17-031 (July 4, 2017)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

BIND RNDC
1008321 - ISC BIND Remote Denial Of Service Vulnerability (CVE-2017-3138)


DCERPC Services
1008179* - Restrict File Extensions For Rename Activity Over Network Share
1003712* - Windows Vista SMB2.0 Negotiate Protocol Request Remote Code Execution


Instant Messenger Applications
1002466* - ICQ


Suspicious Client Ransomware Activity
1007602* - Ransomware Locky


Unix RPC Services
1008433 - Solaris Calendar Manager Service Daemon (rpc.cmsd) Remote Code Execution Vulnerability


Web Application Common
1008427* - ImageMagick Denial Of Service Vulnerability (CVE-2017-8346) - 1


Web Client Common
1008398 - Adobe Reader DC JPEG2000 Parsing Out Of Bounds Read Information Disclosure Vulnerability (CVE-2016-7854)
1008393 - Foxit Reader ConvertToPDF BMP Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
1008394 - Foxit Reader ConvertToPDF BMP Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
1008404 - Foxit Reader ConvertToPDF GIF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
1008429 - Foxit Reader JBig2 Parser Information Disclosure Vulnerability (CVE-2016-8334)
1008461* - Microsoft Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0285)
1008285* - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)
1008295* - Restrict Microsoft Word RTF File With Embedded OLE2link Object


Windows Services RPC Client DCERPC
1008477 - Identified Usage Of WMI Execute Methods - Client


Integrity Monitoring Rules:

1005195* - Microsoft Windows - Log File Attributes Changes Detected
1005193* - Unix - Log File Attributes Changes Detected


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.