This SRU number: 2019-08-12-001
Previous SRU number: 2019-08-07-001
Applies to:
This SEU number: 2053
Previous SEU: 2051
Applies to:
This is the complete list of rules added in SRU 2019-08-12-001 and SEU 2053.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 50936 | OS-WINDOWS | Microsoft Windows shell privilege escalation attempt | off | drop | drop | drop |
| 1 | 50937 | OS-WINDOWS | Microsoft Windows shell privilege escalation attempt | off | drop | drop | drop |
| 1 | 50938 | BROWSER-IE | Microsoft Edge scripting engine memory corruption vulnerability attempt | off | drop | drop | drop |
| 1 | 50939 | BROWSER-IE | Microsoft Edge scripting engine memory corruption vulnerability attempt | off | drop | drop | drop |
| 1 | 50940 | BROWSER-IE | Microsoft Edge scripting engine memory corruption vulnerability attempt | off | drop | drop | drop |
| 1 | 50941 | BROWSER-IE | Microsoft Edge scripting engine memory corruption vulnerability attempt | off | drop | drop | drop |
| 1 | 50942 | OS-WINDOWS | Microsoft Windows graphics component privilege escalation attempt | off | drop | drop | drop |
| 1 | 50943 | OS-WINDOWS | Microsoft Windows graphics component privilege escalation attempt | off | drop | drop | drop |
| 1 | 50944 | FILE-OTHER | VideoLAN VLC media player out-of-bounds read attempt | off | off | off | drop |
| 1 | 50945 | FILE-OTHER | VideoLAN VLC media player out-of-bounds read attempt | off | off | off | drop |
| 1 | 50946 | SERVER-OTHER | GnuTLS x509 certificate validation policy bypass attempt | off | off | off | drop |
| 1 | 50947 | INDICATOR-COMPROMISE | PhpSploit backdoor communication attempt | off | off | drop | drop |
| 1 | 50948 | INDICATOR-COMPROMISE | PhpSploit backdoor communication attempt | off | off | drop | drop |
| 1 | 50949 | INDICATOR-COMPROMISE | PhpSploit backdoor installation attempt | off | off | drop | drop |
| 1 | 50950 | INDICATOR-COMPROMISE | PHP backdoor communication attempt | off | off | drop | drop |
| 1 | 50951 | INDICATOR-COMPROMISE | PhpSploit backdoor communication attempt | off | off | drop | drop |
| 1 | 50952 | INDICATOR-COMPROMISE | PhpSploit backdoor communication attempt | off | off | drop | drop |
| 1 | 50953 | INDICATOR-COMPROMISE | PhpSploit backdoor communication attempt | off | off | drop | drop |
| 1 | 50954 | INDICATOR-COMPROMISE | PhpSploit backdoor communication attempt | off | off | drop | drop |
| 1 | 50955 | INDICATOR-COMPROMISE | PhpSploit backdoor communication attempt | off | off | drop | drop |
| 1 | 50956 | FILE-OFFICE | Microsoft Office Excel MsoDrawingGroup record remote code execution attempt | off | off | off | drop |
| 1 | 50957 | FILE-OFFICE | Microsoft Office Excel MsoDrawingGroup record remote code execution attempt | off | off | off | drop |
| 1 | 50959 | FILE-OFFICE | Microsoft VBE6.dll stack corruption attempt | off | off | off | drop |
| 1 | 50960 | FILE-IMAGE | Adobe Photoshop CS5 gif file heap corruption attempt | off | off | off | drop |
| 1 | 50961 | FILE-IMAGE | Adobe Photoshop CS5 gif file heap corruption attempt | off | off | off | drop |
| 1 | 50962 | FILE-OFFICE | Microsoft Office PowerPoint OfficeArt atom memory corruption attempt | off | off | off | drop |
| 1 | 50963 | OS-WINDOWS | Microsoft Windows win32k.sys memory corruption attempt | off | drop | drop | drop |
| 1 | 50964 | OS-WINDOWS | Microsoft Windows win32k.sys memory corruption attempt | off | drop | drop | drop |
| 1 | 50965 | FILE-MULTIMEDIA | MPlayer SMI file buffer overflow attempt | off | off | off | drop |
| 1 | 50966 | OS-WINDOWS | Microsoft Windows CoreShellCOMServerRegistrar privilege escalation attempt | off | drop | drop | drop |
| 1 | 50967 | OS-WINDOWS | Microsoft Windows CoreShellCOMServerRegistrar privilege escalation attempt | off | drop | drop | drop |
| 1 | 50968 | SERVER-WEBAPP | WordPress Crop Image arbitrary file write attempt | off | off | off | drop |
| 1 | 50969 | OS-WINDOWS | Microsoft win32k driver buffer over read attempt | off | drop | drop | drop |
| 1 | 50970 | OS-WINDOWS | Microsoft win32k driver buffer over read attempt | off | drop | drop | drop |
| 1 | 50971 | OS-WINDOWS | Microsoft win32k driver buffer over read attempt | off | drop | drop | drop |
| 1 | 50972 | OS-WINDOWS | Microsoft win32k driver buffer over read attempt | off | drop | drop | drop |
| 1 | 50973 | OS-WINDOWS | Microsoft win32k driver buffer over read attempt | off | drop | drop | drop |
| 1 | 50974 | OS-WINDOWS | Microsoft win32k driver buffer over read attempt | off | drop | drop | drop |
| 1 | 50975 | FILE-OTHER | OMRON CX-One arbitrary code execution attempt | off | off | off | drop |
