Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9279

    • Updated:
    • 14 May 2019
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9279      May 14, 2019
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems.
The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance.
Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before May 14, 2019.
The following table maps TippingPoint filters to the Microsoft CVEs.
CVE #TippingPoint Filter #Status
CVE-2019-0707 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0708 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0725 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0727 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0733 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0734 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0758*34222 
CVE-2019-0819 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0820 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-086335102 
CVE-2019-0864 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0872 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0881 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0882*34217 
CVE-2019-088435104 
CVE-2019-0885*34761 
CVE-2019-0886 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0889 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-089035131 
CVE-2019-0891*35045 
CVE-2019-0892 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0893 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0894*35049 
CVE-2019-0895*34677 
CVE-2019-0896*35050 
CVE-2019-0897*34678 
CVE-2019-0898 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0899 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0900 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0901 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0902*35044 
CVE-2019-0903*34221 
CVE-2019-091135107 
CVE-2019-0912 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0913 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0914 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0915 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0916 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0917 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-091835108 
CVE-2019-0921 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0922 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0923 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0924 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0925 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-092635109 
CVE-2019-0927 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0929 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-093035110 
CVE-2019-0931 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0932 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0933 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0936 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0937*34875 
CVE-2019-093835112 
CVE-2019-0940*34877 
CVE-2019-0942 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0945 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0946 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0947 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0949 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0950 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0951 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0952 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0953 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0956 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0957 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0958 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-096135142 
CVE-2019-0963 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0971 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0976 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0979 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0980 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0981 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0982 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-0995 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1000 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2019-1008 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9279.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9279.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 26
 Modified Filters (logic changes) - 22
 Modified Filters (metadata changes only) - 5
 Removed Filters - 1

Filters
----------------
 New Filters:
    35094: HTTP: SQL Injection (JSON)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the presence of suspicious SQL in a JSON data structure.
      - Deployment: Not enabled by default in any deployment.

    35096: HTTP: JavaScript Obfuscation
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an attempt to encode JavaScript.
      - Deployments:
        - Deployment: Performance-Optimized (Block / Notify)

    35102: HTTP: Microsoft Windows WER Service Privilege Escalation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows WER Service.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0863

    35104: HTTP: Microsoft Internet Explorer Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0884

    35107: HTTP: Microsoft Edge Chakra JIT Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0911

    35108: HTTP: Microsoft Internet Explorer RegExp Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0918

    35109: HTTP: Microsoft Edge videoTracks Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0926

    35110: HTTP: Microsoft Internet Explorer join Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0930

    35112: HTTP: Microsoft Edge PostMessage Privilege Escalation Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0938

    35120: HTTP: JavaScript Obfuscation (jfogs) 
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an attempt to encode JavaScript using jfogs.
      - Deployments:
        - Deployment: Performance-Optimized (Block / Notify)

    35121: ZDI-CAN-8120: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    35131: HTTP: Microsoft Windows JET Database Engine Integer Underflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an integer underflow vulnerability in Microsoft JET Database Engine.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0890

    35132: ZDI-CAN-8212: Zero Day Initiative Vulnerability (Belkin Surf)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Belkin Surf.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35133: ZDI-CAN-8213: Zero Day Initiative Vulnerability (Belkin Surf)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Belkin Surf.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35135: HTTP: Cisco RV110W/RV130W/RV215W Routers Management Interface Command Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command execution vulnerability in Cisco RV110W, RV130W, and RV215W routers.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 107185
        - Common Vulnerabilities and Exposures: CVE-2019-1663 CVSS 10.0

    35136: HTTP: lighttpd url-path-2f-decode Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in lighttpd.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 107907
        - Common Vulnerabilities and Exposures: CVE-2019-11072 CVSS 7.5

    35137: HTTP: WordPress Social Warfare Plugin Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an attempt to use of the Social Warfare Plugin.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-9978

    35138: RFB: UltraVNC VNC Server Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in the UltraVNC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-8276 CVSS 5.0

    35141: DHCPv6: dhcpcd DHCPv6 dhcp6_findna Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in dhcpcd.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 108090
        - Common Vulnerabilities and Exposures: CVE-2019-11577 CVSS 7.5

    35142: HTTP: Microsoft Windows gdiplus EMF Parsing Out-Of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-0961

    35145: HTTP: Oracle WebLogic Server FileDistributionServlet Deprecated Functionality Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects usage of a deprecated functionality in Oracle WebLogic's FileDistributionServlet.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-2615 CVSS 4.0

    35146: ZDI-CAN-7911: Zero Day Initiative Vulnerability (Advantech WebAccess)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech WebAccess.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35147: ZDI-CAN-7921: Zero Day Initiative Vulnerability (Schneider Electric FRENIC Loader)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Schneider Electric FRENIC Loader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)

