Snort mailing list archives
Snort Subscriber Rules Update 2019-08-13
From: Research <research () sourcefire com>
Date: Tue, 13 Aug 2019 17:20:23 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Talos Snort Subscriber Rules Update Synopsis: Talos is aware of vulnerabilities affecting products from Microsoft Corporation. Details: Microsoft Vulnerability CVE-2019-1078: A coding deficiency exists in Microsoft Graphics Component that may lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50969 through 50974. Microsoft Vulnerability CVE-2019-1139: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 48051 through 48052. Microsoft Vulnerability CVE-2019-1140: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50938 through 50939. Microsoft Vulnerability CVE-2019-1141: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45142 through 45143. Microsoft Vulnerability CVE-2019-1159: A coding deficiency exists in Microsoft Windows Kernel that may lead to escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50963 through 50964. Microsoft Vulnerability CVE-2019-1164: A coding deficiency exists in Microsoft Windows Kernel that may lead to escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50942 through 50943. Microsoft Vulnerability CVE-2019-1170: A coding deficiency exists in Windows NTFS that may lead to security feature bypass. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50936 through 50937. Microsoft Vulnerability CVE-2019-1173: A coding deficiency exists in Microsoft Windows that may lead to escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 51001 through 51014. Microsoft Vulnerability CVE-2019-1174: A coding deficiency exists in Microsoft Windows that may lead to escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50987 through 50988. Microsoft Vulnerability CVE-2019-1175: A coding deficiency exists in Microsoft Windows that may lead to escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 51015 through 51016. Microsoft Vulnerability CVE-2019-1184: A coding deficiency exists in Microsoft Windows that may lead to escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50966 through 50967. Microsoft Vulnerability CVE-2019-1195: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45142 through 45143. Microsoft Vulnerability CVE-2019-1196: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50940 through 50941. Microsoft Vulnerability CVE-2019-1197: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 48051 through 48052. Microsoft Vulnerability CVE-2019-1199: A coding deficiency exists in Microsoft Outlook that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50998 through 50999. Microsoft Vulnerability CVE-2019-1201: A coding deficiency exists in Microsoft Word that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 35190 through 35191. Talos also has added and modified multiple rules in the browser-ie, file-image, file-multimedia, file-office, file-other, indicator-compromise, malware-cnc, os-windows, policy-other, protocol-dns, protocol-other and server-webapp rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: https://www.snort.org/advisories -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJdUvFVAAoJEPE/nha8pb+tKhgP/0ogJAJxpF1XMGI6kgBcd11i tJ60VaTgIIHRI4HyRDns2kyy8YAe2ySTgFEYVNMV/3wbhEm50MKxvvSD6ZQJs4Et QVpdEUzwnjhJvFgJxRiwykLGOYaIBKoFoG/1s5I7V9UxpsdODNtBy0TUYtz8PqJL j8uXypTmAIT87CYIEy8Xhu6IaIoVPkvn8BPSJNkaNni2Cy4H3qikOUCAqp8SOy69 twHtrdOKKGMIb6/AzVzvGlFRnHnUlVNP1HSwBDCEhrqp3g4Vb20VACPzU3Cb9cal GcQTG3RQb79PBZVbPgpunhUYoaYvmesKC5CzuYnlDKKOCdoTPf5sutOAEH5cSpzA em6U01ryh/hBcVIqRlgXtWFayKkVSaKUoKcowVCy2Gfr5tOO/1ux+A5LCP/INAde fRHKxmkSd/MHRTeVtCMfITWPOTuCZTN1CLWk8A0JUcpJSo+oVK6nri+/ln7wBSCx mPxxwrl22erOr4xPG+s+Lxb/TPYWauq6VjdRV3yZv/106kAivezvsoeKSCnIZO/i 0jSzydVtYX3MxIjUXnNmdVBfR/5oIBIieduH1jxw3ewDRgss14f2UYpY9nZLFgVm aHMOOq2aCu4gzXVPBVrLf/tL6lTZ4j3U4B9JDHIJKnWq18aRXZUJLbX7xRGFDfYY 4LleINA4g/K03NGzp4yE =1VW1 -----END PGP SIGNATURE----- _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort Subscriber Rules Update 2019-08-13 Research (Aug 13)