Snort mailing list archives
Snort Subscriber Rules Update 2019-07-09
From: Research <research () sourcefire com>
Date: Tue, 9 Jul 2019 16:58:45 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Talos Snort Subscriber Rules Update Synopsis: Talos is aware of vulnerabilities affecting products from Microsoft Corporation. Details: Microsoft Vulnerability CVE-2019-0880: A coding deficiency exists in Microsoft splwow64 that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50672 through 50673. Microsoft Vulnerability CVE-2019-1001: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50662 through 50663. Microsoft Vulnerability CVE-2019-1004: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50666 through 50667. Microsoft Vulnerability CVE-2019-1062: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45142 through 45143. Microsoft Vulnerability CVE-2019-1063: A coding deficiency exists in Microsoft Internet Explorer that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 46548 through 46549. Microsoft Vulnerability CVE-2019-1071: A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50678 through 50679. Microsoft Vulnerability CVE-2019-1073: A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50682 through 50683. Microsoft Vulnerability CVE-2019-1074: A coding deficiency exists in Microsoft Windows that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50664 through 50665. Microsoft Vulnerability CVE-2019-1089: A coding deficiency exists in Microsoft Windows RPCSS that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50674 through 50675. Microsoft Vulnerability CVE-2019-1092: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 49380 through 49381. Microsoft Vulnerability CVE-2019-1103: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45142 through 45143. Microsoft Vulnerability CVE-2019-1104: A coding deficiency exists in Microsoft Browser that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50668 through 50669. Microsoft Vulnerability CVE-2019-1106: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45142 through 45143. Microsoft Vulnerability CVE-2019-1107: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45142 through 45143. Microsoft Vulnerability CVE-2019-1108: A coding deficiency exists in Remote Desktop Protocol Client that may lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50676 through 50677. Microsoft Vulnerability CVE-2019-1112: A coding deficiency exists in Microsoft Excel that may lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50680 through 50681. Microsoft Vulnerability CVE-2019-1129: A coding deficiency exists in Microsoft Windows that may lead to an escalation of privilege. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 50198 through 50199. Microsoft Vulnerability CVE-2019-1132: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50670 through 50671. Talos also has added and modified multiple rules in the browser-ie, file-office, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: https://www.snort.org/advisories -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJdJMfEAAoJEPE/nha8pb+tGNQP/A/+pgRnZsOMcycM8zw0eBT9 okfoIm5gRyf97T6bS6/RrqEtWXyd73rY5dsIMnGd9BMVBuJ995UZ/RvdVAqWYob8 VC4V2CUS3dziMfWiZOya523A5YwxeOX9d/P2yGn9Su7ZfbCoqPmdflIFLV7tA123 L1zJk25pRuybuF8Q/cIz2oHkObIZT4S0BvP2nbxImdR7ZSYvlMk6uCK+XFI7AlXG e3jat590TCJgfAo6MCWFRT1QqCtTHttdcl2+9E+Fr5swb3S0s+dHe5a2ZdBP9bzO Y+oHLOWOBBlWRQNiiVBS55yQUgfNzf6mUjoKwf1uYUrZNZ6dKGdKEC3I/d4kulyE AV5/3n1cXAwqy2CK2C52rJGXNA3OvSPr59zglV2Tq+GLckQGWsyi60VpSB4EDAJw nX9vRTxVMyHPNEYs9WeQ69eOdj1Qyrn/wW5Sw3Q+jG3lD0k/wPldzTAYTiESwRn5 ba691f4gSKYrnhzLfgMPu0RsKFBjkZISpcgA0vYYFItHnRMoDmfjNwTCHfD4LKiU yJg7GHmB3+qAmVqzIkUmVjNXDqDihKiEfpHkg4OAAd4EsbO38kk+HMvJ8mqgzc8f UGnv8Ca29W4B+Q0tLshlYDVr3Ftjv/urukXzrIFAngtKXDlSILMkrExtQr4iT5LA DBNM3BxFAWlMvQxGoOEp =fuP5 -----END PGP SIGNATURE----- _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort Subscriber Rules Update 2019-07-09 Research (Jul 09)