This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Amazon CDN triggering lots of 38716 threats (library loading elevation of privilege)

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Amazon CDN triggering lots of 38716 threats (library loading elevation of privilege)

MarekF
L0 Member

‎02-26-2018 04:39 AM - edited ‎02-26-2018 04:43 AM

Hello,

 

Have anyone else noticed a very large flood of triggered 38716 threat warnings comming from Amazon CDN? That is just a very short fragment:

 

2018-02-26 13:301801032072THREATvulnerability2018-02-26 13:3052.222.174.180192.168.2.199Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 13:301801032072THREATvulnerability2018-02-26 13:3052.222.174.105192.168.2.177Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 13:291801032072THREATvulnerability2018-02-26 13:2952.222.174.80192.168.35.110Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 13:291801032072THREATvulnerability2018-02-26 13:2952.222.174.136192.168.2.171Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 13:291801032072THREATvulnerability2018-02-26 13:2952.222.174.105192.168.1.202Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 13:281801032072THREATvulnerability2018-02-26 13:2852.222.174.185192.168.2.177Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 13:271801032072THREATvulnerability2018-02-26 13:2752.222.174.157192.168.2.177Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 13:261801032072THREATvulnerability2018-02-26 13:2652.222.174.157192.168.2.177Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 13:111801032072THREATvulnerability2018-02-26 13:1152.85.184.184192.168.2.155Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 13:111801032072THREATvulnerability2018-02-26 13:1152.85.184.4192.168.2.46Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 13:111801032072THREATvulnerability2018-02-26 13:1152.85.184.4192.168.2.52Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 13:101801032072THREATvulnerability2018-02-26 13:1052.85.184.246192.168.2.52Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 12:581801032072THREATvulnerability2018-02-26 12:5852.85.184.148192.168.2.155Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 12:581801032072THREATvulnerability2018-02-26 12:5852.85.184.246192.168.2.117Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 12:581801032072THREATvulnerability2018-02-26 12:5852.85.184.184192.168.1.192Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 12:581801032072THREATvulnerability2018-02-26 12:5852.85.184.148192.168.2.96

Microsoft Windows library loading elevation of privilege vulnerability(38716)

 

 

2018-02-26 08:561801032072THREATvulnerability2018-02-26 08:5613.32.145.109192.168.2.206Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 08:551801032072THREATvulnerability2018-02-26 08:5513.32.145.214192.168.2.171Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 08:551801032072THREATvulnerability2018-02-26 08:5513.32.145.178192.168.1.123Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 08:551801032072THREATvulnerability2018-02-26 08:5513.32.145.208192.168.1.105Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 08:551801032072THREATvulnerability2018-02-26 08:5513.32.145.98192.168.1.65Microsoft Windows library loading elevation of privilege vulnerability(38716)
2018-02-26 08:551801032072THREATvulnerability2018-02-26 08:5513.32.145.67192.168.1.154Microsoft Windows library loading elevation of privilege vulnerability(38716)

 

I can't figure out what's causing it. Any idea? Thanks in advance. All the best!

0 Likes Likes
1 REPLY 1

upelister
L3 Networker

‎01-31-2021 03:35 PM

Hello,

 

Maybe attackers identifed a vulnerability on your services in past and trying to access your servers.

To be on the safe side checking servers, applications against any kind of vulnerability specially this one should be fine.

I recommend;

  • If applications are not required to acces from open world, limiting allowed traffic for specific Geo Locations greatly reduce attack surface and attack possibilites.
  • Applying zone protection profiles can reduce scanning risks.
  • Using, Vulnerability Protection, Spyware and Anti-Virus profile in strict state for the rules.
  • Within great care all vulnerability protection signatures can be enabled.
  • Also auto tagging feature can be used to block all or block for a period of time. attacker ip addreses.
    • Vulnerability Protection> Vulnerability protection profile> Vulnerability Protection Rule> Action> Block-ip as source and how much time (Max is 1hr) this will block source ip address for one hour in hardware level
    • With using DAG feature you can block attacker for a long time.

I rec

UP
0 Likes Likes
  • 3032 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks