Snort mailing list archives

Snort Subscriber Rules Update 2018-12-11

From: Research <research () sourcefire com>
Date: Tue, 11 Dec 2018 18:16:53 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2018-8583:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48515 through 48516.

Microsoft Vulnerability CVE-2018-8617:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45142 through 45143.

Microsoft Vulnerability CVE-2018-8618:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48509 through 48510.

Microsoft Vulnerability CVE-2018-8619:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48531 through 48532.

Microsoft Vulnerability CVE-2018-8624:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48517 through 48518.

Microsoft Vulnerability CVE-2018-8629:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48513 through 48514.

Microsoft Vulnerability CVE-2018-8631:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48533 through 48534.

Microsoft Vulnerability CVE-2018-8634:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48519 through 48520.

Cisco Talos would like to thank Symantec and the Cyber Threat Alliance
for working with us to protect our users from Seedworm, rules are
identified with GID 1, SIDs 48559 through 48562.

Talos also has added and modified multiple rules in the
browser-firefox, browser-ie, browser-other, browser-plugins,
browser-webkit, file-flash, file-identify, file-other, file-pdf,
malware-cnc, protocol-scada and server-webapp rule sets to provide
coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJcD/8TAAoJEPE/nha8pb+t0AcQAJmeBLKYkwRWPdZ69p2CnF3E
F95eV3ivftwpjBb+rH5Riw57S9ROOO8r/Jlm1nsn6Dy7Fc0gkHTmral6qru5ZvSI
M7ylk4zlCknY//OlArN26MfrPm7iYAUWAUIEvPQ86HrooHK0pakNjxkPFrZXols2
JNsXdQrsuFqoDcjWamryOPAsHnSCwwRPU/Lo781HBPbORoAgjHlRCvs7+FMQOQfQ
R1dIwQr4HvJLVX8Nf0IfUSzkuq2pZTu8bKs+trMwZPvCcktmEKvyoF65w1G0N/e9
2BGSuh98M2LnNmseo/m2opVYrrgoufx5fCqGMYY0bN2Tj3pIhXxvOtPd8HvfrLen
llLeRqcrmFZ3p2V4VJWCF32lqrbEDW3IwOr+FDfOKY7pJWmc7UkFC3f9oAQiWyMg
4WCw4SyO5LTR+ZU14FC3PV1aDdmh2ElMZANKINHwC8wvBAmU9U/h9mmiRM13C9k/
oMUWO84seMEui8LeAaO2ATdBhLaBgfzIQXzZ68y8BfuqMV9+qf6chyjdbyuSboZG
F7R4cGwckN7Wj6I4+jRJBLhJgjbhRr9zl/4WuSdgqc8DZeIJSfmB1xyhDJ2YDUMD
ceYAYUkbSNaNTpidZJ/WIavgjUqbjaxbwBtm0JN6KSJ28Hj1xtE+gkk+9G8iw3c4
DWpZHSOZRv5Ooonnv3IE
=APru
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Current thread:

Snort Subscriber Rules Update 2018-12-11 Research (Dec 11)
- <Possible follow-ups>
- Snort Subscriber Rules Update 2018-12-11 Research (Dec 11)