Snort Subscriber Rules Update 2015-05-12

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Security Bulletin MS15-043:
Microsoft Internet Explorer suffers from programming errors that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 34379 through 34384,
34391 through 34392, 34405 through 34412, 34415, 34417 through 34425,
34430 through 34433, 34436 through 34437, and 34444 through 34445.

Microsoft Security Bulletin MS15-044:
A coding deficiency exists in Microsoft GDI+ that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 34440 through 34441.

Microsoft Security Bulletin MS15-045:
A coding deficiency exists in Microsoft Windows Journal that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 34371 through 34372,
34385 through 34390, 34399 through 34400, and 34403 through 34404.

Microsoft Security Bulletin MS15-046:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 34428 through 34429.

Microsoft Security Bulletin MS15-048:
A coding deficiency exists in the Microsoft .NET Framework that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 34401 through 34402
and 34434 through 34435.

Microsoft Security Bulletin MS15-051:
A coding deficiency exists in Microsoft Kernel-Mode drivers that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 34377 through 34378,
34413 through 34414, and 34442 through 34443.

Microsoft Security Bulletin MS15-052:
A coding deficiency exists in the Microsoft Kernel that may lead to a
security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 34426 through 34427.

Microsoft Security Bulletin MS15-053:
A coding deficiency exists in the Microsoft JScript and VBScript
scripting engines that may lead to a security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 34393 through 34394.

Microsoft Security Bulletin MS15-054:
A coding deficiency exists in Microsoft Management Console that may
lead to a Denial of Service (DoS).

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 34438 through 34439.


Talos has also added and modified multiple rules in the blacklist,
browser-ie, file-flash, file-identify, file-office, file-other,
malware-cnc, malware-other, malware-tools, os-windows and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFVUnL2s9U0LCYEKaARAsytAKCbuXvTXdpnHwaN0sOAd7nWg+HbbwCfT3sQ
fnPbDR686ae30objJ4WsDd4=
=Mgou
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!