Snort Subscriber Rules Update 2016-01-12

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Security Bulletin MS16-001:
Microsoft Internet Explorer suffers from programming errors that may
lead to remote code execution.

Previously released rules will detect attacks targeting this
vulnerability and have been updated with the appropriate reference
information. They are included in this release and are identified with
GID 1, SIDs 33287 through 33288, and 33897 through 33898.

New rules to detect attacks targeting these vulnerabilities are also
included in this release and are identified with GID 1, SIDs 37283
through 37284.

Microsoft Security Bulletin MS16-002:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 37279 through 37280.

Microsoft Security Bulletin MS16-004:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 37259 through 37260,
37273 through 37274, and 37281 through 37282.

Microsoft Security Bulletin MS16-005:
A coding deficiency exists in Microsoft kernel-mode drivers that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 37265 through 37266.

Microsoft Security Bulletin MS16-006:
A coding deficiency exists in Microsoft Silverlight that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 37267 through 37268.

Microsoft Security Bulletin MS16-007:
A coding deficiency exists in Microsoft Windows that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 37257 through 37258,
37261 through 37264, and 37275 through 37278.

Microsoft Security Bulletin MS16-008:
A coding deficiency exists in the Microsoft kernel that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 37269 through 37272.

Talos has added and modified multiple rules in the browser-ie,
browser-plugins, file-office, file-other, malware-cnc and server-other
rule sets to provide coverage for emerging threats from these
technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFWlU9Vs9U0LCYEKaARAl9iAJ9lr6yE61su1uIShlLcPNI6v3B/RACfQkWF
DzlVNw231gLec2TNT0/ikJ8=
=FZfD
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!