    35148: ZDI-CAN-7949: Zero Day Initiative Vulnerability (Microsoft Office Word)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office Word.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)

    35155: HTTP: Oracle WebLogic Server FileDistributionServlet Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Oracle WebLogic Server.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-2615 CVSS 4.0

    35157: HTTP: Google Chrome V8 Array IndexOf Type Confusion Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Google Chrome.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 96767
        - Common Vulnerabilities and Exposures: CVE-2017-5040 CVSS 4.3

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    2274: HTTP: ../ Directory Traversal Beyond WebRoot (level 2)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    3388: HTTP: Credit Card Data Posted to Phishing Web Site
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    3389: HTTP: Credit Card Data Posted to Phishing Web Site
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    5056: HTTP: Cross Site Scripting (JavaScript in HTTP request)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "5056: HTTP: Cross Site Scripting (Javascript in HTTP request)".
      - Description updated.
      - Detection logic updated.

    33466: HTTP: VBScript chr() and Clng() Suspicious Functions Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    33865: RPC: Advantech WebAccess Client bwswfcfg Buffer Overflow Vulnerability (ZDI-18-1330)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    33882: HTTP: Malwarebytes Anti-Malware URI Handler Command Execution Vulnerability (ZDI-19-223)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33882: ZDI-CAN-7162: Zero Day Initiative Vulnerability (Malwarebytes Anti-Malware)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34217: HTTP: Microsoft Office PowerPoint gdiplus ConvertToEmfPlus Out-of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34217: ZDI-CAN-7670: Zero Day Initiative Vulnerability (Microsoft Office PowerPoint)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 34221: HTTP: Microsoft Windows Subsetting Library Integer Underflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34221: ZDI-CAN-7788,7793: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 34222: HTTP: Microsoft Windows Font Parser Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34222: ZDI-CAN-7789: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34564: RPC: Advantech WebAccess Node spchapi tv_enua Buffer Overflow Vulnerability (ZDI-19-229, ZDI-19-230)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34564: ZDI-CAN-7878,7879: Zero Day Initiative Vulnerability (Advantech WebAccess Node)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34677: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34677: ZDI-CAN-7869: Zero Day Initiative Vulnerability (Microsoft JET Database)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34678: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34678: ZDI-CAN-7932: Zero Day Initiative Vulnerability (Microsoft JET Database)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34761: HTTP: Microsoft Windows Integer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34761: ZDI-CAN-7969: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Deployments updated and are now:
        - Deployment: Security-Optimized (Block / Notify)

    34783: SMB: Microsoft Windows PowerShell Script File Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34783: ZDI-CAN-8005: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34784: HTTP: Microsoft Windows PowerShell Script File Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34784: ZDI-CAN-8005: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 34875: HTTP: Microsoft Edge Memory Corruption Vulnerability (Pwn2Own)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34875: PWN2OWN ZDI-CAN-8370: Zero Day Initiative Vulnerability (Microsoft Edge)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    34877: HTTP: Microsoft Edge CCanvasRenderingProcessor2D Double-Free Vulnerability (Pwn2Own)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34877: PWN2OWN ZDI-CAN-8376: Zero Day Initiative Vulnerability (Microsoft Edge)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35044: HTTP: Microsoft JET Database Engine Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35044: ZDI-CAN-7833: Zero Day Initiative Vulnerability (Microsoft JET Database)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35045: HTTP: Microsoft Windows JET Database Engine Out-Of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35045: ZDI-CAN-7839: Zero Day Initiative Vulnerability (Microsoft JET Database)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35049: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35049: ZDI-CAN-7866: Zero Day Initiative Vulnerability (Microsoft JET Database)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    35050: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35050: ZDI-CAN-7867: Zero Day Initiative Vulnerability (Microsoft JET Database)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 6545: MS-RPC: Microsoft Server Service Buffer Overflow
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.

    29657: RPC: Advantech WebAccess Malicious IOCTL(ZDI-17-938-940,ZDI-18-009-025,18-029-054,18-058-063,18-483)
      - IPS Version: 3.2.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.

    * 34945: HTTP: Microsoft Windows Win32K Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Deployments updated and are now:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)

    * 34951: HTTP: Microsoft Windows GDI Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Deployments updated and are now:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)

    * 35079: HTTP: Microsoft Office Word Security Feature Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Deployments updated and are now:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)

  Removed Filters:

    31948: SMB: Microsoft Windows SMB Client Improper Initialization Denial-of-Service (ZDI-18-166)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      

Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000132297
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.