DeepSecurity
- * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1008558 - Identified Windows Search Protocol Network Traffic Over SMB
1008560 - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8620)
DCERPC Services - Client
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
1008407 - Skype Insecure Library Loading Vulnerability Over Network Share (CVE-2017-6517)
Web Application PHP Based
1008524 - PHP INI Parsing Stack Buffer Overflow Vulnerability (CVE-2017-11628)
Web Client Common
1008408 - Skype Insecure Library Loading Vulnerability Over WebDAV (CVE-2017-6517)
Web Client Internet Explorer/Edge
1008547 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8652)
1008531 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8603)
Web Server Apache
1008519* - Apache HTTP Server Denial Of Service Vulnerability (CVE-2017-7668)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
FTP Server Common
1008463* - Core FTP Server Heap Overflow Vulnerability
HP Intelligent Management Center (IMC)
1008469* - HPE Intelligent Management Center CommonUtils ZIP Directory Traversal Vulnerability (CVE-2017-5793)
Kerberos KDC Server
1008475* - MIT Kerberos TGS RequestHandler Denial Of Service Vulnerability (CVE-2015-2697)
Unix SSH
1008515* - OpenSSH KEXINIT Denial Of Service Vulnerability (CVE-2016-8858)
VoIP Soft Phones
1008430* - Asterisk Long Contact URIs REGISTER Requests Denial Of Service Vulnerability
Web Application Common
1008415* - ImageMagick 'pict.c' Denial Of Service Vulnerability (CVE-2017-8353)
1008496* - ImageMagick Denial Of Service Vulnerability (CVE-2017-9407) - 1
1008499* - ImageMagick Denial Of Service Vulnerability (CVE-2017-9439) - 1
1008500* - ImageMagick Denial Of Service Vulnerability (CVE-2017-9440) - 1
1008418* - ImageMagick Memory Corruption Vulnerability (CVE-2016-8862)
Web Application PHP Based
1008516* - PHP Buffer Over-Read Into Uninitialized Memory Vulnerability (CVE-2017-7890)
1008409* - PHP exif_process_IFD_in_TIFF Function Memory Leak Vulnerability (CVE-2016-7128)
Web Client Common
1008537 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 1
1008545 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 2
1008535 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 3
1008544 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 4
1008538 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 5
1008543 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 6
1008536 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 7
1008546 - Adobe Flash Player Type Confusion Vulnerability (CVE-2017-3106)
1008392 - Foxit Reader BMP Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
1008478 - Microsoft MsMpEng Use After Free Vulnerability (CVE-2017-8540)
1008480 - Microsoft MsMpEng Use After Free Vulnerability (CVE-2017-8541)
1008532 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2017-0190)
Web Proxy Squid
1008111* - Squid HTTP Response Denial Of Service Vulnerability
Web Server Apache
1008519* - Apache HTTP Server Denial Of Service Vulnerability (CVE-2017-7668)
Web Server Miscellaneous
1008491* - Apache Struts Security Bypass Vulnerability (CVE-2016-4436)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008525 - SMBLoris Denial Of Service Vulnerability
Web Application PHP Based
1008516 - PHP Buffer Over-Read Into Uninitialized Memory Vulnerability (CVE-2017-7890)
Web Client Common
1008410 - Microsoft .NET Framework Pointer Verification Vulnerability (CVE-2009-0090)
1008522 - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-0250)
Web Client Internet Explorer/Edge
1008523 - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2017-8625)
Web Server Apache
1008519 - Apache HTTP Server Denial Of Service Vulnerability (CVE-2017-7668)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
There are no new or updated Deep Packet Inspection Rules in this Security Update.
