Rule Update
18-055 (October 2, 2018)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)
1008123* - Microsoft Windows Local Security Authority Subsystem Service Denial Of Service Vulnerability (CVE-2016-7237)
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1007699* - Oracle Job Scheduler Named Pipe Command Execution Vulnerability
1005140* - Print Spooler Service Format String Vulnerability (CVE-2012-1851)
DCERPC Services - Client
1004821* - Active Accessibility Insecure Library Loading Vulnerability (CVE-2011-1247)
1007494* - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability (CVE-2016-1008)
1007695* - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-4140)
1004930* - Adobe Flash Player Remote Security Bypass Vulnerability Over Network Share (CVE-2012-0756)
1004924* - Color Control Panel Insecure Library Loading Vulnerability Over Network Share (CVE-2010-5082)
1004700* - DFS Memory Corruption Vulnerability (CVE-2011-1868)
1005261* - Foxit Reader Arbitrary DLL Injection Code Execution Vulnerability Over Network Share
1004926* - Indeo Codec Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3138)
1004878* - Internet Explorer Insecure Library Loading Vulnerability Over Network Share (CVE-2011-2019)
1004946* - Microsoft Expression Design Insecure Library Loading Vulnerability Over Network Share (CVE-2012-0016)
1007897* - Microsoft Internet Explorer Information Disclosure Vulnerability Over SMB (CVE-2016-3321)
1005080* - Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability Over Network Share (CVE-2012-1854)
1005281* - Microsoft Windows Briefcase Integer Overflow Vulnerability Over Network Share (CVE-2012-1528)
1007369* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
1007531* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128)
1004897* - Object Packager Insecure Executable Launching Vulnerability Over Network Share (CVE-2012-0009)
1004741* - Oracle Java JRE Insecure Executable Loading Vulnerability Over Network Share
1004877* - PowerPoint Insecure Library Loading Vulnerability Over Network Share (CVE-2011-3396)
1005153* - Print Spooler Service Format String Vulnerability (CVE-2012-1851) II
1005139* - Remote Administration Protocol Denial Of Service Vulnerability (CVE-2012-1850)
1005142* - Remote Administration Protocol Stack Overflow Vulnerability
1004775* - Telnet Handler Remote Code Execution Vulnerability Over Network Share (CVE-2011-1961)
1004797* - Windows Components Insecure Library Loading Vulnerability Over Network Share (CVE-2011-1991)
DNS Client
1008203* - DNSMessenger Malware C&C Traffic Over DNS Protocol
1009135* - Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2018-8225)
Directory Server LDAP
1008842 - OpenLDAP 'deref_parseCtrl' Denial Of Service Vulnerability (CVE-2015-1545)
RTMP Client
1006288* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0551)
1005000* - Adobe Flash Player Object Confusion Vulnerability (CVE-2012-0779)
1005456* - Adobe Flash Player Remote Arbitrary Code Execution Vulnerability (CVE-2013-2555)
Remote Desktop Protocol Client
1009031* - Microsoft Windows CredSSP Remote Code Execution Vulnerability (CVE-2018-0886)
Remote Desktop Protocol Server
1006870* - Microsoft Windows Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability (CVE-2015-2373)
1004949* - Remote Desktop Protocol Vulnerability (CVE-2012-0002)
1005138* - Remote Desktop Protocol Vulnerability (CVE-2012-2526)
Suspicious Client Application Activity
1005067* - Identified Potentially Harmful Client Traffic
1005283* - Identified Potentially Malicious RAT Traffic - I
1005299* - Identified Potentially Malicious RAT Traffic - III
1005300* - Identified Potentially Malicious RAT Traffic - IV
1005473* - Identified Potentially Malicious RAT Traffic - V
1008756* - Identified Potentially Malicious RAT Traffic - VII
1005401* - Identified Suspicious HTTP Traffic
1005294* - TMTR-0004: GHOST RAT HTTP Request
Suspicious Server Application Activity
1005090* - Identified Potentially Harmful Server Traffic
Web Application Common
1009312 - Ghostscript Remote Code Execution Vulnerability (CVE-2018-16509) - 1
1009040* - Identified Directory Traversal Sequence In URI
Web Client Common
1009311 - Ghostscript Remote Code Execution Vulnerability (CVE-2018-16509)
Web Server Apache Tika
1009129 - Apache Tika Chmparser Denial Of Service Vulnerability (CVE-2018-1339)
Windows Services RPC Client DCERPC
1007539* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128) - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008670* - Microsoft Windows Security Events - 3
Deep Packet Inspection Rules:
DCERPC Services
