Summary
Digital Vaccine #9115 June 12, 2018
Details
| Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
| System Requirements |
| The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
| Microsoft Security Bulletins This DV includes coverage for the Microsoft vulnerabilities released on or before June 12, 2018. The following table maps TippingPoint filters to the Microsoft CVEs. | ||
| CVE # | TippingPoint Filter # | Status |
| CVE-2018-0871 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-0978 | 32124 | |
| CVE-2018-0982 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-1036 | 32162 | |
| CVE-2018-1040 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8110 | 32026 | |
| CVE-2018-8111 | 32027 | |
| CVE-2018-8113 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8121 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8140 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8169 | 32164 | |
| CVE-2018-8175 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8201 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8205 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8207 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8208 | 32126 | |
| CVE-2018-8209 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8210 | 32028 | |
| CVE-2018-8211 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8212 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8213 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8214 | 32127 | |
| CVE-2018-8215 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8216 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8217 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8218 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8219 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8221 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8224 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8225 | 32029 | |
| CVE-2018-8226 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8227 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8229 | 32030 | |
| CVE-2018-8231 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8233 | 32034 | |
| CVE-2018-8234 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8235 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8236 | 32054 | |
| CVE-2018-8239 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8243 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8244 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8245 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8246 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8247 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8248 | 32032 | |
| CVE-2018-8249 | 32038 | |
| CVE-2018-8251 | 32068 | |
| CVE-2018-8252 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8254 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2018-8267 | 32065 | |
| Filters marked with * shipped prior to this DV, providing zero-day protection. | ||
| The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9115.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9115.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters
Modified Filters (logic changes)
Modified Filters (metadata changes only)
Removed Filters
Filters
----------------
New Filters:
31612: HTTP: eSignal Buffer Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in eSignal.
- Deployment: Not enabled by default in any deployment.
- References:
- Bugtraq ID: 9978
- Common Vulnerabilities and Exposures: CVE-2004-1868 CVSS 7.5
31852: TLS: OpenSSL ChangeCipherSpec Security Bypass Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a security bypass vulnerability in OpenSSL.
- Deployment: Not enabled by default in any deployment.
- References:
- Bugtraq ID: 67899
- Common Vulnerabilities and Exposures: CVE-2014-0224 CVSS 6.8
31953: HTTP: Microsoft Windows VBScript Join Function Memory Corruption Vulnerability (ZDI-18-297)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-0981
- Zero Day Initiative: ZDI-18-297
31955: HTTP: Microsoft Windows Font Memory Corruption Vulnerability (ZDI-18-293)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-1008
- Zero Day Initiative: ZDI-18-293
31965: HTTP: OMRON CX-Supervisor SCS File Parsing Buffer Overflow Vulnerability (ZDI-18-261)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in OMRON CX-Supervisor.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Bugtraq ID: 103394
- Common Vulnerabilities and Exposures: CVE-2018-7519
- Zero Day Initiative: ZDI-18-261
31967: HTTP: Foxit Reader resolveNode Use-After-Free Vulnerability (ZDI-18-339)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.1.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Foxit Reader.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-9955
- Zero Day Initiative: ZDI-18-339
31968: HTTP: WebGL Object Instantiation
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects the instantiation of WebGL objects within an HTTP stream.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2018-4130
- Zero Day Initiative: ZDI-18-273
31969: HTTP: Foxit Reader boundItem Use-After-Free Vulnerability (ZDI-18-353)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.1.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Foxit Reader.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-9969
- Zero Day Initiative: ZDI-18-353
31970: HTTP: Microsoft Windows JScript defineProperty Use-After-Free Vulnerability (ZDI-18-298)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-0987
- Zero Day Initiative: ZDI-18-298
32026: HTTP: Microsoft Edge Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8110
32027: HTTP: Microsoft Edge Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8111
32028: HTTP: Microsoft Windows wimgapi.dll Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability within Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8210
32029: DNS: Microsoft Windows DNS Cache Service Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8225
32030: HTTP: Microsoft Edge Chakra Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8229
32032: HTTP: Microsoft Excel Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Excel.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8248
32034: HTTP: Microsoft Windows win32kfull Privilege Escalation Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8233
32038: HTTP: Internet Explorer Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8249
32043: HTTP: Nagios XI helpedit.php SQL Injection Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in Nagios XI.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8734
32052: HTTP: IBM QRadar SIEM Authentication Bypass Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit an authentication bypass vulnerability in IBM QRadar SIEM.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-1418
32053: HTTPS: IBM QRadar SIEM Authentication Bypass Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit an authentication bypass vulnerability in IBM QRadar SIEM.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-1418
32054: HTTP: Microsoft Edge Worker User-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8236
32062: HTTP: IBM QRadar SIEM setSecurityTokens Detection
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description:
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-1418
32063: HTTP: Atlassian OAuth Plugin Usage
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects the usage of the Atlassian OAuth Plugin.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2017-9506
32065: HTTP: Scripting Engine Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Internet Explorer Jscript scripting engine.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8267
32066: DNS: MinerGate DNS Request
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects DNS requests to MinerGate service.
