Snort Subscriber Rules Update 2018-12-13

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2018-8587:
A coding deficiency exists in Microsoft Outlook that may lead to remote
code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 48405 through 48406.

Microsoft Vulnerability CVE-2018-8611:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48612 through 48613.

Microsoft Vulnerability CVE-2018-8625:
A coding deficiency exists in Microsoft Windows VBScript Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46548 through 46549.

Microsoft Vulnerability CVE-2018-8628:
A coding deficiency exists in Microsoft PowerPoint that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48601 through 48602.

Microsoft Vulnerability CVE-2018-8639:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48606 through 48607.

Microsoft Vulnerability CVE-2018-8643:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48596 through 48597.

Talos also has added and modified multiple rules in the browser-ie,
file-executable, file-image, file-office, file-other, file-pdf,
indicator-compromise, malware-cnc, malware-other, malware-tools,
os-windows, protocol-scada and server-webapp rule sets to provide
coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJcEu5bAAoJEPE/nha8pb+toDgP/jxBs4kqd/92Wbp9voUodUOT
bFto64nqAISWP2C+HWmqJN0FnyWMrxyXuzLFt1ZiWFxjPC8/zHBj+IXPaXjcS3QZ
q4+vjlh5ujPYs2uTKTQD0c9V3zEstCPRBPqeqvQcn+s5MACf48elFPW5VyKaDOkr
ei8FAK3TnOLJiHxS/CcNEQto1An7ZZPcXtNFvHtndrOnTE+ZmUcU9nUFZwtCmBAk
9Q2imKANSxx4UnA8IvABH9lGWlXUL1DGtGRcHowillhgEh+6Q1DqdE5bjBFSa1JT
6qzaIxzHsdjzA8qjc5DL/ScyzJp5iLyJIlu8s+HYN6mLZWTxQG649J8B8fJvEprO
ni4bzyIPKe6X+OkohChslmyUYvU1k7Am0vmsX2zxKNUkDOUPgxncFMtGXm6+Al4h
BeSKix7n2JkXDPYvG53B9/QHJpWCF7dNQNG8LqDZqfECnxJtmc1Sc0X0vpmtzknw
uL5t3tcLNyDYxKpEHFOlZZjaWjG7EJA2K/g0ddopsyTtNL01i6L+88eL9M9m2vgM
Vc3a6XlHkuROUpPfnhmwH2xyrjjL5YIPX5bvJ0TH46GcPSR7nv1bIOf7VX+Ybnwx
QXA+QrithzErIrErOuIeyyF5R6qc7kFlqN/hSj002/KJ+7Lr/F9UCSrrO410Q9PR
WE7Qkg14uIQoqdxVx93+
=JsOh
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!