Integrity Monitoring Rules:
1006544* - Adware - Suspicious Microsoft Windows Superfish Detected
1002776* - Microsoft Windows - Startup Programs Modified
1008385* - Ransomware - WannaCry
1006801* - TMTR-0004: Suspicious Files Detected In Operating System Directories
1007210* - TMTR-0018: Suspicious Files Detected In User Profile Directory
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1006906* - Identified Usage Of PsExec Command Line Tool
DNS Server
1004747* - DNS Invalid Compression Denial Of Service
FTP Server Common
1008463 - Core FTP Server Heap Overflow Vulnerability
Kerberos KDC Server
1008475 - MIT Kerberos TGS RequestHandler Denial Of Service Vulnerability (CVE-2015-2697)
Unix SSH
1008515 - OpenSSH KEXINIT Denial Of Service Vulnerability (CVE-2016-8858)
Web Client Common
1008412 - FFmpeg mov_read_keys Integer Overflow Vulnerability (CVE-2016-5199)
1008471 - Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
1008517 - Google Chrome Array IndexOf Out-Of-Bounds Access Remote Code Execution Vulnerability (CVE-2017-5053)
1008521 - Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2017-0291)
Web Client Internet Explorer/Edge
1004986* - Dell Webcam Central CrazyTalk4 ActiveX Control Buffer Overflow Vulnerability
Integrity Monitoring Rules:
1002776* - Microsoft Windows - Startup Programs Modified
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
BIND RNDC
1008321* - ISC BIND Remote Denial Of Service Vulnerability (CVE-2017-3138)
DCERPC Services
1008227* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2017-0147)
HP Intelligent Management Center (IMC)
1008469 - HPE Intelligent Management Center CommonUtils ZIP Directory Traversal Vulnerability (CVE-2017-5793)
Unix RPC Services
1008433* - Solaris Calendar Manager Service Daemon (rpc.cmsd) Remote Code Execution Vulnerability
VoIP Soft Phones
1008430 - Asterisk Long Contact URIs REGISTER Requests Denial Of Service Vulnerability
Web Application Common
1008451* - ImageMagick 'MagickCore/blob.c' ReadOneJNGImage Assertion Vulnerability (CVE-2017-9142) - 1
1008450* - ImageMagick 'MagickCore/profile.c' ReadDDSImage Assertion Vulnerability (CVE-2017-9141) - 1
1008415 - ImageMagick 'pict.c' Denial Of Service Vulnerability (CVE-2017-8353)
1008449* - ImageMagick ART File 'coders/art.c' ReadARTImage Denial Of Service Vulnerability (CVE-2017-9143) - 1
1008496 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9407) - 1
1008499 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9439) - 1
1008500 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9440) - 1
1008418 - ImageMagick Memory Corruption Vulnerability (CVE-2016-8862)
Web Application PHP Based
1008409 - PHP exif_process_IFD_in_TIFF Function Memory Leak Vulnerability (CVE-2016-7128)
Web Client Common
1008474 - Foxit Reader Safe Mode Bypass Information Disclosure Vulnerability
1008416 - ImageMagick 'pict.c' Denial Of Service Vulnerability (CVE-2017-8353) - 1
1008497 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9407)
1008498 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9439)
1008501 - ImageMagick Denial Of Service Vulnerability (CVE-2017-9440)
1008419 - ImageMagick Memory Corruption Vulnerability (CVE-2016-8862) - 1
1008476 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability (CVE-2017-8558)
1008504 - Microsoft Windows System Information Console Information Disclosure Vulnerability (CVE-2017-8557)
Web Client Mozilla Firefox
1008325 - Mozilla Firefox createImageBitmap Integer Overflow (CVE-2017-5428)
Web Server HTTPS
1008293* - Trend Micro Control Manager Download Multiple Directory Traversal Information Disclosure Vulnerabilities
Web Server Miscellaneous
1008491 - Apache Struts Security Bypass Vulnerability (CVE-2016-4436)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008227* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0147)
DNS Client
1008495 - systemd Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2017-9445)
1008502 - systemd Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2017-9445) -1
Suspicious Server Application Activity
1008492 - Identified SambaShell C&C Traffic
Web Application Common
1008192 - Identified Directory Traversal Sequence In Multipart HTTP Requests
Web Client Common
1008494 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-21)
1008503 - Cisco WebEx Browser Extension Remote Code Execution Vulnerability (CVE-2017-6753)
1008470 - Microsoft Windows Multiple Security Vulnerabilities (June-2017)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache OpenMeetings
1008267* - Apache OpenMeetings ZIP File Path Traversal Vulnerability (CVE-2016-0784)
DCERPC Services
1008432* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2017-0267)
