Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort Subscriber Rules Update 2019-07-09

From: Research <research () sourcefire com>
Date: Tue, 9 Jul 2019 16:58:45 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2019-0880:
A coding deficiency exists in Microsoft splwow64 that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50672 through 50673.

Microsoft Vulnerability CVE-2019-1001:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50662 through 50663.

Microsoft Vulnerability CVE-2019-1004:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50666 through 50667.

Microsoft Vulnerability CVE-2019-1062:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45142 through 45143.

Microsoft Vulnerability CVE-2019-1063:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46548 through 46549.

Microsoft Vulnerability CVE-2019-1071:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50678 through 50679.

Microsoft Vulnerability CVE-2019-1073:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50682 through 50683.

Microsoft Vulnerability CVE-2019-1074:
A coding deficiency exists in Microsoft Windows that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50664 through 50665.

Microsoft Vulnerability CVE-2019-1089:
A coding deficiency exists in Microsoft Windows RPCSS that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50674 through 50675.

Microsoft Vulnerability CVE-2019-1092:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 49380 through 49381.

Microsoft Vulnerability CVE-2019-1103:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45142 through 45143.

Microsoft Vulnerability CVE-2019-1104:
A coding deficiency exists in Microsoft Browser that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50668 through 50669.

Microsoft Vulnerability CVE-2019-1106:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45142 through 45143.

Microsoft Vulnerability CVE-2019-1107:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45142 through 45143.

Microsoft Vulnerability CVE-2019-1108:
A coding deficiency exists in Remote Desktop Protocol Client that may
lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50676 through 50677.

Microsoft Vulnerability CVE-2019-1112:
A coding deficiency exists in Microsoft Excel that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50680 through 50681.

Microsoft Vulnerability CVE-2019-1129:
A coding deficiency exists in Microsoft Windows that may lead to an
escalation of privilege.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 50198 through 50199.

Microsoft Vulnerability CVE-2019-1132:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50670 through 50671.


Talos also has added and modified multiple rules in the browser-ie,
file-office, os-windows and server-webapp rule sets to provide coverage
for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJdJMfEAAoJEPE/nha8pb+tGNQP/A/+pgRnZsOMcycM8zw0eBT9
okfoIm5gRyf97T6bS6/RrqEtWXyd73rY5dsIMnGd9BMVBuJ995UZ/RvdVAqWYob8
VC4V2CUS3dziMfWiZOya523A5YwxeOX9d/P2yGn9Su7ZfbCoqPmdflIFLV7tA123
L1zJk25pRuybuF8Q/cIz2oHkObIZT4S0BvP2nbxImdR7ZSYvlMk6uCK+XFI7AlXG
e3jat590TCJgfAo6MCWFRT1QqCtTHttdcl2+9E+Fr5swb3S0s+dHe5a2ZdBP9bzO
Y+oHLOWOBBlWRQNiiVBS55yQUgfNzf6mUjoKwf1uYUrZNZ6dKGdKEC3I/d4kulyE
AV5/3n1cXAwqy2CK2C52rJGXNA3OvSPr59zglV2Tq+GLckQGWsyi60VpSB4EDAJw
nX9vRTxVMyHPNEYs9WeQ69eOdj1Qyrn/wW5Sw3Q+jG3lD0k/wPldzTAYTiESwRn5
ba691f4gSKYrnhzLfgMPu0RsKFBjkZISpcgA0vYYFItHnRMoDmfjNwTCHfD4LKiU
yJg7GHmB3+qAmVqzIkUmVjNXDqDihKiEfpHkg4OAAd4EsbO38kk+HMvJ8mqgzc8f
UGnv8Ca29W4B+Q0tLshlYDVr3Ftjv/urukXzrIFAngtKXDlSILMkrExtQr4iT5LA
DBNM3BxFAWlMvQxGoOEp
=fuP5
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: