* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2017-05-09-001
Previous SRU number: 2017-05-03-001
Applies to:
This SEU number: 1668
Previous SEU: 1666
Applies to:
This is the complete list of rules added in SRU 2017-05-09-001 and SEU 1668.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 42749 | BROWSER-IE | Microsoft Edge scripting engine postMessage use after free attempt | off | drop | drop |
1 | 42750 | BROWSER-IE | Microsoft Edge scripting engine postMessage use after free attempt | off | drop | drop |
1 | 42751 | OS-WINDOWS | Microsoft Windows AFD.sys double fetch race condition attempt | off | drop | drop |
1 | 42752 | OS-WINDOWS | Microsoft Windows AFD.sys double fetch race condition attempt | off | drop | drop |
1 | 42753 | BROWSER-IE | Microsoft Edge Chakra Core type confusion attempt | off | drop | drop |
1 | 42754 | BROWSER-IE | Microsoft Edge Chakra Core type confusion attempt | off | drop | drop |
1 | 42755 | FILE-OFFICE | Microsoft Word 2010 Sepx memory corruption attempt | off | drop | drop |
1 | 42756 | FILE-OFFICE | Microsoft Word 2010 Sepx memory corruption attempt | off | drop | drop |
1 | 42757 | OS-WINDOWS | Microsoft Windows dxgkrnl CreateDriverAllocations null pointer dereference attempt | off | drop | drop |
1 | 42758 | OS-WINDOWS | Microsoft Windows dxgkrnl CreateDriverAllocations null pointer dereference attempt | off | drop | drop |
1 | 42759 | OS-WINDOWS | Microsoft Windows COM privilege escalation attempt | off | off | drop |
1 | 42760 | OS-WINDOWS | Microsoft Windows COM privilege escalation attempt | off | off | drop |
1 | 42761 | BROWSER-IE | Microsoft Edge Chakra array unshift heap overflow attempt | off | off | drop |
1 | 42762 | BROWSER-IE | Microsoft Edge Chakra array unshift heap overflow attempt | off | off | drop |
1 | 42765 | OS-WINDOWS | Microsoft win32k privilege escalation attempt | off | off | drop |
1 | 42766 | OS-WINDOWS | Microsoft win32k privilege escalation attempt | off | off | drop |
1 | 42767 | OS-WINDOWS | Microsoft Windows DeviceIoControl double fetch race condition attempt | off | drop | drop |
1 | 42768 | OS-WINDOWS | Microsoft Windows DeviceIoControl double fetch race condition attempt | off | drop | drop |
1 | 42769 | OS-WINDOWS | Microsoft Win32k kernel memory leak attempt | off | drop | drop |
1 | 42770 | OS-WINDOWS | Microsoft Win32k kernel memory leak attempt | off | drop | drop |
1 | 42771 | OS-WINDOWS | Microsoft Windows GdiGradientFill null pointer dereference attempt | off | drop | drop |
1 | 42772 | OS-WINDOWS | Microsoft Windows GdiGradientFill null pointer dereference attempt | off | drop | drop |
1 | 42773 | OS-WINDOWS | Microsoft Windows COM privilege escalation attempt | off | off | off |
1 | 42774 | OS-WINDOWS | Microsoft Windows COM privilege escalation attempt | off | off | off |
1 | 42775 | BROWSER-IE | Microsoft Edge Chakra JIT memory corruption attempt | off | drop | drop |
1 | 42776 | BROWSER-IE | Microsoft Edge Chakra JIT memory corruption attempt | off | drop | drop |
1 | 42777 | BROWSER-IE | Microsoft Edge scripting engine security bypass css attempt | off | drop | drop |
1 | 42778 | BROWSER-IE | Microsoft Edge scripting engine security bypass css attempt | off | drop | drop |
1 | 42779 | BROWSER-IE | Microsoft Edge CSS writing mode type confusion attempt | off | drop | drop |
1 | 42780 | BROWSER-IE | Microsoft Edge CSS writing mode type confusion attempt | off | drop | drop |
1 | 42781 | BROWSER-IE | Microsoft Windows Edge AudioContext use after free attempt | off | drop | drop |
1 | 42782 | BROWSER-IE | Microsoft Windows Edge AudioContext use after free attempt | off | drop | drop |
1 | 42783 | OS-WINDOWS | Microsoft Windows ntoskrnl information disclosure attempt | off | off | drop |
1 | 42784 | OS-WINDOWS | Microsoft Windows ntoskrnl information disclosure attempt | off | off | drop |
1 | 42786 | PROTOCOL-SCADA | Moxa unlock function code attempt | off | off | off |
1 | 42787 | POLICY-OTHER | Schneider Electric hardcoded FTP login attempt | off | off | drop |
1 | 42788 | FILE-PDF | Adobe Reader malformed app13 tag information disclosure attempt | off | off | drop |
1 | 42789 | FILE-PDF | Adobe Reader malformed app13 tag information disclosure attempt | off | off | drop |
1 | 42790 | FILE-PDF | Adobe Reader invalid object reference use after free attempt | off | drop | drop |
1 | 42791 | FILE-PDF | Adobe Reader invalid object reference use after free attempt | off | drop | drop |
1 | 42792 | FILE-FLASH | Adobe Flash Player FLV invalid tag buffer overflow attempt | off | drop | drop |
1 | 42793 | FILE-FLASH | Adobe Flash Player FLV invalid tag buffer overflow attempt | off | drop | drop |
1 | 42794 | FILE-FLASH | Adobe Flash Player beginGradientFill color array out of bounds read attempt | off | drop | drop |
1 | 42795 | FILE-FLASH | Adobe Flash Player beginGradientFill color array out of bounds read attempt | off | drop | drop |
1 | 42796 | FILE-FLASH | Adobe Flash Player ConvolutionFilter memory corruption attempt | off | drop | drop |
1 | 42797 | FILE-FLASH | Adobe Flash Player ConvolutionFilter memory corruption attempt | off | drop | drop |
1 | 42798 | BROWSER-IE | Microsoft Edge out of bounds read attempt | off | off | drop |
1 | 42799 | BROWSER-IE | Microsoft Edge out of bounds read attempt | off | off | drop |
1 | 42800 | FILE-FLASH | Adobe Flash Player ActionPush out of bounds read attempt | off | drop | drop |
1 | 42801 | FILE-FLASH | Adobe Flash Player ActionPush out of bounds read attempt | off | drop | drop |
1 | 42802 | FILE-PDF | Adobe Acrobat Reader malformed AES key memory corruption attempt | off | drop | drop |
1 | 42803 | FILE-PDF | Adobe Acrobat Reader malformed AES key memory corruption attempt | off | drop | drop |
1 | 42804 | SERVER-WEBAPP | IntegraXor directory traversal attempt | off | off | off |
1 | 42805 | SERVER-WEBAPP | Intel AMT remote administration tool authentication bypass attempt | off | off | drop |
1 | 42806 | EXPLOIT-KIT | Rig Exploit Kit URL outbound communication | off | drop | drop |
1 | 42807 | FILE-FLASH | Adobe Standalone Flash Player BlendMode memory corruption attempt | off | drop | drop |
1 | 42808 | FILE-FLASH | Adobe Standalone Flash Player BlendMode memory corruption attempt | off | drop | drop |
1 | 42809 | FILE-FLASH | Adobe Flash Player BitmapData out of bounds memory access attempt | off | drop | drop |
1 | 42810 | FILE-FLASH | Adobe Flash Player BitmapData out of bounds memory access attempt | off | drop | drop |
1 | 42811 | BROWSER-IE | Microsoft Edge Chakra Engine use-after-free attempt | off | drop | drop |
1 | 42812 | BROWSER-IE | Microsoft Edge Chakra Engine use-after-free attempt | off | drop | drop |
1 | 42813 | FILE-PDF | Adobe Acrobat Reader malformed URI information disclosure attempt | off | drop | drop |
1 | 42814 | FILE-PDF | Adobe Acrobat Reader malformed URI information disclosure attempt | off | drop | drop |
1 | 42815 | FILE-FLASH | Adobe Flash Player display object mask use after free attempt | off | drop | drop |
1 | 42816 | FILE-FLASH | Adobe Flash Player display object mask use after free attempt | off | drop | drop |
1 | 42817 | FILE-FLASH | Adobe Flash Player DisplayObject use after free attempt | off | drop | drop |
1 | 42818 | FILE-FLASH | Adobe Flash Player DisplayObject use after free attempt | off | drop | drop |
1 | 42819 | SERVER-WEBAPP | WordPress admin password reset attempt | off | off | off |
1 | 42820 | OS-WINDOWS | Microsoft Malware Protection Engine type confusion attempt | off | drop | drop |
1 | 42821 | OS-WINDOWS | Microsoft Malware Protection Engine type confusion attempt | off | drop | drop |
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 42763 | OS-WINDOWS | Microsoft Windows NtTraceControl information disclosure attempt | off | drop | drop |
1 | 42764 | OS-WINDOWS | Microsoft Windows NtTraceControl information disclosure attempt | off | drop | drop |
1 | 42785 | INDICATOR-SCAN | DNS version.bind string information disclosure attempt | off | off | drop |
Updated rules can be found at this link.