1008445* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8543)
DHCP Client
1004653* - ISC DHCP 'dhclient' Shell Characters In Response Remote Code Execution Vulnerability
HP Intelligent Management Center (IMC)
1008379* - HP Intelligent Management Center Service Information Disclosure Vulnerability (CVE-2017-5797)
Microsoft Office
1004312* - Identified Suspicious Microsoft Word Document
1008340* - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0243)
Port Mapper Windows
1001033* - Windows Port Mapper Decoder
Web Application Common
1008451 - ImageMagick 'MagickCore/blob.c' ReadOneJNGImage Assertion Vulnerability (CVE-2017-9142) - 1
1008450 - ImageMagick 'MagickCore/profile.c' ReadDDSImage Assertion Vulnerability (CVE-2017-9141) - 1
1008449 - ImageMagick ART File 'coders/art.c' ReadARTImage Denial Of Service Vulnerability (CVE-2017-9143) - 1
1008427* - ImageMagick Denial Of Service Vulnerability (CVE-2017-8346) - 1
1008383* - ImageMagick Heap Buffer Overflow Vulnerability (CVE-2016-9556)
1008388* - ImageMagick Use After Free Denial Of Service Vulnerability (CVE-2016-7906)
Web Client Common
1008387 - Foxit Reader ConvertToPDF TIFF Parsing Out Of Bounds Write Remote Code Execution Vulnerability
1008401 - Foxit Reader FlateDecode Use After Free Remote Code Execution Vulnerability
1008417 - Foxit Reader Stack Buffer Overflow Vulnerability
1008425 - ImageMagick 'MagickCore/blob.c' ReadOneJNGImage Assertion Vulnerability (CVE-2017-9142)
1008424 - ImageMagick 'MagickCore/profile.c' ReadDDSImage Assertion Vulnerability (CVE-2017-9141)
1008426 - ImageMagick ART File 'coders/art.c' ReadARTImage Denial Of Service Vulnerability (CVE-2017-9143)
1008377 - Microsoft Windows Media Format Remote Code Execution Vulnerability (CVE-2007-0064)
1008489 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (July-2017)
1008481 - Microsoft Windows Security Feature Bypass Vulnerability (CVE-2017-8592)
1008452 - Oracle Java Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2016-3443)
1008457* - Ransomware Erebus
Web Client Internet Explorer/Edge
1008439* - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8496)
1008486 - Microsoft Edge Remote Code Execution Vulnerability (CVE-2017-8617)
1008483 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8598)
1008484 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8601)
1008485 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8605)
1008487 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8619)
1008482 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-8594)
1008488 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-8618)
Web Server HTTPS
1008293 - Trend Micro Control Manager Download Multiple Directory Traversal Information Disclosure Vulnerabilities
Windows Services RPC Server DCERPC
1008479 - Identified Usage Of WMI Execute Methods - Server
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Server Miscellaneous
1008490 - Apache Struts2 Struts 1 Plugin Showcase Remote Code Execution Vulnerability (CVE-2017-9791)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
BIND RNDC
1008321 - ISC BIND Remote Denial Of Service Vulnerability (CVE-2017-3138)
DCERPC Services
1008179* - Restrict File Extensions For Rename Activity Over Network Share
1003712* - Windows Vista SMB2.0 Negotiate Protocol Request Remote Code Execution
Instant Messenger Applications
1002466* - ICQ
Suspicious Client Ransomware Activity
1007602* - Ransomware Locky
Unix RPC Services
1008433 - Solaris Calendar Manager Service Daemon (rpc.cmsd) Remote Code Execution Vulnerability
Web Application Common
1008427* - ImageMagick Denial Of Service Vulnerability (CVE-2017-8346) - 1
Web Client Common
1008398 - Adobe Reader DC JPEG2000 Parsing Out Of Bounds Read Information Disclosure Vulnerability (CVE-2016-7854)
1008393 - Foxit Reader ConvertToPDF BMP Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
1008394 - Foxit Reader ConvertToPDF BMP Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
1008404 - Foxit Reader ConvertToPDF GIF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
1008429 - Foxit Reader JBig2 Parser Information Disclosure Vulnerability (CVE-2016-8334)
1008461* - Microsoft Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0285)
1008285* - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)
1008295* - Restrict Microsoft Word RTF File With Embedded OLE2link Object
Windows Services RPC Client DCERPC
1008477 - Identified Usage Of WMI Execute Methods - Client
Integrity Monitoring Rules:
1005195* - Microsoft Windows - Log File Attributes Changes Detected
1005193* - Unix - Log File Attributes Changes Detected
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.