End of Service Products

New Dragon IPS siganture release September 2019

  • 1.  New Dragon IPS siganture release September 2019

    Posted 09-11-2019 12:47
    The following NIDS signature updates are available via liveupdate for Dragon versions 7.x/8.x:

    MS:RDP-CLIENT-EXPLOIT-ATTEMPT
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability. Due to the potential for this signature to generate false positives, it has been disabled by default.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0787
    REFERENCE: CVE
    CVE-2019-0787


    MS:RDP-CLIENT-EXPLOIT-ATTEMPT-2
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability. This signature looks for a malicious binary being downloaded to the client.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0788
    REFERENCE: CVE
    CVE-2019-0788


    MS:SHAREPOINT-RCE
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1257
    REFERENCE: CVE
    CVE-2019-1257


    MS:SHAREPOINT-RCE-2
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1295
    REFERENCE: CVE
    CVE-2019-1295


    MS:SHAREPOINT-RCE-3
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1296
    REFERENCE: CVE
    CVE-2019-1296