ruleUpdate
19-038 (16 de июля de 2019)
Publish Date: 16 de июля de 2019
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008647 - Microsoft Windows Search Information Disclosure Vulnerability (CVE-2017-8544)
1005293* - Prevent Windows Administrator User Login Over SMB (ATT&CK T1077)
DCERPC Services - Client
1009585 - Microsoft Windows Address Book Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3147)
1009581 - Microsoft Windows Internet Connection Signup Wizard Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3144)
1009587 - Microsoft Windows Media Encoder DLL Loading Arbitrary Code Execution Over Network Share (CVE-2010-3965)
DNS Server
1008658 - Dnsmasq Integer Underflow Vulnerability (CVE-2017-14496)
Microsoft Office
1009853 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1110)
1009854 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1111)
Port Mapper FTP Client
1009558* - Remote File Copy Over FTP (ATT&CK T1105)
SSL Client Applications
1001113* - SSL/TLS Client (ATT&CK T1032)
Web Application Common
1009761* - Microsoft Exchange Memory Corruption Vulnerability (CVE-2018-8302)
Web Client Common
1009851 - Microsoft DirectWrite Information Disclosure Vulnerability (CVE-2019-1093)
1009852 - Microsoft DirectWrite Information Disclosure Vulnerability (CVE-2019-1097)
1009855 - Microsoft GDI Remote Code Execution Vulnerability (CVE-2019-1102)
1009590 - Microsoft Windows Address Book Insecure Library Loading Vulnerability Over WebDav (CVE-2010-3147)
1009847 - Microsoft Windows Event Viewer Information Disclosure Vulnerability (CVE-2019-0948)
1009856 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1094)
1009857 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1095)
1009858 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1098)
1009859 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1099)
1009860 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1100)
1009861 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1101)
1009862 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1116)
1009589 - Microsoft Windows Internet Connection Signup Wizard Insecure Library Loading Vulnerability Over WebDav (CVE-2010-3144)
1009592 - Microsoft Windows Media Encoder DLL Loading Arbitrary Code Execution Over WebDav (CVE-2010-3965)
Web Client VNC
1009494* - LibVNC LibVNCClient CoRRE Heap-based Buffer Overflow Vulnerability (CVE-2018-20020)
Web Server Apache
1009609 - Apache Subversion 'mod_dav_svn' Denial Of Service Vulnerability (CVE-2018-11803)
Web Server Oracle
1009471 - Oracle WebLogic Server SAML Authentication Bypass Vulnerability (CVE-2018-2998)
1009830 - Oracle Weblogic Server Remote Code Execution Vulnerability (CVE-2019-2649)
Windows Services RPC Server DCERPC
1009480* - Identified WMI Query Over DCE/RPC Protocol (ATT&CK T1005)
1007054* - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected (ATT&CK T1053)
Integrity Monitoring Rules:
1009745 - Linux - Removable Devices Detected (ATT&CK: T1092)
1002781* - Microsoft Windows - Attributes of a service modified (ATT&CK T1050)
1005645 - Microsoft Windows - AutoRun Registry Entries Modified (ATT&CK: T1013)
1002776* - Microsoft Windows - Startup Programs Modified (ATT&CK T1112)
1002778* - Microsoft Windows - System .dll or .exe files modified (ATT&CK: T1013)
1009618 - PowerShell & CommandLine (ATT&CK: T1086 & T1059)
1006805* - TMTR-0009: Suspicious Files Detected In System Folder
1006804* - TMTR-0010: Suspicious Files Detected In System Folder
1006677* - TMTR-0013: Suspicious Files Detected In Windows Folder
1006684* - TMTR-0015: Suspicious Service Detected
1007216* - TMTR-0021: Suspicious Files Detected In System Drive
1008720* - Users and Groups - Create and Delete Activity (ATT&CK T1136)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1008647 - Microsoft Windows Search Information Disclosure Vulnerability (CVE-2017-8544)
1005293* - Prevent Windows Administrator User Login Over SMB (ATT&CK T1077)
DCERPC Services - Client
1009585 - Microsoft Windows Address Book Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3147)
1009581 - Microsoft Windows Internet Connection Signup Wizard Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3144)
1009587 - Microsoft Windows Media Encoder DLL Loading Arbitrary Code Execution Over Network Share (CVE-2010-3965)
DNS Server
1008658 - Dnsmasq Integer Underflow Vulnerability (CVE-2017-14496)
Microsoft Office
1009853 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1110)
1009854 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1111)
Port Mapper FTP Client
1009558* - Remote File Copy Over FTP (ATT&CK T1105)
SSL Client Applications
1001113* - SSL/TLS Client (ATT&CK T1032)
Web Application Common
1009761* - Microsoft Exchange Memory Corruption Vulnerability (CVE-2018-8302)
Web Client Common
1009851 - Microsoft DirectWrite Information Disclosure Vulnerability (CVE-2019-1093)
1009852 - Microsoft DirectWrite Information Disclosure Vulnerability (CVE-2019-1097)
1009855 - Microsoft GDI Remote Code Execution Vulnerability (CVE-2019-1102)
1009590 - Microsoft Windows Address Book Insecure Library Loading Vulnerability Over WebDav (CVE-2010-3147)
1009847 - Microsoft Windows Event Viewer Information Disclosure Vulnerability (CVE-2019-0948)
1009856 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1094)
1009857 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1095)
1009858 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1098)
1009859 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1099)
1009860 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1100)
1009861 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1101)
1009862 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1116)
1009589 - Microsoft Windows Internet Connection Signup Wizard Insecure Library Loading Vulnerability Over WebDav (CVE-2010-3144)
1009592 - Microsoft Windows Media Encoder DLL Loading Arbitrary Code Execution Over WebDav (CVE-2010-3965)
Web Client VNC
1009494* - LibVNC LibVNCClient CoRRE Heap-based Buffer Overflow Vulnerability (CVE-2018-20020)
Web Server Apache
1009609 - Apache Subversion 'mod_dav_svn' Denial Of Service Vulnerability (CVE-2018-11803)
Web Server Oracle
1009471 - Oracle WebLogic Server SAML Authentication Bypass Vulnerability (CVE-2018-2998)
1009830 - Oracle Weblogic Server Remote Code Execution Vulnerability (CVE-2019-2649)
Windows Services RPC Server DCERPC
1009480* - Identified WMI Query Over DCE/RPC Protocol (ATT&CK T1005)
1007054* - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected (ATT&CK T1053)
Integrity Monitoring Rules:
1009745 - Linux - Removable Devices Detected (ATT&CK: T1092)
1002781* - Microsoft Windows - Attributes of a service modified (ATT&CK T1050)
1005645 - Microsoft Windows - AutoRun Registry Entries Modified (ATT&CK: T1013)
1002776* - Microsoft Windows - Startup Programs Modified (ATT&CK T1112)
1002778* - Microsoft Windows - System .dll or .exe files modified (ATT&CK: T1013)
1009618 - PowerShell & CommandLine (ATT&CK: T1086 & T1059)
1006805* - TMTR-0009: Suspicious Files Detected In System Folder
1006804* - TMTR-0010: Suspicious Files Detected In System Folder
1006677* - TMTR-0013: Suspicious Files Detected In Windows Folder
1006684* - TMTR-0015: Suspicious Service Detected
1007216* - TMTR-0021: Suspicious Files Detected In System Drive
1008720* - Users and Groups - Create and Delete Activity (ATT&CK T1136)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.