Rule Update
DPIルール他更新情報:21-007(2021年2月16日)
概要
* は既存ルールの新バージョンを示します。
DPI(Deep Packet Inspection) ルール:
DCERPCサービス
1009801* - Microsoft Windows NTLM Elevation Of Privilege Vulnerability (CVE-2019-1040)
1008179* - Restrict File Extensions For Rename Activity Over Network Share
DNSクライアント
1010771 - DNSmasq DNSSEC Out Of Bounds Write Vulnerability (CVE-2020-25683)
1010784 - DNSmasq DNSSEC Out Of Bounds Write Vulnerability (CVE-2020-25687)
1010766* - Identified Non Existing DNS Resource Record (RR) Types In DNS Traffic
Database Microsoft SQL
1008759* - Microsoft SQL Server 'EXECUTE AS' Privilege Escalation Vulnerability
ディレクトリサーバ LDAP
1010754* - Microsoft Windows NTLM Elevation Of Privilege Vulnerability Over LDAP (CVE-2019-1040)
Microsoft Office
1010785 - Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability (CVE-2021-24070)
1010786 - Microsoft Excel XLSX File Parsing Use-After-Free Remote Code Execution Vulnerability (CVE-2021-24067)
アプリケーションに関連する不審な活動(クライアント)
1010741* - Identified HTTP Backdoor Python FreakOut A Runtime Detection
ランサムウェアに関連する不審な活動(クライアント)
1010792 - Identified Cobalt Strike Default Self-signed SSL/TLS Certificate
アプリケーションに関連する不審な活動(サーバ)
1008918* - Identified Memcached Amplified Reflected Response
Webアプリケーション 共通
1005933* - Identified Directory Traversal Sequence In Uri Query Parameter
Webアプリケーション Ruby
1008574* - Ruby On Rails Development Web Console Code Execution Vulnerability (CVE-2015-3224)
Webクライアント 共通
1010760* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-09) - 1
1010790 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-09) - 3
1010787 - Microsoft Windows Camera Codec Pack Image Processing Out-Of-Bounds Write Vulnerability (CVE-2021-24081)
1010788 - Microsoft Windows Camera Codec Pack Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2021-24091)
1004226* - Microsoft Windows Help Centre Malformed Escape Sequences Vulnerability
1006582* - Microsoft Windows Help Centre Malformed Escape Sequences Vulnerability (CVE-2010-1885)
1010789 - Microsoft Windows WAB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2021-24083)
Webクライアント SSL
1006296* - Detected SSLv3 Response (ATT&CK T1032)
1006298* - Identified CBC Based Cipher Suite In SSLv3 Request (ATT&CK T1032)
Webサーバ Apache
1010751 - Proxifier Proxy Client
Webサーバ 共通
1010737* - CMS Made Simple 'Showtime2' Reflected Cross Site Scripting Vulnerability (CVE-2020-20138)
1010736* - Cisco Data Center Network Manager Authentication Bypass Vulnerability (CVE-2019-15977)
1010769 - Identified Kubernetes Namespace API Requests
1010477* - Java Unserialize Remote Code Execution Vulnerability - 1
Webサーバ HTTPS
1010795 - Joomla CMS Cross-Site Scripting Vulnerability (CVE-2021-23124)
1010772 - Microsoft Exchange Remote Code Execution Vulnerability (CVE-2020-17132)
Webサーバ その他
1008610* - Block Object-Graph Navigation Language (OGNL) Expressions Initiation In Apache Struts HTTP Request
1004874* - TimThumb Plugin Remote Code Execution Vulnerability
Webサーバ SharePoint
1010764* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-24072)
1010794 - Microsoft SharePoint Workflow Deserialization Of Untrusted Data Remote Code Execution Vulnerability (CVE-2021-24066)
Windowsサービス RPCサーバ DCERPC
1008479* - Identified Usage Of WMI Execute Methods - Server
変更監視(Integrity Monitoring)ルール:
今回のセキュリティアップデートには、新規の変更監視ルールおよび更新は含まれておりません。
セキュリティログ監視(Log Inspection)ルール:
