* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2017-03-14-002
Previous SRU number: 2017-03-09-002
Applies to:
This SEU number: 1629
Previous SEU: 1627
Applies to:
This is the complete list of rules modified in SRU 2017-03-14-002 and SEU 1629.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 33469 | FILE-FLASH | Adobe Flash Player PCRE regex compilation memory corruption attempt | off | drop | drop |
| 1 | 33470 | FILE-FLASH | Adobe Flash Player PCRE regex compilation memory corruption attempt | off | drop | drop |
| 1 | 40364 | BROWSER-IE | Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt | off | off | drop |
| 1 | 40365 | BROWSER-IE | Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt | off | off | drop |
| 1 | 40394 | OS-WINDOWS | Microsoft Windows Ntoskrnl integer overflow privilege escalation attempt | off | drop | drop |
| 1 | 40395 | OS-WINDOWS | Microsoft Windows Ntoskrnl integer overflow privilege escalation attempt | off | drop | drop |
| 1 | 41553 | BROWSER-IE | Microsoft Edge url forgery attempt | off | drop | drop |
| 1 | 41554 | BROWSER-IE | Microsoft Edge url forgery attempt | off | drop | drop |
| 1 | 41557 | BROWSER-IE | Microsoft Edge Array out of bounds memory corruption attempt | off | drop | drop |
| 1 | 41558 | BROWSER-IE | Microsoft Edge Array out of bounds memory corruption attempt | off | drop | drop |
| 1 | 41559 | BROWSER-IE | Microsoft Edge Array out of bounds memory corruption attempt | off | drop | drop |
| 1 | 41560 | BROWSER-IE | Microsoft Edge Array out of bounds memory corruption attempt | off | drop | drop |
| 1 | 41561 | BROWSER-IE | Microsoft Internet Explorer array proto chain manipulation memory corruption attempt | off | drop | drop |
| 1 | 41562 | BROWSER-IE | Microsoft Internet Explorer array proto chain manipulation memory corruption attempt | off | drop | drop |
| 1 | 41563 | FILE-OFFICE | Microsoft Office imjp12k.dll dll-load exploit attempt | off | off | off |
| 1 | 41564 | FILE-OFFICE | Microsoft Office imjp12k.dll dll-load exploit attempt | off | off | off |
| 1 | 41565 | FILE-OFFICE | Microsoft Office Excel xlsb use-after-free attempt | off | drop | drop |
| 1 | 41566 | FILE-OFFICE | Microsoft Office Excel xlsb use-after-free attempt | off | drop | drop |
| 1 | 41567 | OS-WINDOWS | Microsoft Windows Device Guard code execution attempt | off | drop | drop |
| 1 | 41568 | OS-WINDOWS | Microsoft Windows Device Guard code execution attempt | off | drop | drop |
| 1 | 41569 | OS-WINDOWS | Microsoft Windows Device Guard code execution attempt | off | drop | drop |
| 1 | 41570 | OS-WINDOWS | Microsoft Windows Device Guard code execution attempt | off | drop | drop |
| 1 | 41571 | OS-WINDOWS | Microsoft Windows Device Guard code execution attempt | off | drop | drop |
| 1 | 41572 | OS-WINDOWS | Microsoft Windows Device Guard code execution attempt | off | drop | drop |
| 1 | 41575 | BROWSER-IE | Microsoft Internet Explorer mhtml and res protocol information disclosure attempt | off | off | off |
| 1 | 41576 | BROWSER-IE | Microsoft Internet Explorer mhtml and res protocol information disclosure attempt | off | off | off |
| 1 | 41577 | FILE-OFFICE | Microsoft Office RTF footnote format use after free attempt | off | drop | drop |
| 1 | 41578 | FILE-OFFICE | Microsoft Office RTF footnote format use after free attempt | off | drop | drop |
| 1 | 41579 | OS-WINDOWS | Microsoft Windows DirectComposition double free attempt | off | drop | drop |
| 1 | 41580 | OS-WINDOWS | Microsoft Windows DirectComposition double free attempt | off | drop | drop |