- Deployment: Not enabled by default in any deployment.
32067: TLS: MinerGate Certificate Exchange Detected
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects SSL/TLS certificate exchange with the MinerGate server.
- Deployment: Not enabled by default in any deployment.
32068: HTTP: Microsoft Edge Media Foundation Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8251
32070: HTTP: MinerGate Google-Analytics Request Detected
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter attempts to detect a Google-Analytics request made by MinerGate miner client.
- Deployment: Not enabled by default in any deployment.
32123: HTTP: Microsoft Windows HIDPARSE.sys Privilege Escalation Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8169
32124: HTTP: Internet Explorer Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-0978
32125: HTTP: Microsoft Windows Access Control Privilege Escalation Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-1036
32126: HTTP: Windows Desktop Bridge Privilege Escalation Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Windows Desktop Bridge.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8208
32127: HTTP: Windows Desktop Bridge Privilege Escalation Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Windows Desktop Bridge.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8214
32129: TCP: XMR-Stak Agent - Login Activity Detected
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects XMR-Stak agent pool login request.
- Deployment: Not enabled by default in any deployment.
32130: TCP: XMR-Stak Agent - Mining Activity Detected
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Low
- Description: This filter detects XMR-Stak agent realtime mining requests.
- Deployment: Not enabled by default in any deployment.
32162: HTTP: Microsoft NTFS Privilege Escalation Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft NTFS.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-1036
32164: HTTP: Microsoft Windows HIDParser Privilege Escalation Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-8169
Modified Filters (logic changes):
* = Enabled in Default deployments
9761: HTTP: Opera Content-Length Integer Overflow Vulnerability
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category changed from "Vulnerabilities" to "Exploits".
- Severity changed from "Critical" to "Moderate".
- Detection logic updated.
11810: Oracle: Multiple SQL Function Injection Vulnerabilities
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Vulnerability references updated.
16270: TLS: OpenSSL ChangeCipherSpec Request
- IPS Version: 3.2.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
29600: HTTP: Microsoft .NET SOAP Command Injection Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 29809: TFTP: NetGain Systems Enterprise Manager TFtpServer Filename Directory Traversal (ZDI-17-962)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 30275: HTTP: Microsoft Edge CSS Information Disclosure Vulnerability (ZDI-18-162, ZDI-18-249)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "30275: HTTP: Microsoft Edge CSS Information Disclosure Vulnerability (ZDI-18-162)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
31623: HTTP: Microsoft Teams URL Command Injection Vulnerability (ZDI-18-426, ZDI-18-308)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "31623: HTTP: Microsoft Teams URL Command Injection Vulnerability (ZDI-18-426)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 31841: SMB: Samba Printer Server spoolss Denial-of-Service Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Severity changed from "Moderate" to "High".
- Detection logic updated.
31851: DHCP: Red Hat Fedora DHCP Client NetworkManager Input Validation Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Vulnerability references updated.
Modified Filters (metadata changes only):
* = Enabled in Default deployments
11548: ICMP: Microsoft Windows Denial of Service Vulnerability
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Vulnerability references updated.
11549: ICMP: Microsoft Windows Denial of Service Vulnerability
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Vulnerability references updated.
11550: ICMP: Microsoft Windows Denial of Service Vulnerability
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Vulnerability references updated.
29988: HTTP: OMRON CX-Supervisor SCS File Parsing Use-After-Free Vulnerability (ZDI-18-258)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "29988: ZDI-CAN-5307: Zero Day Initiative Vulnerability (OMRON CX-Supervisor)".
- Description updated.
- Vulnerability references updated.
29989: HTTP: OMRON CX-Supervisor SCS File Parsing Use-After-Free Vulnerability (ZDI-18-259)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "29989: ZDI-CAN-5308: Zero Day Initiative Vulnerability (OMRON CX-Supervisor)".
- Description updated.
- Vulnerability references updated.
* 30330: HTTP: Internet Explorer VML textpath Out-of-Bounds Read Vulnerability (ZDI-18-241)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "30330: ZDI-CAN-5369: Zero Day Initiative Vulnerability (Microsoft Internet Explorer)".
- Description updated.
- Vulnerability references updated.
Removed Filters: None
Top of the Page
