Snort mailing list archives

Snort Subscriber Rules Update 2019-08-13

From: Research <research () sourcefire com>
Date: Tue, 13 Aug 2019 17:20:23 GMT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2019-1078:
A coding deficiency exists in Microsoft Graphics Component that may
lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50969 through 50974.

Microsoft Vulnerability CVE-2019-1139:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 48051 through 48052.

Microsoft Vulnerability CVE-2019-1140:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50938 through 50939.

Microsoft Vulnerability CVE-2019-1141:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Microsoft Vulnerability CVE-2019-1159:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50963 through 50964.

Microsoft Vulnerability CVE-2019-1164:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50942 through 50943.

Microsoft Vulnerability CVE-2019-1170:
A coding deficiency exists in Windows NTFS that may lead to security
feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50936 through 50937.

Microsoft Vulnerability CVE-2019-1173:
A coding deficiency exists in Microsoft Windows that may lead to
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 51001 through 51014.

Microsoft Vulnerability CVE-2019-1174:
A coding deficiency exists in Microsoft Windows that may lead to
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50987 through 50988.

Microsoft Vulnerability CVE-2019-1175:
A coding deficiency exists in Microsoft Windows that may lead to
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 51015 through 51016.

Microsoft Vulnerability CVE-2019-1184:
A coding deficiency exists in Microsoft Windows that may lead to
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50966 through 50967.

Microsoft Vulnerability CVE-2019-1195:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Microsoft Vulnerability CVE-2019-1196:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50940 through 50941.

Microsoft Vulnerability CVE-2019-1197:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Microsoft Vulnerability CVE-2019-1199:
A coding deficiency exists in Microsoft Outlook that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50998 through 50999.

Microsoft Vulnerability CVE-2019-1201:
A coding deficiency exists in Microsoft Word that may lead to remote
code execution.

Talos also has added and modified multiple rules in the browser-ie,
file-image, file-multimedia, file-office, file-other,
indicator-compromise, malware-cnc, os-windows, policy-other,
protocol-dns, protocol-other and server-webapp rule sets to provide
coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJdUvFVAAoJEPE/nha8pb+tKhgP/0ogJAJxpF1XMGI6kgBcd11i
tJ60VaTgIIHRI4HyRDns2kyy8YAe2ySTgFEYVNMV/3wbhEm50MKxvvSD6ZQJs4Et
QVpdEUzwnjhJvFgJxRiwykLGOYaIBKoFoG/1s5I7V9UxpsdODNtBy0TUYtz8PqJL
j8uXypTmAIT87CYIEy8Xhu6IaIoVPkvn8BPSJNkaNni2Cy4H3qikOUCAqp8SOy69
twHtrdOKKGMIb6/AzVzvGlFRnHnUlVNP1HSwBDCEhrqp3g4Vb20VACPzU3Cb9cal
GcQTG3RQb79PBZVbPgpunhUYoaYvmesKC5CzuYnlDKKOCdoTPf5sutOAEH5cSpzA
em6U01ryh/hBcVIqRlgXtWFayKkVSaKUoKcowVCy2Gfr5tOO/1ux+A5LCP/INAde
fRHKxmkSd/MHRTeVtCMfITWPOTuCZTN1CLWk8A0JUcpJSo+oVK6nri+/ln7wBSCx
mPxxwrl22erOr4xPG+s+Lxb/TPYWauq6VjdRV3yZv/106kAivezvsoeKSCnIZO/i
0jSzydVtYX3MxIjUXnNmdVBfR/5oIBIieduH1jxw3ewDRgss14f2UYpY9nZLFgVm
aHMOOq2aCu4gzXVPBVrLf/tL6lTZ4j3U4B9JDHIJKnWq18aRXZUJLbX7xRGFDfYY
4LleINA4g/K03NGzp4yE
=1VW1
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

Current thread:

Snort Subscriber Rules Update 2019-08-13 Research (Aug 13)