| 1 | 41581 | FILE-OFFICE | Microsoft Excel malformed CellXF memory corruption attempt | off | off | drop |
| 1 | 41582 | FILE-OFFICE | Microsoft Excel malformed CellXF memory corruption attempt | off | off | drop |
| 1 | 41583 | BROWSER-IE | Microsoft Internet Explorer DOMAttrModified event use after free attempt | off | drop | drop |
| 1 | 41584 | BROWSER-IE | Microsoft Internet Explorer DOMAttrModified event use after free attempt | off | drop | drop |
| 1 | 41585 | BROWSER-IE | Microsoft Internet Explorer mutated scope with generator memory corruption attempt | off | off | drop |
| 1 | 41586 | BROWSER-IE | Microsoft Internet Explorer mutated scope with generator memory corruption attempt | off | off | drop |
| 1 | 41587 | BROWSER-IE | Microsoft Internet Explorer Array out of bounds memory corruption | off | drop | drop |
| 1 | 41588 | BROWSER-IE | Microsoft Internet Explorer Array out of bounds memory corruption | off | drop | drop |
| 1 | 41589 | BROWSER-IE | Microsoft Internet Explorer CHtmlTab use after free attempt | off | drop | drop |
| 1 | 41590 | BROWSER-IE | Microsoft Internet Explorer CHtmlTab use after free attempt | off | drop | drop |
| 1 | 41591 | OS-WINDOWS | Microsoft Windows GDI privilege escalation attempt | off | drop | drop |
| 1 | 41592 | OS-WINDOWS | Microsoft Windows GDI privilege escalation attempt | off | drop | drop |
| 1 | 41593 | BROWSER-IE | Microsoft Edge Data URI same origin policy bypass attempt | off | off | off |
| 1 | 41594 | BROWSER-IE | Microsoft Edge Data URI same origin policy bypass attempt | off | off | off |
| 1 | 41597 | FILE-OTHER | Windows Uniscribe remote code execution vulnerability attempt | off | off | drop |
| 1 | 41598 | FILE-OTHER | Windows Uniscribe remote code execution vulnerability attempt | off | off | drop |
| 1 | 41601 | FILE-PDF | Microsoft Edge PDF Builder out of bounds read attempt | off | drop | drop |
| 1 | 41602 | FILE-PDF | Microsoft Edge PDF Builder out of bounds read attempt | off | drop | drop |
| 1 | 41607 | OS-WINDOWS | Microsoft Windows Kernel NtCreateProfile privilege escalation attempt | off | off | drop |
| 1 | 41608 | OS-WINDOWS | Microsoft Windows Kernel NtCreateProfile privilege escalation attempt | off | off | drop |
| 1 | 41609 | OS-WINDOWS | Microsoft Windows Kernel NtCreateProfile privilege escalation attempt | off | off | drop |
| 1 | 41610 | OS-WINDOWS | Microsoft Windows Kernel NtCreateProfile privilege escalation attempt | off | off | drop |
| 1 | 41625 | BROWSER-IE | Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt | off | drop | drop |
| 1 | 41626 | BROWSER-IE | Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt | off | drop | drop |
| 1 | 41895 | BROWSER-IE | Microsoft Internet Explorer frameset null pointer dereference attempt | off | off | off |
| 1 | 41896 | BROWSER-IE | Microsoft Internet Explorer frameset null pointer dereference attempt | off | off | off |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 41573 | BROWSER-IE | Microsoft Edge CSS animation style information disclosure attempt | off | drop | drop |
| 1 | 41574 | BROWSER-IE | Microsoft Edge CSS animation style information disclosure attempt | off | drop | drop |
| 1 | 41605 | BROWSER-IE | Microsoft Edge AsmJs memory corruption attempt | off | off | drop |
| 1 | 41606 | BROWSER-IE | Microsoft Edge AsmJs memory corruption attempt | off | off | drop |
| 1 | 41633 | BROWSER-IE | Microsoft Internet Explorer 11 Windows Media Player information disclosure attempt | off | off | off |
| 1 | 41634 | BROWSER-IE | Microsoft Internet Explorer 11 Windows Media Player information disclosure attempt | off | off | off |