* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2017-11-15-001
Previous SRU number: 2017-11-13-001
Applies to:
This SEU number: 1758
Previous SEU: 1757
Applies to:
This is the complete list of rules added in SRU 2017-11-15-001 and SEU 1758.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 44866 | SERVER-WEBAPP | Xplico decoding manager daemon command injection attempt | off | off | drop |
| 1 | 44871 | FILE-PDF | Adobe Acrobat Reader out of bounds read attempt | off | off | drop |
| 1 | 44872 | FILE-PDF | Adobe Acrobat Reader out of bounds read attempt | off | off | drop |
| 1 | 44875 | INDICATOR-COMPROMISE | Malicious VBA script detected | off | drop | drop |
| 1 | 44876 | MALWARE-CNC | Malicious VBA Dropper outbound connection detected | off | drop | drop |
| 1 | 44877 | SERVER-OTHER | Citrix XenApp and XenDesktop XML service memory corruption attempt | off | off | off |
| 1 | 44878 | SERVER-OTHER | Mako Web Server arbitrary file upload attempt | off | off | off |
| 1 | 44880 | FILE-IMAGE | Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt | off | drop | drop |
| 1 | 44881 | FILE-IMAGE | Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt | off | drop | drop |
| 1 | 44882 | FILE-PDF | Adobe Acrobat acrobat URI handler security bypass | off | off | drop |
| 1 | 44883 | FILE-PDF | Adobe Acrobat acrobat URI handler security bypass | off | off | drop |
| 1 | 44884 | FILE-IMAGE | Adobe Acrobat XPS unicode glyph pointer out of bounds | off | drop | drop |
| 1 | 44885 | FILE-IMAGE | Adobe Acrobat XPS unicode glyph pointer out of bounds | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 44873 | FILE-PDF | Adobe Acrobat addAnnot object untrusted pointer dereference attempt | off | drop | drop |
| 1 | 44874 | FILE-PDF | Adobe Acrobat addAnnot object untrusted pointer dereference attempt | off | drop | drop |
| 1 | 44879 | SERVER-OTHER | ISC BIND 9 DNS rdata length handling remote denial of service attempt | off | off | off |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 44864 | INDICATOR-COMPROMISE | Microsoft Internet Explorer OLE auto-open attempt | off | off | off |
| 1 | 44865 | INDICATOR-COMPROMISE | Microsoft Internet Explorer OLE auto-open attempt | off | off | off |
Updated rules can be found at this link.