[***] Summary: [***]

2 New open. 26 New Pro (24+2) MS SChannel 2014-6321, CVE-2014-6332. Tks @rmkml.

[+++] Added rules: [+++]

Open:
2019706 - ET WEB_CLIENT Possible Internet Explorer VBscript failure to handle error case information disclosure CVE-2014-6332 (web_client.rules)
2019707 - ET WEB_CLIENT GENERIC VB ShellExecute Function Inside of VBSCRIPT tag (web_client.rules)

Pro:
2809176 - ETPRO EXPLOIT DTLS Pre 1.0 HelloVerifyRequest CookieSize Heap Overflow CVE-2014-6321 (exploit.rules)
2809177 - ETPRO EXPLOIT DTLS 1.0 HelloVerifyRequest CookieSize Heap Overflow CVE-2014-6321 (exploit.rules)
2809178 - ETPRO EXPLOIT DTLS 1.2 HelloVerifyRequest CookieSize Heap Overflow CVE-2014-6321 (exploit.rules)
2809179 - ETPRO EXPLOIT DTLS Pre 1.0 HelloVerifyRequest Schannel OOB Read CVE-2014-6321 (exploit.rules)
2809180 - ETPRO EXPLOIT DTLS 1.0 HelloVerifyRequest Schannel OOB Read CVE-2014-6321 (exploit.rules)
2809181 - ETPRO EXPLOIT DTLS 1.2 HelloVerifyRequest Schannel OOB Read CVE-2014-6321 (exploit.rules)
2809182 - ETPRO MALWARE Win32.Adware.MediaGet.A Checkin (malware.rules)
2809183 - ETPRO MOBILE_MALWARE AndroidOS/SMSPay.BF Checkin (mobile_malware.rules)
2809184 - ETPRO TROJAN Backdoor.Korplug!gen6 Checkin (UDP) (trojan.rules)
2809185 - ETPRO TROJAN Win32.Troj.Reconyc Sending Screenshots and Keystrokes Via SMTP (trojan.rules)
2809186 - ETPRO TROJAN PUA.KwMusic Checkin (trojan.rules)
2809187 - ETPRO TROJAN BACKDOOR.MSIL/CALIEROT.A CnC Checkin (trojan.rules)
2809189 - ETPRO TROJAN Win32/Tarcloin.G Connectivity Check (trojan.rules)
2809190 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.MTK.f Checkin (mobile_malware.rules)
2809191 - ETPRO MALWARE PUP.Optional.Wajam Checkin (malware.rules)
2809192 - ETPRO EXPLOIT SChannel Possible Heap Overflow DSAWithSHA1 CVE-2014-6321 (exploit.rules)
2809193 - ETPRO EXPLOIT SChannel Possible Heap Overflow DSAWithSHA224 CVE-2014-6321 (exploit.rules)
2809194 - ETPRO EXPLOIT SChannel Possible Heap Overflow DSAWithSHA256 CVE-2014-6321 (exploit.rules)
2809195 - ETPRO EXPLOIT SChannel Possible Heap Overflow ECDSAWithSHA1 CVE-2014-6321 (exploit.rules)
2809196 - ETPRO EXPLOIT SChannel Possible Heap Overflow ECDSAWithSHA224 CVE-2014-6321 (exploit.rules)
2809197 - ETPRO EXPLOIT SChannel Possible Heap Overflow ECDSAWithSHA256 CVE-2014-6321 (exploit.rules)
2809198 - ETPRO EXPLOIT SChannel Possible Heap Overflow ECDSAWithSHA384 CVE-2014-6321 (exploit.rules)
2809199 - ETPRO EXPLOIT SChannel Possible Heap Overflow ECDSAWithSHA512 CVE-2014-6321 (exploit.rules)

[///] Modified active rules: [///]

2013935 - ET TROJAN Win32.Zbot.chas/Unruy.H Covert DNS CnC Channel TXT Response (trojan.rules)
2018228 - ET TROJAN Possible PlugX Common Header Struct (trojan.rules)

[---] Disabled and modified rules: [---]

2017793 - ET CURRENT_EVENTS HiMan EK - Payload Requested (current_events.rules)

[---] Removed rules: [---]

2809147 - ETPRO WEB_CLIENT Possible Internet Explorer VBscript failure to handle error case information disclosure CVE-2014-6332 (web_client.rules)
2809172 - ETPRO WEB_CLIENT GENERIC VB ShellExecute Function Inside of VBSCRIPT tag (web_client.rules)

Date:
Summary title:
2 New open. 26 New Pro (24+2) MS SChannel 2014-6321, CVE-2014-6332.