All Vulnerabilities
- * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Server
1008332* - Microsoft DNS Server Denial Of Service Vulnerability (CVE-2017-0171)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008327* - Identified Server Suspicious SMB Session
1008305* - Microsoft Windows SMBv1 Remote Code Execution Vulnerability
DNS Server
1008332 - Microsoft DNS Server Denial Of Service Vulnerability (CVE-2017-0171)
Intel AMT
1008369 - Intel Active Management Technology Escalation Of Privilege (CVE-2017-5689)
Suspicious Client Ransomware Activity
1007601* - Ransomware TCP Request
Unix SSH
1008313 - Identified Many SSH Client Key Exchange Requests
Web Application PHP Based
1008368 - Identified Suspicious Host Header In WordPress Reset Password Request
1008140* - WordPress REST API Unauthenticated Content Injection Vulnerability
Web Application Tomcat
1005972* - Apache Tomcat Denial Of Service Vulnerability (CVE-2013-4322)
Web Client Common
1008262 - ImageMagick IsPixelGray Buffer Overflow Vulnerability (CVE-2016-9773) - 1
1008370 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability (CVE-2017-0290)
1008319 - Microsoft Windows Information Disclosure Vulnerability (CVE-2017-0058)
1008341 - Microsoft Windows Multiple Security Vulnerabilities (May-2017)
1008106 - Oracle Java MethodHandle Remote Code Execution Vulnerability (CVE-2016-3587)
Web Client Internet Explorer/Edge
1008333 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0221)
1008334 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0227)
1008339 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0240)
1008331 - Microsoft Edge Remote Code Execution Vulnerability (CVE-2017-0266)
1008336 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0234)
1008337 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0236)
1008335 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0228)
1008338 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0238)
1008367 - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2017-0064)
Web Server Apache
1008134 - Apache Struts Double OGNL Evaluation Remote Code Execution Vulnerability (CVE-2016-0785)
1003536* - Apache mod_dav svn Remote Denial Of Service
Web Server IIS
1006154* - IIS MX_STATS_LogLine NSIISlog.DLL Buffer Overflow Vulnerability
1008266* - Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)
Web Server Oracle
1008317 - Oracle WebLogic JBoss Interceptors Deserialization Of Untrusted Data Vulnerability (CVE-2016-3510)
1008094 - Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2016-5535)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008327 - Identified Server Suspicious SMB Session
1008306* - Microsoft Windows SMB Remote Code Execution Vulnerability (MS17-010)
DCERPC Services - Client
1008328 - Identified Client Suspicious SMB Session
DNS Server
1008188* - PowerDNS Authoritative Server Dot Character Denial Of Service Vulnerability (CVE-2016-5427)
Directory Server LDAP
1008278* - Microsoft LDAP Elevation Of Privilege Vulnerability (CVE-2017-0166)
HP Intelligent Management Center (IMC)
1008299 - HP Intelligent Management Center 'accessMgrServlet' Insecure Deserialization Vulnerability
HP OpenView
1008256* - HP Data Protector EXEC_SETUP Remote Code Execution Vulnerability (CVE-2011-0922)
Web Application Common
1008205* - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049)
1008190* - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677)
Web Application PHP Based
1008143* - Joomla Media Manager Privilege Escalation Vulnerability (CVE-2013-5576)
1008322 - SquirrelMail Remote Code Execution Vulnerability (CVE-2017-7692)
1008146* - WordPress UserPro Plugin Remote File Upload Vulnerability
Web Application Ruby Based
1008181* - Ruby On Rails Action Pack Remote Code Execution Vulnerability (CVE-2016-2098)
Web Client Common
1007965* - Adobe Acrobat And Reader FlateDecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (APSB16-26) - 1
1008298 - Adobe Reader DC XObject stream Use After Free Remote Code Execution Vulnerability (CVE-2016-6938)
1008274* - Microsoft Windows Multiple Security Vulnerabilities (April-2017)
Web Client Internet Explorer/Edge
1008162 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0046)
Web Server Miscellaneous
1008130* - Oracle Application Testing Suite Multiple Security Vulnerabilities
1008142* - Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Vulnerability (CVE-2016-0491)
Web Server Oracle
1007968* - Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization Vulnerability (CVE-2013-2186)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Mail Server Lotus Domino
1008310 - IBM Lotus Domino Server Examine Command Stack Buffer Overflow Vulnerability
Mail Server Sendmail
1000368* - Sendmail SMTP Header And Command Buffer Overflow
Port Mapper Service Common
1008315 - Sun Solaris RPC Service PortMapper Decoder
Sun Solaris RPC Services
1008314 - Oracle Solaris Remote Code Execution Vulnerability (CVE-2017-3623)
Web Application Common
1008318 - CPanel Cgiemail And Cgiecho Format String Vulnerability (CVE-2017-5613)
Web Client Common
1008309* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 3
Web Media Applications
1002451* - YouTube
Web Server IIS
