Snort mailing list archives
Snort Subscriber Rules Update 2019-02-12
From: Research <research () sourcefire com>
Date: Tue, 12 Feb 2019 19:24:35 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Talos Snort Subscriber Rules Update Synopsis: Talos is aware of vulnerabilities affecting products from Microsoft Corporation. Details: Microsoft Vulnerability CVE-2019-0590: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49128 through 49129. Microsoft Vulnerability CVE-2019-0591: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49134 through 49135. Microsoft Vulnerability CVE-2019-0593: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49130 through 49131. Microsoft Vulnerability CVE-2019-0606: A coding deficiency exists in Microsoft Internet Explorer that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49144 through 49145. Microsoft Vulnerability CVE-2019-0607: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49149 through 49150. Microsoft Vulnerability CVE-2019-0610: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49140 through 49141. Microsoft Vulnerability CVE-2019-0621: A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49172 through 49173. Microsoft Vulnerability CVE-2019-0628: A coding deficiency exists in Microsoft Win32k that may lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49180 through 49181. Microsoft Vulnerability CVE-2019-0630: A coding deficiency exists in Microsoft SMB that may lead to remote code execution. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 49146. Microsoft Vulnerability CVE-2019-0633: A coding deficiency exists in Microsoft SMB that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49174 through 49177. Microsoft Vulnerability CVE-2019-0636: A coding deficiency exists in Microsoft Windows that may lead to information disclosure. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 48799 through 48800. Microsoft Vulnerability CVE-2019-0640: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49153 through 49154. Microsoft Vulnerability CVE-2019-0642: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49169 through 49170. Microsoft Vulnerability CVE-2019-0644: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49151 through 49152. Microsoft Vulnerability CVE-2019-0645: A coding deficiency exists in Microsoft Edge that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49142 through 49143. Microsoft Vulnerability CVE-2019-0648: A coding deficiency exists in Microsoft Scripting Engine that may lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49157 through 49158. Microsoft Vulnerability CVE-2019-0650: A coding deficiency exists in Microsoft Edge that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49147 through 49148. Microsoft Vulnerability CVE-2019-0651: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49138 through 49139. Microsoft Vulnerability CVE-2019-0652: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49136 through 49137. Microsoft Vulnerability CVE-2019-0655: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49167 through 49168. Microsoft Vulnerability CVE-2019-0656: A coding deficiency exists in Microsoft Windows Kernel that may lead to elevation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49159 through 49160. Microsoft Vulnerability CVE-2019-0658: A coding deficiency exists in Microsoft Scripting Engine that may lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49165 through 49166. Microsoft Vulnerability CVE-2019-0661: A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49161 through 49162. Microsoft Vulnerability CVE-2019-0669: A coding deficiency exists in Microsoft Excel that may lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49132 through 49133. Microsoft Vulnerability CVE-2019-0676: A coding deficiency exists in Microsoft Internet Explorer that may lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49155 through 49156. Talos also has added and modified multiple rules in the browser-ie, file-office, file-other, file-pdf, indicator-compromise, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: https://www.snort.org/advisories -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJcYx1xAAoJEPE/nha8pb+tGqwQAMnwZn0r3VAAxtpPnAo6udaw R3EzITVM8TA5E8aDhlUApwwAAk4zUJj81xZJmRWcgxge9NeyF/QUoegnMljz1lvZ QtH/A5ZyYAMgwUTONPvivBZNWJG7H/LvPPz7HV8sDAeYWwsjHJ81jYoSm8azomcr 30rdWLb05jKK+RMUzxdCXoKX6ivA4cJVfeuqtnR3k40dTYGeFaUqnHCN7T0JJI7I tNjNBjC9YLINceqfEvrJd0GYr5iQ1AByBehsQfRmwfLwDUADrXBbM6H6JZp+fgHn lQ+fi/Vqv3KfWTA5JqNi8Mq3aq7ts68+C5WJDg/hAdBqzSny3W9Pysi4UgRVIOcq sQfAyG3Bod7mSZul7I1S/jYj6r+pj8z7fqzUnrhVX/tE9MqpTVpS56bJxYzbZUoW bcUgBbIqwGOIB1sOoMVxL/wMqBB5ThdaxbgRCF08W7IvwpR2zYg5cMXU+wWcs2Au McHW9Dlsa0KYhFEWAJDQ2Ie/8+npA7FvNb9Fwrs6X8Y3FypEjOPcaNm/hYgy5WFf OlWslt0P80WNoj+xxwZWC2WMv5iT3aTR5UHyQK8ia+kW4pYUJhKmGD5ban6sWJeO GiveriRxXYM5UIOg+GNtuW6HxuztF53uZNsnq3BKjPrbF50ykml689REfOQPXoaU gRvDJYnOM+XmVR5547vn =NXWM -----END PGP SIGNATURE----- _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort Subscriber Rules Update 2019-02-12 Research (Feb 12)