https://community.extremenetworks.com/t5/end-of-service-products/new-dragon-ips-siganture-release-september-2019/m-p/23823#M441 The following NIDS signature updates are available via liveupdate for Dragon versions 7.x/8.x:<BR /> <BR /> MS:RDP-CLIENT-EXPLOIT-ATTEMPT<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability. Due to the potential for this signature to generate false positives, it has been disabled by default.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0787" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0787</A><BR /> REFERENCE: CVE<BR /> CVE-2019-0787<BR /> <BR /> <BR /> MS:RDP-CLIENT-EXPLOIT-ATTEMPT-2<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability. This signature looks for a malicious binary being downloaded to the client.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0788" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0788</A><BR /> REFERENCE: CVE<BR /> CVE-2019-0788<BR /> <BR /> <BR /> MS:SHAREPOINT-RCE<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1257" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1257</A><BR /> REFERENCE: CVE<BR /> CVE-2019-1257<BR /> <BR /> <BR /> MS:SHAREPOINT-RCE-2<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1295" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1295</A><BR /> REFERENCE: CVE<BR /> CVE-2019-1295<BR /> <BR /> <BR /> MS:SHAREPOINT-RCE-3<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1296" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1296</A><BR /> REFERENCE: CVE<BR /> CVE-2019-1296 Wed, 11 Sep 2019 19:47:00 GMT Dudley__Jeff 2019-09-11T19:47:00Z https://community.extremenetworks.com/t5/end-of-service-products/new-dragon-ips-siganture-release-september-2019/m-p/23823#M441 The following NIDS signature updates are available via liveupdate for Dragon versions 7.x/8.x:<BR /> <BR /> MS:RDP-CLIENT-EXPLOIT-ATTEMPT<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability. Due to the potential for this signature to generate false positives, it has been disabled by default.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0787" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0787</A><BR /> REFERENCE: CVE<BR /> CVE-2019-0787<BR /> <BR /> <BR /> MS:RDP-CLIENT-EXPLOIT-ATTEMPT-2<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability. This signature looks for a malicious binary being downloaded to the client.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0788" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0788</A><BR /> REFERENCE: CVE<BR /> CVE-2019-0788<BR /> <BR /> <BR /> MS:SHAREPOINT-RCE<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1257" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1257</A><BR /> REFERENCE: CVE<BR /> CVE-2019-1257<BR /> <BR /> <BR /> MS:SHAREPOINT-RCE-2<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1295" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1295</A><BR /> REFERENCE: CVE<BR /> CVE-2019-1295<BR /> <BR /> <BR /> MS:SHAREPOINT-RCE-3<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1296" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1296</A><BR /> REFERENCE: CVE<BR /> CVE-2019-1296 Wed, 11 Sep 2019 19:47:00 GMT https://community.extremenetworks.com/t5/end-of-service-products/new-dragon-ips-siganture-release-september-2019/m-p/23823#M441 Dudley__Jeff 2019-09-11T19:47:00Z