Rule Update

19-014 (March 19, 2019)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Port Mapper FTP Client
1009558 - Remote File Copy Over FTP


Suspicious Client Ransomware Activity
1007581* - Ransomware Lectool
1007711* - Ransomware XORBAT


Suspicious Server Ransomware Activity
1007582* - Ransomware Lectool-1


Web Application Common
1009319 - ImageMagick 'ReadMATImage' Use After Free Vulnerability (CVE-2018-11624) - 1
1009421* - ImageMagick Multiple Security Vulnerabilities (Server) - 25
1009328 - ImageMagick ReadMIFFImage Denial Of Service Vulnerability (CVE-2017-18271) - 1


Web Client Common
1009207* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 2
1009239 - Foxit Reader 'addField' Use-After-Free Remote Code Execution Vulnerability (CVE-2018-9935)
1008829* - Foxit Reader Multiple Information Disclosure Vulnerabilities
1009318 - ImageMagick 'ReadMATImage' Use After Free Vulnerability (CVE-2018-11624)
1009329 - ImageMagick ReadMIFFImage Denial Of Service Vulnerability (CVE-2017-18271)
1009489 - Microsoft Windows Vcf And Contact File Insufficient UI Warning Remote Code Execution Vulnerability
1009554* - RARLAB WinRAR ACE Remote Code Execution Vulnerability (CVE-2018-20250)


Web Client Internet Explorer/Edge
1009469* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0568)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.