Skip to content

Frontdoor - DRS Changelog: 2.0 → 2.1

Generated: 05 July 2026 | Base: 2.0 | Target: 2.1

Summary: 19 added · 0 removed · 4 changed

Added Rules

Rule ID Rule Group Name Description Action State
920181 PROTOCOL-ENFORCEMENT Content-Length and Transfer-Encoding headers present AnomalyScoring Enabled
920500 PROTOCOL-ENFORCEMENT Attempt to access a backup or working file AnomalyScoring Enabled
921190 PROTOCOL-ATTACK HTTP Splitting (CR/LF in request filename detected) AnomalyScoring Enabled
921200 PROTOCOL-ATTACK LDAP Injection Attack AnomalyScoring Enabled
99001002 MS-ThreatIntel-CVEs Attempted Citrix NSC_USER directory traversal (CVE-2019-19781) AnomalyScoring Enabled
99001003 MS-ThreatIntel-CVEs Attempted Atlassian Confluence Widget Connector exploitation (CVE-2019-3396) AnomalyScoring Enabled
99001004 MS-ThreatIntel-CVEs Attempted Pulse Secure custom template exploitation (CVE-2020-8243) AnomalyScoring Enabled
99001005 MS-ThreatIntel-CVEs Attempted SharePoint type converter exploitation (CVE-2020-0932) AnomalyScoring Enabled
99001006 MS-ThreatIntel-CVEs Attempted Pulse Connect directory traversal (CVE-2019-11510) AnomalyScoring Enabled
99001007 MS-ThreatIntel-CVEs Attempted Junos OS J-Web local file inclusion (CVE-2020-1631) AnomalyScoring Enabled
99001008 MS-ThreatIntel-CVEs Attempted Fortinet path traversal (CVE-2018-13379) AnomalyScoring Enabled
99001009 MS-ThreatIntel-CVEs Attempted Apache struts ognl injection (CVE-2017-5638) AnomalyScoring Enabled
99001010 MS-ThreatIntel-CVEs Attempted Apache struts ognl injection (CVE-2017-12611) AnomalyScoring Enabled
99001011 MS-ThreatIntel-CVEs Attempted Oracle WebLogic path traversal (CVE-2020-14882) AnomalyScoring Enabled
99001012 MS-ThreatIntel-CVEs Attempted Telerik WebUI insecure deserialization exploitation (CVE-2019-18935) AnomalyScoring Enabled
99001013 MS-ThreatIntel-CVEs Attempted SharePoint insecure XML deserialization (CVE-2019-0604) AnomalyScoring Enabled
99005005 MS-ThreatIntel-WebShells Web Shell Interaction Attempt AnomalyScoring Enabled
99031003 MS-ThreatIntel-SQLI SQL Injection Attack (replacing rule #942150) AnomalyScoring Enabled
99031004 MS-ThreatIntel-SQLI Detects basic SQL authentication bypass attempts ⅔ (replacing rule #942260) AnomalyScoring Enabled

Removed Rules

No rules removed.

Changed Rules

Rule ID Rule Group Field Before After
942150 SQLI State Enabled Disabled
942260 SQLI State Enabled Disabled
99031001 MS-ThreatIntel-SQLI Description SQL Injection Attack: Common Injection Testing Detected SQL Injection Attack: Common Injection Testing Detected (replacing rule #942110)
99031002 MS-ThreatIntel-SQLI Description SQL Comment Sequence Detected. SQL Comment Sequence Detected (replacing rule #942440).