DeepSecurity

  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1008327* - Identified Server Suspicious SMB Session
    1008305* - Microsoft Windows SMBv1 Remote Code Execution Vulnerability


    DNS Server
    1008332 - Microsoft DNS Server Denial Of Service Vulnerability (CVE-2017-0171)


    Intel AMT
    1008369 - Intel Active Management Technology Escalation Of Privilege (CVE-2017-5689)


    Suspicious Client Ransomware Activity
    1007601* - Ransomware TCP Request


    Unix SSH
    1008313 - Identified Many SSH Client Key Exchange Requests


    Web Application PHP Based
    1008368 - Identified Suspicious Host Header In WordPress Reset Password Request
    1008140* - WordPress REST API Unauthenticated Content Injection Vulnerability


    Web Application Tomcat
    1005972* - Apache Tomcat Denial Of Service Vulnerability (CVE-2013-4322)


    Web Client Common
    1008262 - ImageMagick IsPixelGray Buffer Overflow Vulnerability (CVE-2016-9773) - 1
    1008370 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability (CVE-2017-0290)
    1008319 - Microsoft Windows Information Disclosure Vulnerability (CVE-2017-0058)
    1008341 - Microsoft Windows Multiple Security Vulnerabilities (May-2017)
    1008106 - Oracle Java MethodHandle Remote Code Execution Vulnerability (CVE-2016-3587)


    Web Client Internet Explorer/Edge
    1008333 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0221)
    1008334 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0227)
    1008339 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0240)
    1008331 - Microsoft Edge Remote Code Execution Vulnerability (CVE-2017-0266)
    1008336 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0234)
    1008337 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0236)
    1008335 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0228)
    1008338 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0238)
    1008367 - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2017-0064)


    Web Server Apache
    1008134 - Apache Struts Double OGNL Evaluation Remote Code Execution Vulnerability (CVE-2016-0785)
    1003536* - Apache mod_dav svn Remote Denial Of Service


    Web Server IIS
    1006154* - IIS MX_STATS_LogLine NSIISlog.DLL Buffer Overflow Vulnerability
    1008266* - Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)


    Web Server Oracle
    1008317 - Oracle WebLogic JBoss Interceptors Deserialization Of Untrusted Data Vulnerability (CVE-2016-3510)
    1008094 - Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2016-5535)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1008327 - Identified Server Suspicious SMB Session
    1008306* - Microsoft Windows SMB Remote Code Execution Vulnerability (MS17-010)


    DCERPC Services - Client
    1008328 - Identified Client Suspicious SMB Session


    DNS Server
    1008188* - PowerDNS Authoritative Server Dot Character Denial Of Service Vulnerability (CVE-2016-5427)


    Directory Server LDAP
    1008278* - Microsoft LDAP Elevation Of Privilege Vulnerability (CVE-2017-0166)


    HP Intelligent Management Center (IMC)
    1008299 - HP Intelligent Management Center 'accessMgrServlet' Insecure Deserialization Vulnerability


    HP OpenView
    1008256* - HP Data Protector EXEC_SETUP Remote Code Execution Vulnerability (CVE-2011-0922)


    Web Application Common
    1008205* - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049)
    1008190* - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677)


    Web Application PHP Based
    1008143* - Joomla Media Manager Privilege Escalation Vulnerability (CVE-2013-5576)
    1008322 - SquirrelMail Remote Code Execution Vulnerability (CVE-2017-7692)
    1008146* - WordPress UserPro Plugin Remote File Upload Vulnerability


    Web Application Ruby Based
    1008181* - Ruby On Rails Action Pack Remote Code Execution Vulnerability (CVE-2016-2098)


    Web Client Common
    1007965* - Adobe Acrobat And Reader FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (APSB16-26) - 1
    1008298 - Adobe Reader DC XObject stream Use After Free Remote Code Execution Vulnerability (CVE-2016-6938)
    1008274* - Microsoft Windows Multiple Security Vulnerabilities (April-2017)


    Web Client Internet Explorer/Edge
    1008162 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0046)


    Web Server Miscellaneous
    1008130* - Oracle Application Testing Suite Multiple Security Vulnerabilities
    1008142* - Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Vulnerability (CVE-2016-0491)


    Web Server Oracle
    1007968* - Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization Vulnerability (CVE-2013-2186)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Mail Server Lotus Domino
    1008310 - IBM Lotus Domino Server Examine Command Stack Buffer Overflow Vulnerability