1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)
1008123* - Microsoft Windows Local Security Authority Subsystem Service Denial Of Service Vulnerability (CVE-2016-7237)
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1007699* - Oracle Job Scheduler Named Pipe Command Execution Vulnerability
1005140* - Print Spooler Service Format String Vulnerability (CVE-2012-1851)
DCERPC Services - Client
1004821* - Active Accessibility Insecure Library Loading Vulnerability (CVE-2011-1247)
1007494* - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability (CVE-2016-1008)
1007695* - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-4140)
1004930* - Adobe Flash Player Remote Security Bypass Vulnerability Over Network Share (CVE-2012-0756)
1004924* - Color Control Panel Insecure Library Loading Vulnerability Over Network Share (CVE-2010-5082)
1004700* - DFS Memory Corruption Vulnerability (CVE-2011-1868)
1005261* - Foxit Reader Arbitrary DLL Injection Code Execution Vulnerability Over Network Share
1004926* - Indeo Codec Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3138)
1004878* - Internet Explorer Insecure Library Loading Vulnerability Over Network Share (CVE-2011-2019)
1004946* - Microsoft Expression Design Insecure Library Loading Vulnerability Over Network Share (CVE-2012-0016)
1007897* - Microsoft Internet Explorer Information Disclosure Vulnerability Over SMB (CVE-2016-3321)
1005080* - Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability Over Network Share (CVE-2012-1854)
1005281* - Microsoft Windows Briefcase Integer Overflow Vulnerability Over Network Share (CVE-2012-1528)
1007369* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
1007531* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128)
1004897* - Object Packager Insecure Executable Launching Vulnerability Over Network Share (CVE-2012-0009)
1004741* - Oracle Java JRE Insecure Executable Loading Vulnerability Over Network Share
1004877* - PowerPoint Insecure Library Loading Vulnerability Over Network Share (CVE-2011-3396)
1005153* - Print Spooler Service Format String Vulnerability (CVE-2012-1851) II
1005139* - Remote Administration Protocol Denial Of Service Vulnerability (CVE-2012-1850)
1005142* - Remote Administration Protocol Stack Overflow Vulnerability
1004775* - Telnet Handler Remote Code Execution Vulnerability Over Network Share (CVE-2011-1961)
1004797* - Windows Components Insecure Library Loading Vulnerability Over Network Share (CVE-2011-1991)
DNS Client
1008203* - DNSMessenger Malware C&C Traffic Over DNS Protocol
1009135* - Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2018-8225)
Directory Server LDAP
1008842 - OpenLDAP 'deref_parseCtrl' Denial Of Service Vulnerability (CVE-2015-1545)
RTMP Client
1006288* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0551)
1005000* - Adobe Flash Player Object Confusion Vulnerability (CVE-2012-0779)
1005456* - Adobe Flash Player Remote Arbitrary Code Execution Vulnerability (CVE-2013-2555)
Remote Desktop Protocol Client
1009031* - Microsoft Windows CredSSP Remote Code Execution Vulnerability (CVE-2018-0886)
Remote Desktop Protocol Server
1006870* - Microsoft Windows Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability (CVE-2015-2373)
1004949* - Remote Desktop Protocol Vulnerability (CVE-2012-0002)
1005138* - Remote Desktop Protocol Vulnerability (CVE-2012-2526)
Suspicious Client Application Activity
1005067* - Identified Potentially Harmful Client Traffic
1005283* - Identified Potentially Malicious RAT Traffic - I
1005299* - Identified Potentially Malicious RAT Traffic - III
1005300* - Identified Potentially Malicious RAT Traffic - IV
1005473* - Identified Potentially Malicious RAT Traffic - V
1008756* - Identified Potentially Malicious RAT Traffic - VII
1005401* - Identified Suspicious HTTP Traffic
1005294* - TMTR-0004: GHOST RAT HTTP Request
Suspicious Server Application Activity
1005090* - Identified Potentially Harmful Server Traffic
Web Application Common
1009312 - Ghostscript Remote Code Execution Vulnerability (CVE-2018-16509) - 1
1009040* - Identified Directory Traversal Sequence In URI
Web Client Common
1009311 - Ghostscript Remote Code Execution Vulnerability (CVE-2018-16509)
Web Server Apache Tika
1009129 - Apache Tika Chmparser Denial Of Service Vulnerability (CVE-2018-1339)
Windows Services RPC Client DCERPC
1007539* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128) - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008670* - Microsoft Windows Security Events - 3
Featured Stories
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more