Snort mailing list archives
Snort Subscriber Rules Update 2015-12-08
From: Research <research () sourcefire com>
Date: Tue, 8 Dec 2015 22:07:17 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Talos Snort Subscriber Rules Update Synopsis: Talos is aware of vulnerabilities affecting products from Microsoft Corporation. Details: Microsoft Security Bulletin MS15-124: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution. Previously released rules will detect attacks targeting this vulnerability and have been updated with the appropriate reference information. They are included in this release and are identified with GID 1, SIDs 36673 through 36674. New rules to detect attacks targeting these vulnerabilities are also included in this release and are identified with GID 1, SIDs 36917 through 36923, 36926 through 36929, 36934 through 36951, 36954 through 36957, 36962 through 36963, 36968 through 36969, 36978 through 36983, 36986 through 36988, 36991 through 36992, 37003 through 37004, and 37009 through 37010. Microsoft Security Bulletin MS15-125: A coding deficiency exists in Microsoft Edge that may lead to remote code execution. Previously released rules will detect attacks targeting this vulnerability and have been updated with the appropriate reference information. They are included in this release and are identified with GID 1, SIDs 36673 through 36674. New rules to detect attacks targeting these vulnerabilities are also included in this release and are identified with GID 1, SIDs 36917, 36932 through 36933, 36942 through 36943, 36950 through 36951, and 36984 through 36985. Microsoft Security Bulletin MS15-126: A coding deficiency exists in Microsoft JScript and VBScript that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 36922 through 36923. Microsoft Security Bulletin MS15-128: A coding deficiency exists in Microsoft Graphics Component that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 36964 through 36967. Microsoft Security Bulletin MS15-129: A coding deficiency exists in Microsoft Silverlight that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 36997 through 36998. Microsoft Security Bulletin MS15-130: A coding deficiency exists in Microsoft Uniscribe that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 36952 through 36953. Microsoft Security Bulletin MS15-131: A coding deficiency exists in Microsoft Office that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 36924 through 36925, 36958 through 36961, 36974 through 36975, and 37011 through 37013. Microsoft Security Bulletin MS15-132: A coding deficiency exists in Microsoft Windows that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 36930 through 36931, 36993 through 36996, and 36999 through 37002. Microsoft Security Bulletin MS15-134: A coding deficiency exists in Microsoft Media Center that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 36972 through 36973. Microsoft Security Bulletin MS15-135: A coding deficiency exists in a Microsoft Kernel mode driver that may lead to an escalation of privilege. Previously released rules will detect attacks targeting this vulnerability and have been updated with the appropriate reference information. They are included in this release and are identified with GID 1, SIDs 35149 through 35150, New rules to detect attacks targeting these vulnerabilities are also included in this release and are identified with GID 1, 36970 through 36971, 36976 through 36977, and 36989 through 36990. Talos has added and modified multiple rules in the browser-ie, browser-plugins, deleted, file-office, file-other, malware-cnc and policy-other rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: https://www.snort.org/advisories -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFWZ1SVs9U0LCYEKaARAsNcAJ9b3jHDoHQlMyJ9dQd6Saufc0tByACfW+dI Z+oUcgG901miJNu7wluG9so= =OI07 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort Subscriber Rules Update 2015-12-08 Research (Dec 08)