1003631* - DNS Server - Microsoft Windows
DPI(Deep Packet Inspection) ルール:
DCERPCサービス
1009801* - Microsoft Windows NTLM Elevation Of Privilege Vulnerability (CVE-2019-1040)
1008179* - Restrict File Extensions For Rename Activity Over Network Share
DNSクライアント
1010771 - DNSmasq DNSSEC Out Of Bounds Write Vulnerability (CVE-2020-25683)
1010784 - DNSmasq DNSSEC Out Of Bounds Write Vulnerability (CVE-2020-25687)
1010766* - Identified Non Existing DNS Resource Record (RR) Types In DNS Traffic
Database Microsoft SQL
1008759* - Microsoft SQL Server 'EXECUTE AS' Privilege Escalation Vulnerability
ディレクトリサーバ LDAP
1010754* - Microsoft Windows NTLM Elevation Of Privilege Vulnerability Over LDAP (CVE-2019-1040)
Microsoft Office
1010785 - Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability (CVE-2021-24070)
1010786 - Microsoft Excel XLSX File Parsing Use-After-Free Remote Code Execution Vulnerability (CVE-2021-24067)
アプリケーションに関連する不審な活動(クライアント)
1010741* - Identified HTTP Backdoor Python FreakOut A Runtime Detection
ランサムウェアに関連する不審な活動(クライアント)
1010792 - Identified Cobalt Strike Default Self-signed SSL/TLS Certificate
アプリケーションに関連する不審な活動(サーバ)
1008918* - Identified Memcached Amplified Reflected Response
Webアプリケーション 共通
1005933* - Identified Directory Traversal Sequence In Uri Query Parameter
Webアプリケーション Ruby
1008574* - Ruby On Rails Development Web Console Code Execution Vulnerability (CVE-2015-3224)
Webクライアント 共通
1010760* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-09) - 1
1010790 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-09) - 3
1010787 - Microsoft Windows Camera Codec Pack Image Processing Out-Of-Bounds Write Vulnerability (CVE-2021-24081)
1010788 - Microsoft Windows Camera Codec Pack Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2021-24091)
1004226* - Microsoft Windows Help Centre Malformed Escape Sequences Vulnerability
1006582* - Microsoft Windows Help Centre Malformed Escape Sequences Vulnerability (CVE-2010-1885)
1010789 - Microsoft Windows WAB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2021-24083)
Webクライアント SSL
1006296* - Detected SSLv3 Response (ATT&CK T1032)
1006298* - Identified CBC Based Cipher Suite In SSLv3 Request (ATT&CK T1032)
Webサーバ Apache
1010751 - Proxifier Proxy Client
Webサーバ 共通
1010737* - CMS Made Simple 'Showtime2' Reflected Cross Site Scripting Vulnerability (CVE-2020-20138)
1010736* - Cisco Data Center Network Manager Authentication Bypass Vulnerability (CVE-2019-15977)
1010769 - Identified Kubernetes Namespace API Requests
1010477* - Java Unserialize Remote Code Execution Vulnerability - 1
Webサーバ HTTPS
1010795 - Joomla CMS Cross-Site Scripting Vulnerability (CVE-2021-23124)
1010772 - Microsoft Exchange Remote Code Execution Vulnerability (CVE-2020-17132)
Webサーバ その他
1008610* - Block Object-Graph Navigation Language (OGNL) Expressions Initiation In Apache Struts HTTP Request
1004874* - TimThumb Plugin Remote Code Execution Vulnerability
Webサーバ SharePoint
1010764* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-24072)
1010794 - Microsoft SharePoint Workflow Deserialization Of Untrusted Data Remote Code Execution Vulnerability (CVE-2021-24066)
Windowsサービス RPCサーバ DCERPC
1008479* - Identified Usage Of WMI Execute Methods - Server
変更監視(Integrity Monitoring)ルール:
今回のセキュリティアップデートには、新規の変更監視ルールおよび更新は含まれておりません。
セキュリティログ監視(Log Inspection)ルール:
1003631* - DNS Server - Microsoft Windows