    Mail Server Sendmail
    1000368* - Sendmail SMTP Header And Command Buffer Overflow


    Port Mapper Service Common
    1008315 - Sun Solaris RPC Service PortMapper Decoder


    Sun Solaris RPC Services
    1008314 - Oracle Solaris Remote Code Execution Vulnerability (CVE-2017-3623)


    Web Application Common
    1008318 - CPanel Cgiemail And Cgiecho Format String Vulnerability (CVE-2017-5613)


    Web Client Common
    1008309* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 3


    Web Media Applications
    1002451* - YouTube


    Web Server IIS
    1008312 - Microsoft IIS WebDAV Remote Code Execution Vulnerability


    Integrity Monitoring Rules:

    1008257 - Microsoft Windows - USB Storage Device Detected


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1000735* - Microsoft Windows Server Service Remote Code Execution


    DCERPC Services - Client
    1008300 - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability Over Network Share (CVE-2017-3013)


    Web Application Common
    1006256* - GNU Bash Remote Code Execution Vulnerability
    1008261 - ImageMagick IsPixelGray Buffer Overflow Vulnerability (CVE-2016-9773)


    Web Client Common
    1008308 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 1
    1008304 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 2
    1008309 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 3
    1008301 - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability Over WebDAV (CVE-2017-3013)
    1008302 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-10)
    1008297* - Identified Suspicious RTF File With Obfuscated PowerShell Execution
    1008269 - Microsoft Windows NDISAPI Driver Elevation Of Privilege Vulnerability (CVE-2011-1974)
    1008234* - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011) - 1
    1008285* - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)
    1008295* - Restrict Microsoft Word RTF File With Embedded OLE2link Object


    Web Client Internet Explorer/Edge
    1008212* - Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-0066)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
    1008227* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0147)
    1008306 - Microsoft Windows SMB Remote Code Execution Vulnerability (MS17-010)
    1008305 - Microsoft Windows SMBv1 Remote Code Execution Vulnerability
    1004401* - Print Spooler Service Impersonation Vulnerability


    Remote Desktop Protocol Server
    1008307 - Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability


    Web Application PHP Based
    1008193* - PHP exif_convert_any_to_int Denial Of Service Vulnerability (CVE-2016-10158)
    1008148* - WordPress Ninja Forms Unauthenticated File Upload Vulnerability (CVE-2016-1209)


    Web Media Applications
    1002451* - YouTube


    Web Server Apache
    1008117* - Apache Subversion mod_authz_svn Module Denial Of Service Vulnerability (CVE-2016-2168)


    Web Server Common
    1008194* - Oracle Java SE Remote Security Vulnerability (CVE-2017-3241)


    Web Server Miscellaneous
    1008178* - Novell Service Desk clientImportUploadForm Directory Traversal Vulnerability (CVE-2016-1593)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services - Client
    1008284 - Microsoft Office DLL Loading Vulnerability Over Network Share (CVE-2017-0197)
    1008201 - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2016-0100)


    DNS Server
    1008188 - PowerDNS Authoritative Server Dot Character Denial Of Service Vulnerability (CVE-2016-5427)


    Directory Server LDAP
    1008278 - Microsoft LDAP Elevation Of Privilege Vulnerability (CVE-2017-0166)


    FTP Server ProFTPD
    1006743* - ProFTPD Remote Command Execution Vulnerability (CVE-2015-3306)


    HP OpenView
    1008256 - HP Data Protector EXEC_SETUP Remote Code Execution Vulnerability (CVE-2011-0922)


    Microsoft Office
    1004311* - Identified Suspicious Microsoft PowerPoint Document


    Suspicious Client Ransomware Activity
    1007705* - Ransomware Network Traffic - 2
    1007706* - Ransomware Network Traffic - 3


    Web Application Common
    1008205 - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049)
    1008190 - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677)


    Web Application PHP Based
    1008143 - Joomla Media Manager Privilege Escalation Vulnerability (CVE-2013-5576)
    1008146 - WordPress UserPro Plugin Remote File Upload Vulnerability


    Web Application Ruby Based
    1008181 - Ruby On Rails Action Pack Remote Code Execution Vulnerability (CVE-2016-2098)