1008312 - Microsoft IIS WebDAV Remote Code Execution Vulnerability
Integrity Monitoring Rules:
1008257 - Microsoft Windows - USB Storage Device Detected
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1000735* - Microsoft Windows Server Service Remote Code Execution
DCERPC Services - Client
1008300 - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability Over Network Share (CVE-2017-3013)
Web Application Common
1006256* - GNU Bash Remote Code Execution Vulnerability
1008261 - ImageMagick IsPixelGray Buffer Overflow Vulnerability (CVE-2016-9773)
Web Client Common
1008308 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 1
1008304 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 2
1008309 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-11) - 3
1008301 - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability Over WebDAV (CVE-2017-3013)
1008302 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-10)
1008297* - Identified Suspicious RTF File With Obfuscated PowerShell Execution
1008269 - Microsoft Windows NDISAPI Driver Elevation Of Privilege Vulnerability (CVE-2011-1974)
1008234* - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011) - 1
1008285* - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)
1008295* - Restrict Microsoft Word RTF File With Embedded OLE2link Object
Web Client Internet Explorer/Edge
1008212* - Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-0066)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008227* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0147)
1008306 - Microsoft Windows SMB Remote Code Execution Vulnerability (MS17-010)
1008305 - Microsoft Windows SMBv1 Remote Code Execution Vulnerability
1004401* - Print Spooler Service Impersonation Vulnerability
Remote Desktop Protocol Server
1008307 - Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability
Web Application PHP Based
1008193* - PHP exif_convert_any_to_int Denial Of Service Vulnerability (CVE-2016-10158)
1008148* - WordPress Ninja Forms Unauthenticated File Upload Vulnerability (CVE-2016-1209)
Web Media Applications
1002451* - YouTube
Web Server Apache
1008117* - Apache Subversion mod_authz_svn Module Denial Of Service Vulnerability (CVE-2016-2168)
Web Server Common
1008194* - Oracle Java SE Remote Security Vulnerability (CVE-2017-3241)
Web Server Miscellaneous
1008178* - Novell Service Desk clientImportUploadForm Directory Traversal Vulnerability (CVE-2016-1593)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1008284 - Microsoft Office DLL Loading Vulnerability Over Network Share (CVE-2017-0197)
1008201 - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2016-0100)
DNS Server
1008188 - PowerDNS Authoritative Server Dot Character Denial Of Service Vulnerability (CVE-2016-5427)
Directory Server LDAP
1008278 - Microsoft LDAP Elevation Of Privilege Vulnerability (CVE-2017-0166)
FTP Server ProFTPD
1006743* - ProFTPD Remote Command Execution Vulnerability (CVE-2015-3306)
HP OpenView
1008256 - HP Data Protector EXEC_SETUP Remote Code Execution Vulnerability (CVE-2011-0922)
Microsoft Office
1004311* - Identified Suspicious Microsoft PowerPoint Document
Suspicious Client Ransomware Activity
1007705* - Ransomware Network Traffic - 2
1007706* - Ransomware Network Traffic - 3
Web Application Common
1008205 - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049)
1008190 - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677)
Web Application PHP Based
1008143 - Joomla Media Manager Privilege Escalation Vulnerability (CVE-2013-5576)
1008146 - WordPress UserPro Plugin Remote File Upload Vulnerability
Web Application Ruby Based
1008181 - Ruby On Rails Action Pack Remote Code Execution Vulnerability (CVE-2016-2098)
Web Client Common
1004593* - Heuristic Detection Of Malicious PDF Documents - 2
1008297 - Identified Suspicious RTF File With Obfuscated Powershell Execution
1008206 - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049) - 1
1008189 - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677) - 1
1008292 - Microsoft Office DLL Loading Vulnerability Over WebDAV (CVE-2017-0197)
1008283 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0194)
1008282 - Microsoft Windows ATMFD.dll Information Disclosure Vulnerability (CVE-2017-0192)
1008202 - Microsoft Windows DLL Loading Vulnerability Over WebDAV (CVE-2016-0100)
1008238* - Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0060)
1008241* - Microsoft Windows GDI+ Remote Code Execution Vulnerability (CVE-2017-0108)
1008169* - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2017-0014)
1008274 - Microsoft Windows Multiple Security Vulnerabilities (April-2017)
1008168* - Microsoft Windows PDF Library Memory Corruption Vulnerability (CVE-2017-0023)
1008247* - Microsoft Windows Registry Elevation Of Privilege Vulnerability (CVE-2017-0103)
1008235* - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011) - 2
1008285 - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)
1008175 - Oracle Java Runtime Environment Use After Free Remote Code Execution Vulnerability (CVE-2016-5568)
1008295 - Restrict Microsoft Word RTF File With Embedded OLE2link Object
Web Client Internet Explorer/Edge
