Snort mailing list archives
Snort Subscriber Rules Update 2020-04-14
From: Research <research () sourcefire com>
Date: Tue, 14 Apr 2020 17:00:17 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Talos Snort Subscriber Rules Update Synopsis: Talos is aware of vulnerabilities affecting products from Microsoft Corporation. Details: Microsoft Vulnerability CVE-2020-0784: A coding deficiency exists in DirectX Graphics Kernel that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53621 through 53622. Microsoft Vulnerability CVE-2020-0888: A coding deficiency exists in DirectX Graphics Kernel that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53625 through 53626. Microsoft Vulnerability CVE-2020-0938: A coding deficiency exists in OpenType Font Parsing that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 53489 through 53490. Microsoft Vulnerability CVE-2020-0956: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53652 through 53653. Microsoft Vulnerability CVE-2020-0957: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53654 through 53655. Microsoft Vulnerability CVE-2020-0958: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53627 through 53628. Microsoft Vulnerability CVE-2020-0968: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53623 through 53624. Microsoft Vulnerability CVE-2020-1004: A coding deficiency exists in Microsoft Graphics Component that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53619 through 53620. Microsoft Vulnerability CVE-2020-1020: A coding deficiency exists in Adobe Font Manager Library that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 53491 through 53492. Microsoft Vulnerability CVE-2020-1027: A coding deficiency exists in Microsoft Windows Kernel that may lead to elevation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53629 through 53630. Talos also has added and modified multiple rules in the browser-ie, deleted, file-flash, file-image, file-multimedia, file-office, file-other, indicator-compromise, malware-cnc, malware-other, malware-tools, os-linux, os-other, os-windows, protocol-dns, protocol-other and server-samba rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: https://www.snort.org/advisories -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJelewfAAoJEPE/nha8pb+t7j4P/jqyqoWiTcQGhGQ37kTmbakl mL6HpLKW8g0kTo+5U7gPI8IKkfzJsCuUFffzvWP7vmIobl+cJpY1O5JRs8Y8AzWc kUiN0EapKyBX/5H0mq5pPcRgf6M+KNw2LFBubrJLNCqZszsZIZuf6IfR0U03pz27 KN58mzpPJnjlXmKn9RaXlja/QgclhmzcQnqKIBmwNWrnqam3k89DthANERgMbjBn k92AwgRXZLsUaBrMs7uLzm5WLURXIV5Ls1GDMW1ml+CnecwbgWkQo9sU+zC2mf0o AwgUbqbyzb3O9iNoU5o9CyMljxdxPH/ZQhBXVCjSr8DXzvKeFuNWqYoCz9tPEfgU mNX17pC0X2qWgkVddJJnoQSk/VCP+JLloLizx6nuTYBGPOXobeePffM5g5HKoqgr 0j9BYu1Q3+5nCetD+PEApTszc/ezaBEV1KXS4eb+qLfUkBRuwyRWPcN/v9D388zC XJg6ty97XJOxgMrpeX/aPnRzlI4kBPCdcFj2zJutyDBMFUZ9Cbrd7zCaOcrtdJ3G NzJL2uoe4sd8nfAZHUXI79MogslM7wcn7n9rjjdvA8zPMrRdko+NX57FAoiArwDy 3o954AIDK4TjO/g/a8rSdTDgUoF67wad4mEeMZa7R2MefNKgHDnHWFxJ+gSLZMA/ NgLPmAuDq1VdIMXWrRqC =NhSV -----END PGP SIGNATURE----- _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort Subscriber Rules Update 2020-04-14 Research (Apr 14)