-2017-0042)


Web Server Miscellaneous
1004911* - Apache Struts2 Multiple Vulnerabilities
1008130 - Oracle Application Testing Suite Multiple Security Vulnerabilities
1008142 - Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Vulnerability (CVE-2016-0491)


Web Server Oracle
1007968 - Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization Vulnerability (CVE-2013-2186)


Integrity Monitoring Rules:

1008271 - Application - Docker


Log Inspection Rules:

1008145 - Web Server - Nginx
1002835* - Web Server - Web Access Events

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008228* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)


DCERPC Services - Client
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client


Suspicious Client Application Activity
1005067* - Identified Potentially Harmful Client Traffic


Suspicious Server Application Activity
1005090* - Identified Potentially Harmful Server Traffic


Web Application PHP Based
1008193 - PHP exif_convert_any_to_int Denial Of Service Vulnerability (CVE-2016-10158)
1008182* - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)


Web Client Common
1008255 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0061)
1008254 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0063)
1008252 - Microsoft Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0085)
1008067* - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2016-7274)
1008253 - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0084)


Web Client Internet Explorer/Edge
1008211* - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0065)
1008156* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0010)


Web Server Apache
1008117 - Apache Subversion mod_authz_svn Module Denial Of Service Vulnerability (CVE-2016-2168)


Web Server Common
1008194 - Oracle Java SE Remote Security Vulnerability (CVE-2017-3241)


Web Server IIS
1008266 - Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)


Web Server Miscellaneous
1008178 - Novell Service Desk clientImportUploadForm Directory Traversal Vulnerability (CVE-2016-1593)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Client
1008180* - ISC BIND Inconsistent DS Record Assertion Failure Denial Of Service Vulnerability (CVE-2016-9444)
1008136* - ISC BIND RRSIG Record Response Assertion Failure Denial Of Service (CVE-2016-9147)


NTP Server Linux
1007741* - NTP Crypto-NAK Packets Symmetric Association Authentication Bypass Vulnerability (CVE-2015-7871)


Web Application PHP Based
1008125* - Joomla Denial Of Service Vulnerability (CVE-2013-3242)
1008135* - PHP Exif Null Pointer Dereference Vulnerability (CVE-2016-6292)
1008037* - PHP GC Use After Free Vulnerability (CVE-2016-5771)
1008144* - PHP Remote Code Execution Vulnerability (CVE-2017-5340)
1008131* - PHP Unserialize() ZVAL Reference Counter Overflow Vulnerability (CVE-2007-1286)
1007289* - PHP cURL Lib NULL Byte Injection Vulnerability
1008182* - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)
1008148 - WordPress Ninja Forms Unauthenticated File Upload Vulnerability (CVE-2016-1209)
1003085* - WordPress RSS Feed Generator self_link HTTP_HOST Cross-Site Scripting
1008186* - phpMyAdmin Authenticated Remote Code Execution Vulnerability (CVE-2013-3238)


Web Client Common
1008251 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-07)
1004335* - Apple QuickTime 'QuickTimeStreaming.qtx' Remote Stack Buffer Overflow
1008107 - Oracle Java Remote Code Execution Vulnerability (CVE-2016-3598)


Web Client Internet Explorer/Edge
1008149* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0008)


Web Server Adobe ColdFusion
1008113* - Adobe ColdFusion OOXML XXE Information Disclosure Vulnerability (CVE-2016-4264)


Web Server HTTPS
1008137 - Identified TLS/SSL DES Cipher Suite Is Being Supported


Web Server Miscellaneous
1008104* - Apache ActiveMQ Multiple Remote Code Execution Vulnerabilities (CVE-2016-3088)
1008207* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
1008141* - Jetty Path Sanitization Vulnerability (CVE-2016-4800)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited these vulnerabilities could obtain information to further compromise the user's system.

A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited these vulnerabilities could obtain information to further compromise the user's system.

A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited these vulnerabilities could obtain information to further compromise the user's system.

A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited these vulnerabilities could obtain information to further compromise the user's system.

A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited these vulnerabilities could obtain information to further compromise the user's system.

A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited these vulnerabilities could obtain information to further compromise the user's system.

A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited these vulnerabilities could obtain information to further compromise the user’s system.