Snort Subscriber Rules Update 2017-11-14

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2017-11791:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44819 through 44820.

Microsoft Vulnerability CVE-2017-11837:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44809 through 44810.

Microsoft Vulnerability CVE-2017-11840:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44811 through 44812.

Microsoft Vulnerability CVE-2017-11841:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44813 through 44814.

Microsoft Vulnerability CVE-2017-11843:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44815 through 44816.

Microsoft Vulnerability CVE-2017-11845:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44817 through 44818.

Microsoft Vulnerability CVE-2017-11846:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44845 through 44846.

Microsoft Vulnerability CVE-2017-11847:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44833 through 44834.

Microsoft Vulnerability CVE-2017-11854:
A coding deficiency exists in Microsoft Word that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44838 through 44839.

Microsoft Vulnerability CVE-2017-11855:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44831 through 44832.

Microsoft Vulnerability CVE-2017-11856:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44829 through 44830.

Microsoft Vulnerability CVE-2017-11858:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44827 through 44828.

Microsoft Vulnerability CVE-2017-11861:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44825 through 44826.

Microsoft Vulnerability CVE-2017-11869:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44823 through 44824.

Microsoft Vulnerability CVE-2017-11873:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44843 through 44844.

Microsoft Vulnerability CVE-2017-11878:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44821 through 44822.

Talos also has added and modified multiple rules in the browser-ie,
file-image, file-office, file-other, file-pdf, indicator-compromise,
os-windows and server-webapp rule sets to provide coverage for emerging
threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJaC0CUAAoJEPE/nha8pb+tFWcQALvPAlpAiGaUUAFqwYh6lN0K
hIHvJKDdHnDaVoxC8Up0hJomQaAkfe6vaBVhQDvdx1mA5i6ua+XQuP/YOHaKl4dA
87qkAaCegpfnMogO76Nhmm9l4YR27VNRHAZUCfn5/eLqMyYqdL09W6HQ6EIP0meR
Nv0/LSh0gpIwAi3l+cN57R+JpJ9HXWIaWJF77sBDm6J5hw9WfZofmNiZbiXDuepm
PmPnjgfYw5tDFxXGtsvQ7X1iY0tSqWI1V7KQG61SOXHdZLykikFIg60tMQiarziu
hGMMwqPPnsKo3VZ3vc5bdlKeH2Efd3gMt+Ij0aLcqyFH7AAX6zf/z/I9yg4Eaa4U
A6Zx7D8Z6NNmZP5dvyypetzkrTtf4l8aFyylVH3vm7QR4vj+Wy1U7f3ygQqQF/8F
dle5x9q+C8d+F+Ky8HvRmOdaFCT/yPLkcVZKKa/DqbkA8q9P7Ab873VjDMdPQFCB
Rq8965l2W7QytbUTFxlYA530ySW9l1Rsu95LQsiAM7DD/xbmQzCgo90Qf99z9i5s
txq/VMWUO1FDmhPzpEtN5e/v3+cIgljbqX3hldjL2r3IXAFgy4GV+L18HKUy8gE+
8x0Rld9DGEfy2RTenGUARqgHWRC4Kepqd41HNTvbYw9ep/qWUBAPeqpfi6YG93BS
vt7r1tzDbQ+Pq4J2Ad/T
=yIoi
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!