Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort Subscriber Rules Update 2019-04-09

From: Research <research () sourcefire com>
Date: Tue, 9 Apr 2019 17:19:47 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2019-0685:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49688 through 49689.

Microsoft Vulnerability CVE-2019-0730:
A coding deficiency exists in Microsoft Windows that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49692 through 49693.

Microsoft Vulnerability CVE-2019-0731:
A coding deficiency exists in Microsoft Windows that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49696 through 49697.

Microsoft Vulnerability CVE-2019-0732:
A coding deficiency exists in Microsoft Windows that may lead to a
security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49704 through 49705.

Microsoft Vulnerability CVE-2019-0735:
A coding deficiency exists in Microsoft Windows CSRSS that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49694 through 49695.

Microsoft Vulnerability CVE-2019-0752:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49702 through 49703.

Microsoft Vulnerability CVE-2019-0753:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49708 through 49709.

Microsoft Vulnerability CVE-2019-0793:
A coding deficiency exists in MS XML that may lead to remote code
execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46548 through 46549.

Microsoft Vulnerability CVE-2019-0794:
A coding deficiency exists in OLE Automation that may lead to remote
code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46548 through 46549.

Microsoft Vulnerability CVE-2019-0796:
A coding deficiency exists in Microsoft Windows that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49718 through 49719.

Microsoft Vulnerability CVE-2019-0801:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49727 through 49745.

Microsoft Vulnerability CVE-2019-0803:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49712 through 49713.

Microsoft Vulnerability CVE-2019-0805:
A coding deficiency exists in Microsoft Windows that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49748 through 49749.

Microsoft Vulnerability CVE-2019-0806:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49716 through 49717.

Microsoft Vulnerability CVE-2019-0810:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49710 through 49711.

Microsoft Vulnerability CVE-2019-0812:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49698 through 49699.

Microsoft Vulnerability CVE-2019-0814:
A coding deficiency exists in Microsoft Win32k that may lead to
information disclosure.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45632 and 45635.

Microsoft Vulnerability CVE-2019-0822:
A coding deficiency exists in Microsoft Graphics that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49700 through 49701.

Microsoft Vulnerability CVE-2019-0829:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49722 through 49723.

Microsoft Vulnerability CVE-2019-0836:
A coding deficiency exists in Microsoft Windows that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49720 through 49721.

Microsoft Vulnerability CVE-2019-0840:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49750 through 49751.

Microsoft Vulnerability CVE-2019-0844:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49754 through 49755.

Microsoft Vulnerability CVE-2019-0859:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49746 through 49747.

Microsoft Vulnerability CVE-2019-0860:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49706 through 49707.

Microsoft Vulnerability CVE-2019-0861:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 49380 through 49381.

Microsoft Vulnerability CVE-2019-0862:
A coding deficiency exists in Microsoft Windows VBScript Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49752 through 49753.

Talos also has added and modified multiple rules in the browser-ie,
browser-plugins, file-executable, file-office, file-pdf,
indicator-shellcode, malware-cnc, os-linux, os-windows and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJcrNQxAAoJEPE/nha8pb+tRsMP/0QzCkkGj+vK8ew1EOm7mbL8
Ol5INrn0anMFDJ+5arnVGrbHayNaSIbSm8KG3RrmLSt8e0RVYP1fGy2DD740w4zG
auLY9MW5Yj5COG8//A+8+Harv7gBamACH7EPDkhoRi20Cf5CvuIHfomPCP5cTw/w
JDxtHfMlQpMt7mYUx80En1G/YB758Lbf1u4HbZ2qn29tQHATR5vnSwFhyqFDplWu
aqBY8hz7HJCIVVawZ5bFAJYnD2MLQn8x/k3vLuXlPN5zJ9JcmfZXfCwTz6mz9x6F
oSIh0TC/jlyntgCnCv/9vqwxzOUhVOXgdFhjVROIqz9J6ceuEJPtSZWEw0RFSL+L
xHf4EUjmlAS8EMmhsCRasnm/z8+uf2IUd31ltgz/MduTBRty23MHMzstXsoN4iWf
ch5k/SedlAKrrVowZpqpSceAjC5JT2aBvC7V5sQx++hlGQmpuyongV7mbytp6Tze
L8JAtHQWRARkEyOk+K99CswE/CuwlaaIS2QRwEKCwfQhvA+O+wVCbFsfYVVGj9iJ
nPhAs7yQVm1Z34pNiSOS7YVISc7TGVwOdWackKlxhubKLrXS0ymKf9q3byU1qUm+
Q6AkLa5GxZmmxH/T/s9XUw0kGbXEVpno6g35VmPsAtDVDTyXyyQWc2Pcu7PJ2FqA
/B+qrMF/X7VA3oAMhkY8
=kwr1
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: