Snort Subscriber Rules Update 2020-04-14

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2020-0784:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 53621 through 53622.

Microsoft Vulnerability CVE-2020-0888:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 53625 through 53626.

Microsoft Vulnerability CVE-2020-0938:
A coding deficiency exists in OpenType Font Parsing that may lead to
remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 53489 through 53490.

Microsoft Vulnerability CVE-2020-0956:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 53652 through 53653.

Microsoft Vulnerability CVE-2020-0957:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 53654 through 53655.

Microsoft Vulnerability CVE-2020-0958:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 53627 through 53628.

Microsoft Vulnerability CVE-2020-0968:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 53623 through 53624.

Microsoft Vulnerability CVE-2020-1004:
A coding deficiency exists in Microsoft Graphics Component that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 53619 through 53620.

Microsoft Vulnerability CVE-2020-1020:
A coding deficiency exists in Adobe Font Manager Library that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 53491 through 53492.

Microsoft Vulnerability CVE-2020-1027:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 53629 through 53630.


Talos also has added and modified multiple rules in the browser-ie,
deleted, file-flash, file-image, file-multimedia, file-office,
file-other, indicator-compromise, malware-cnc, malware-other,
malware-tools, os-linux, os-other, os-windows, protocol-dns,
protocol-other and server-samba rule sets to provide coverage for
emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJelewfAAoJEPE/nha8pb+t7j4P/jqyqoWiTcQGhGQ37kTmbakl
mL6HpLKW8g0kTo+5U7gPI8IKkfzJsCuUFffzvWP7vmIobl+cJpY1O5JRs8Y8AzWc
kUiN0EapKyBX/5H0mq5pPcRgf6M+KNw2LFBubrJLNCqZszsZIZuf6IfR0U03pz27
KN58mzpPJnjlXmKn9RaXlja/QgclhmzcQnqKIBmwNWrnqam3k89DthANERgMbjBn
k92AwgRXZLsUaBrMs7uLzm5WLURXIV5Ls1GDMW1ml+CnecwbgWkQo9sU+zC2mf0o
AwgUbqbyzb3O9iNoU5o9CyMljxdxPH/ZQhBXVCjSr8DXzvKeFuNWqYoCz9tPEfgU
mNX17pC0X2qWgkVddJJnoQSk/VCP+JLloLizx6nuTYBGPOXobeePffM5g5HKoqgr
0j9BYu1Q3+5nCetD+PEApTszc/ezaBEV1KXS4eb+qLfUkBRuwyRWPcN/v9D388zC
XJg6ty97XJOxgMrpeX/aPnRzlI4kBPCdcFj2zJutyDBMFUZ9Cbrd7zCaOcrtdJ3G
NzJL2uoe4sd8nfAZHUXI79MogslM7wcn7n9rjjdvA8zPMrRdko+NX57FAoiArwDy
3o954AIDK4TjO/g/a8rSdTDgUoF67wad4mEeMZa7R2MefNKgHDnHWFxJ+gSLZMA/
NgLPmAuDq1VdIMXWrRqC
=NhSV
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!