Snort mailing list archives
Snort Subscriber Rules Update 2018-12-13
From: Research <research () sourcefire com>
Date: Thu, 13 Dec 2018 23:42:20 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Talos Snort Subscriber Rules Update Synopsis: Talos is aware of vulnerabilities affecting products from Microsoft Corporation. Details: Microsoft Vulnerability CVE-2018-8587: A coding deficiency exists in Microsoft Outlook that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 48405 through 48406. Microsoft Vulnerability CVE-2018-8611: A coding deficiency exists in Microsoft Windows Kernel that may lead to elevation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48612 through 48613. Microsoft Vulnerability CVE-2018-8625: A coding deficiency exists in Microsoft Windows VBScript Engine that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 46548 through 46549. Microsoft Vulnerability CVE-2018-8628: A coding deficiency exists in Microsoft PowerPoint that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48601 through 48602. Microsoft Vulnerability CVE-2018-8639: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48606 through 48607. Microsoft Vulnerability CVE-2018-8643: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48596 through 48597. Talos also has added and modified multiple rules in the browser-ie, file-executable, file-image, file-office, file-other, file-pdf, indicator-compromise, malware-cnc, malware-other, malware-tools, os-windows, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: https://www.snort.org/advisories -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJcEu5bAAoJEPE/nha8pb+toDgP/jxBs4kqd/92Wbp9voUodUOT bFto64nqAISWP2C+HWmqJN0FnyWMrxyXuzLFt1ZiWFxjPC8/zHBj+IXPaXjcS3QZ q4+vjlh5ujPYs2uTKTQD0c9V3zEstCPRBPqeqvQcn+s5MACf48elFPW5VyKaDOkr ei8FAK3TnOLJiHxS/CcNEQto1An7ZZPcXtNFvHtndrOnTE+ZmUcU9nUFZwtCmBAk 9Q2imKANSxx4UnA8IvABH9lGWlXUL1DGtGRcHowillhgEh+6Q1DqdE5bjBFSa1JT 6qzaIxzHsdjzA8qjc5DL/ScyzJp5iLyJIlu8s+HYN6mLZWTxQG649J8B8fJvEprO ni4bzyIPKe6X+OkohChslmyUYvU1k7Am0vmsX2zxKNUkDOUPgxncFMtGXm6+Al4h BeSKix7n2JkXDPYvG53B9/QHJpWCF7dNQNG8LqDZqfECnxJtmc1Sc0X0vpmtzknw uL5t3tcLNyDYxKpEHFOlZZjaWjG7EJA2K/g0ddopsyTtNL01i6L+88eL9M9m2vgM Vc3a6XlHkuROUpPfnhmwH2xyrjjL5YIPX5bvJ0TH46GcPSR7nv1bIOf7VX+Ybnwx QXA+QrithzErIrErOuIeyyF5R6qc7kFlqN/hSj002/KJ+7Lr/F9UCSrrO410Q9PR WE7Qkg14uIQoqdxVx93+ =JsOh -----END PGP SIGNATURE----- _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort Subscriber Rules Update 2018-12-13 Research (Dec 13)