    Web Client Common
    1004593* - Heuristic Detection Of Malicious PDF Documents - 2
    1008297 - Identified Suspicious RTF File With Obfuscated Powershell Execution
    1008206 - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049) - 1
    1008189 - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677) - 1
    1008292 - Microsoft Office DLL Loading Vulnerability Over WebDAV (CVE-2017-0197)
    1008283 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0194)
    1008282 - Microsoft Windows ATMFD.dll Information Disclosure Vulnerability (CVE-2017-0192)
    1008202 - Microsoft Windows DLL Loading Vulnerability Over WebDAV (CVE-2016-0100)
    1008238* - Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0060)
    1008241* - Microsoft Windows GDI+ Remote Code Execution Vulnerability (CVE-2017-0108)
    1008169* - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2017-0014)
    1008274 - Microsoft Windows Multiple Security Vulnerabilities (April-2017)
    1008168* - Microsoft Windows PDF Library Memory Corruption Vulnerability (CVE-2017-0023)
    1008247* - Microsoft Windows Registry Elevation Of Privilege Vulnerability (CVE-2017-0103)
    1008235* - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011) - 2
    1008285 - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)
    1008175 - Oracle Java Runtime Environment Use After Free Remote Code Execution Vulnerability (CVE-2016-5568)
    1008295 - Restrict Microsoft Word RTF File With Embedded OLE2link Object


    Web Client Internet Explorer/Edge
    1007662* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3222)
    1008286 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0200)
    1008290 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0205)
    1008291 - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2017-0208)
    1008217* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0071)
    1008218* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0094)
    1008153* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0037)
    1008152* - Microsoft Internet Explorer And Edge Spoofing Vulnerability (CVE-2017-0033)
    1008294 - Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2017-0210)
    1008208* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0059)
    1008288 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0202)
    1008275 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0158)
    1008287 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0201)
    1008174* - Microsoft Windows DirectShow Information Disclosure Vulnerability (CVE-2017-0042)


    Web Server Miscellaneous
    1004911* - Apache Struts2 Multiple Vulnerabilities
    1008130 - Oracle Application Testing Suite Multiple Security Vulnerabilities
    1008142 - Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Vulnerability (CVE-2016-0491)


    Web Server Oracle
    1007968 - Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization Vulnerability (CVE-2013-2186)


    Integrity Monitoring Rules:

    1008271 - Application - Docker


    Log Inspection Rules:

    1008145 - Web Server - Nginx
    1002835* - Web Server - Web Access Events
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
    1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
    1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
    1008228* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)


    DCERPC Services - Client
    1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client


    Suspicious Client Application Activity
    1005067* - Identified Potentially Harmful Client Traffic


    Suspicious Server Application Activity
    1005090* - Identified Potentially Harmful Server Traffic


    Web Application PHP Based
    1008193 - PHP exif_convert_any_to_int Denial Of Service Vulnerability (CVE-2016-10158)
    1008182* - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)


    Web Client Common
    1008255 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0061)
    1008254 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0063)
    1008252 - Microsoft Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0085)
    1008067* - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2016-7274)
    1008253 - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0084)


    Web Client Internet Explorer/Edge
    1008211* - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0065)
    1008156* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0010)


    Web Server Apache
    1008117 - Apache Subversion mod_authz_svn Module Denial Of Service Vulnerability (CVE-2016-2168)


    Web Server Common
    1008194 - Oracle Java SE Remote Security Vulnerability (CVE-2017-3241)


    Web Server IIS
    1008266 - Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)


    Web Server Miscellaneous
    1008178 - Novell Service Desk clientImportUploadForm Directory Traversal Vulnerability (CVE-2016-1593)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DNS Client
    1008180* - ISC BIND Inconsistent DS Record Assertion Failure Denial Of Service Vulnerability (CVE-2016-9444)
    1008136* - ISC BIND RRSIG Record Response Assertion Failure Denial Of Service (CVE-2016-9147)


    NTP Server Linux
    1007741* - NTP Crypto-NAK Packets Symmetric Association Authentication Bypass Vulnerability (CVE-2015-7871)


    Web Application PHP Based
    1008125* - Joomla Denial Of Service Vulnerability (CVE-2013-3242)
    1008135* - PHP Exif Null Pointer Dereference Vulnerability (CVE-2016-6292)
    1008037* - PHP GC Use After Free Vulnerability (CVE-2016-5771)
    1008144* - PHP Remote Code Execution Vulnerability (CVE-2017-5340)
    1008131* - PHP Unserialize() ZVAL Reference Counter Overflow Vulnerability (CVE-2007-1286)
    1007289* - PHP cURL Lib NULL Byte Injection Vulnerability
    1008182* - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)
    1008148 - WordPress Ninja Forms Unauthenticated File Upload Vulnerability (CVE-2016-1209)
    1003085* - WordPress RSS Feed Generator self_link HTTP_HOST Cross-Site Scripting
    1008186* - phpMyAdmin Authenticated Remote Code Execution Vulnerability (CVE-2013-3238)