1007662* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3222)
1008286 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0200)
1008290 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0205)
1008291 - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2017-0208)
1008217* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0071)
1008218* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0094)
1008153* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0037)
1008152* - Microsoft Internet Explorer And Edge Spoofing Vulnerability (CVE-2017-0033)
1008294 - Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2017-0210)
1008208* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0059)
1008288 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0202)
1008275 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0158)
1008287 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0201)
1008174* - Microsoft Windows DirectShow Information Disclosure Vulnerability (CVE-2017-0042)
Web Server Miscellaneous
1004911* - Apache Struts2 Multiple Vulnerabilities
1008130 - Oracle Application Testing Suite Multiple Security Vulnerabilities
1008142 - Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Vulnerability (CVE-2016-0491)
Web Server Oracle
1007968 - Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization Vulnerability (CVE-2013-2186)
Integrity Monitoring Rules:
1008271 - Application - Docker
Log Inspection Rules:
1008145 - Web Server - Nginx
1002835* - Web Server - Web Access Events - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008228* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)
DCERPC Services - Client
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
Suspicious Client Application Activity
1005067* - Identified Potentially Harmful Client Traffic
Suspicious Server Application Activity
1005090* - Identified Potentially Harmful Server Traffic
Web Application PHP Based
1008193 - PHP exif_convert_any_to_int Denial Of Service Vulnerability (CVE-2016-10158)
1008182* - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)
Web Client Common
1008255 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0061)
1008254 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0063)
1008252 - Microsoft Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0085)
1008067* - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2016-7274)
1008253 - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0084)
Web Client Internet Explorer/Edge
1008211* - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0065)
1008156* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0010)
Web Server Apache
1008117 - Apache Subversion mod_authz_svn Module Denial Of Service Vulnerability (CVE-2016-2168)
Web Server Common
1008194 - Oracle Java SE Remote Security Vulnerability (CVE-2017-3241)
Web Server IIS
1008266 - Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)
Web Server Miscellaneous
1008178 - Novell Service Desk clientImportUploadForm Directory Traversal Vulnerability (CVE-2016-1593)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Client
1008180* - ISC BIND Inconsistent DS Record Assertion Failure Denial Of Service Vulnerability (CVE-2016-9444)
1008136* - ISC BIND RRSIG Record Response Assertion Failure Denial Of Service (CVE-2016-9147)
NTP Server Linux
1007741* - NTP Crypto-NAK Packets Symmetric Association Authentication Bypass Vulnerability (CVE-2015-7871)
Web Application PHP Based
1008125* - Joomla Denial Of Service Vulnerability (CVE-2013-3242)
1008135* - PHP Exif Null Pointer Dereference Vulnerability (CVE-2016-6292)
1008037* - PHP GC Use After Free Vulnerability (CVE-2016-5771)
1008144* - PHP Remote Code Execution Vulnerability (CVE-2017-5340)
1008131* - PHP Unserialize() ZVAL Reference Counter Overflow Vulnerability (CVE-2007-1286)
1007289* - PHP cURL Lib NULL Byte Injection Vulnerability
1008182* - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)
1008148 - WordPress Ninja Forms Unauthenticated File Upload Vulnerability (CVE-2016-1209)
1003085* - WordPress RSS Feed Generator self_link HTTP_HOST Cross-Site Scripting
1008186* - phpMyAdmin Authenticated Remote Code Execution Vulnerability (CVE-2013-3238)
Web Client Common
1008251 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-07)
1004335* - Apple QuickTime 'QuickTimeStreaming.qtx' Remote Stack Buffer Overflow
1008107 - Oracle Java Remote Code Execution Vulnerability (CVE-2016-3598)
Web Client Internet Explorer/Edge
1008149* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0008)
Web Server Adobe ColdFusion
1008113* - Adobe ColdFusion OOXML XXE Information Disclosure Vulnerability (CVE-2016-4264)
Web Server HTTPS
1008137 - Identified TLS/SSL DES Cipher Suite Is Being Supported
Web Server Miscellaneous
1008104* - Apache ActiveMQ Multiple Remote Code Execution Vulnerabilities (CVE-2016-3088)
1008207* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
1008141* - Jetty Path Sanitization Vulnerability (CVE-2016-4800)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0090)
Severity: :Publish Date:  15 de марта de 2017A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited these vulnerabilities could obtain information to further compromise the user's system.