| 1 | 50976 | FILE-OTHER | OMRON CX-One arbitrary code execution attempt | off | off | off | drop |
| 1 | 50977 | SERVER-WEBAPP | LCDS Laquis SCADA command injection attempt | off | off | drop | drop |
| 1 | 50978 | SERVER-WEBAPP | LCDS Laquis SCADA command injection attempt | off | off | drop | drop |
| 1 | 50979 | SERVER-WEBAPP | LCDS Laquis SCADA command injection attempt | off | off | drop | drop |
| 1 | 50980 | SERVER-WEBAPP | LCDS Laquis SCADA command injection attempt | off | off | drop | drop |
| 1 | 50981 | SERVER-WEBAPP | LCDS Laquis SCADA command injection attempt | off | off | drop | drop |
| 1 | 50982 | SERVER-WEBAPP | LCDS Laquis SCADA command injection attempt | off | off | drop | drop |
| 1 | 50983 | SERVER-WEBAPP | LCDS Laquis SCADA command injection attempt | off | off | drop | drop |
| 1 | 50984 | SERVER-WEBAPP | LCDS Laquis SCADA command injection attempt | off | off | drop | drop |
| 1 | 50985 | FILE-IMAGE | GraphicsMagick WMF use after free attempt | off | off | off | drop |
| 1 | 50986 | FILE-IMAGE | GraphicsMagick WMF use after free attempt | off | off | off | drop |
| 1 | 50987 | OS-WINDOWS | Microsoft Windows CrmRpcSrvUnregister privilege escalation attempt | off | off | drop | drop |
| 1 | 50988 | OS-WINDOWS | Microsoft Windows CrmRpcSrvUnregister privilege escalation attempt | off | off | drop | drop |
| 1 | 50989 | MALWARE-CNC | Win.Dropper.Clipbanker variant outbound connection | off | drop | drop | drop |
| 1 | 50990 | MALWARE-CNC | Unix.Malware.ech0raix outbound connection attempt | off | drop | drop | drop |
| 1 | 50991 | MALWARE-CNC | Unix.Malware.ech0raix outbound connection attempt | off | drop | drop | drop |
| 1 | 50992 | MALWARE-CNC | Unix.Malware.ech0raix outbound connection attempt | off | drop | drop | drop |
| 1 | 50993 | MALWARE-CNC | Unix.Malware.ech0raix outbound connection attempt | off | drop | drop | drop |
| 1 | 50994 | SERVER-WEBAPP | PHP ProjectPier remote file include attempt | off | off | off | drop |
| 1 | 50995 | SERVER-WEBAPP | PHP ProjectPier remote file include attempt | off | off | drop | drop |
| 1 | 50996 | SERVER-WEBAPP | PHP ProjectPier remote file include attempt | off | off | drop | drop |
| 1 | 50998 | FILE-OFFICE | Microsoft Office Outlook memory corruption attempt | off | off | drop | drop |
| 1 | 50999 | FILE-OFFICE | Microsoft Office Outlook memory corruption attempt | off | off | drop | drop |
| 1 | 51001 | OS-WINDOWS | Microsoft Windows privilege escalation attempt | off | off | drop | drop |
| 1 | 51002 | OS-WINDOWS | Microsoft Windows privilege escalation attempt | off | off | drop | drop |
| 1 | 51003 | OS-WINDOWS | Microsoft Windows privilege escalation attempt | off | off | drop | drop |
| 1 | 51004 | OS-WINDOWS | Microsoft Windows privilege escalation attempt | off | off | drop | drop |
| 1 | 51005 | OS-WINDOWS | Microsoft Windows privilege escalation attempt | off | off | drop | drop |
| 1 | 51006 | OS-WINDOWS | Microsoft Windows privilege escalation attempt | off | off | drop | drop |
| 1 | 51007 | OS-WINDOWS | Microsoft Windows privilege escalation attempt | off | off | drop | drop |
| 1 | 51008 | OS-WINDOWS | Microsoft Windows privilege escalation attempt | off | off | drop | drop |
| 1 | 51009 | OS-WINDOWS | Microsoft Windows privilege escalation attempt | off | off | drop | drop |
| 1 | 51010 | OS-WINDOWS | Microsoft Windows privilege escalation attempt | off | off | drop | drop |
| 1 | 51011 | OS-WINDOWS | Microsoft Windows privilege escalation attempt | off | off | drop | drop |
| 1 | 51012 | OS-WINDOWS | Microsoft Windows privilege escalation attempt | off | off | drop | drop |
| 1 | 51013 | OS-WINDOWS | Microsoft Windows privilege escalation attempt | off | off | drop | drop |
| 1 | 51014 | OS-WINDOWS | Microsoft Windows privilege escalation attempt | off | off | drop | drop |
| 1 | 51015 | OS-WINDOWS | Microsoft Windows PsmSrvDisconnect privilege escalation attempt | off | off | drop | drop |
| 1 | 51016 | OS-WINDOWS | Microsoft Windows PsmSrvDisconnect privilege escalation attempt | off | off | drop | drop |
| 1 | 51017 | PROTOCOL-OTHER | Losant Arduino MQTT Client buffer overflow attempt | off | off | off | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 50958 | SERVER-OTHER | Chicken of the VNC ServerInit denial of service attempt | off | off | off | drop |
| 1 | 50997 | SERVER-OTHER | Network Time Server denial of service attempt | off | off | off | drop |
| 1 | 51000 | PROTOCOL-DNS | PowerDNS Recursor query denial of service attempt | off | off | off | drop |
Updated rules can be found at this link.