    Web Client Common
    1008251 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-07)
    1004335* - Apple QuickTime 'QuickTimeStreaming.qtx' Remote Stack Buffer Overflow
    1008107 - Oracle Java Remote Code Execution Vulnerability (CVE-2016-3598)


    Web Client Internet Explorer/Edge
    1008149* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0008)


    Web Server Adobe ColdFusion
    1008113* - Adobe ColdFusion OOXML XXE Information Disclosure Vulnerability (CVE-2016-4264)


    Web Server HTTPS
    1008137 - Identified TLS/SSL DES Cipher Suite Is Being Supported


    Web Server Miscellaneous
    1008104* - Apache ActiveMQ Multiple Remote Code Execution Vulnerabilities (CVE-2016-3088)
    1008207* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
    1008141* - Jetty Path Sanitization Vulnerability (CVE-2016-4800)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1008224 - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
    1008225 - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
    1008228 - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)


    DCERPC Services - Client
    1008187 - Microsoft Office OLE DLL Loading Vulnerability Over Network Share (CVE-2016-7275)
    1008177 - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2017-0039)


    Microsoft Office
    1008165 - Microsoft Office Information Disclosure Vulnerability (CVE-2017-0027)
    1008245 - Microsoft Office Information Disclosure Vulnerability (CVE-2017-0105)
    1008242 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0006)
    1008163 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0019)
    1008164 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0020)
    1008167 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0030 and CVE-2016-0031)
    1008243 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0052)
    1008244 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0053)


    Web Client Common
    1008121* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-01) - 2
    1008237 - Microsoft Windows COM Elevation Of Privilege Vulnerability (CVE-2017-0100)
    1008170 - Microsoft Windows DLL Loading Vulnerability Over WebDAV (CVE-2017-0039)
    1008176 - Microsoft Windows GDI Elevation Of Privilege Vulnerability (CVE-2017-0047)
    1008238 - Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0060)
    1008239 - Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0062)
    1008240 - Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0073)
    1008241 - Microsoft Windows GDI+ Remote Code Execution Vulnerability (CVE-2017-0108)
    1008169 - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2017-0014)
    1008172 - Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2017-0050)
    1008248 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS17-018)
    1008168 - Microsoft Windows PDF Library Memory Corruption Vulnerability (CVE-2017-0023)
    1008247 - Microsoft Windows Registry Elevation Of Privilege Vulnerability (CVE-2017-0103)
    1008236 - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011)
    1008234 - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011) - 1
    1008235 - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011) - 2
    1008195 - Sun JDK JPG/BMP Parser Multiple Vulnerabilities (CVE-2007-2788)


    Web Client Internet Explorer/Edge
    1008157 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0011)
    1008159 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0017)
    1008211 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0065)
    1008210 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0034)
    1008219 - Microsoft Edge Out Of Bounds Read Vulnerability (CVE-2017-0131)
    1008156 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0010)
    1008158 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0015)
    1008160 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0032)
    1008161 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0035)
    1008213 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0067)
    1008216 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0070)
    1008217 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0071)
    1008218 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0094)
    1008221 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0140)
    1008222 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0141)
    1008220 - Microsoft Edge Scripting Engine Memory Corruption Vulnerabilty (CVE-2017-0133)
    1008212 - Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-0066)
    1008215 - Microsoft Edge Spoofing Vulnerability (CVE-2017-0069)
    1008150 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0009)
    1008152 - Microsoft Internet Explorer And Edge Spoofing Vulnerability (CVE-2017-0033)
    1008249 - Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2017-0154)
    1008149 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0008)
    1008208 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0059)
    1008151 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0018)
    1008154 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0040)
    1008209 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0130)
    1008250 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0149)
    1008155 - Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability (CVE-2017-0049)
    1008174 - Microsoft Windows DirectShow Information Disclosure Vulnerability (CVE-2017-0042)
    1008173 - Microsoft XML Core Service Information Disclosure Vulnerability (CVE-2017-0022)


    Web Server Common
    1005839* - Identified XML External Entity Injection In HTTP Request


    Web Server Miscellaneous
    1008129* - IBM WebSphere Application Server Remote Code Execution Vulnerability (CVE-2016-5983)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Server Miscellaneous
    1008207* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.