Sourcefire VRT Certified Snort Rules Update 2015-04-14

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Sourcefire VRT Certified Snort Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Security Bulletin MS15-032:
Microsoft Internet Explorer suffers from programming errors that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 32442 through 32443,
34059 through 34060, 34064 through 34065, 34068 through 34071, 34074
through 34077, 34084 through 34085, and 34089 through 34090.

Microsoft Security Bulletin MS15-033:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 34062 through 34063,
34066 through 34067, 34086 through 34087, and 34093 through 34094.

Microsoft Security Bulletin MS15-034:
A coding deficiency exists in Microsoft HTTP.sys that may lead to
remote code execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 34061.

Microsoft Security Bulletin MS15-035:
A coding deficiency exists in a Microsoft graphics component that may
lead to remode code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 34082 through 34083.

Microsoft Security Bulletin MS15-036:
A coding deficiency exists in Microsoft SharePoint Server that that may
lead to an escalation of privilege.

Previously released rulea will detect attacks targeting this
vulnerability and have been updated with the appropriate reference
information. They are included in this release and are identified with
GID 1, SIDs 7070 and 21782.

A new rule to detect attacks targeting this vulnerability is also
included in this release and is identified with GID 1, SID 34099.

Microsoft Security Bulletin MS15-037:
A coding deficiency exists in Microsoft Windows Task Scheduler that
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 34091 through 34092.

Microsoft Security Bulletin MS15-038:
A coding deficiency exists in Microsoft Windows that that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 34078 through 34081
and 34095 through 34096.

Microsoft Security Bulletin MS15-039:
A coding deficiency exists in Microsoft XML Core Services that may
allow a security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 34097 through 34098.

Microsoft Security Bulletin MS15-041:
A coding deficiency exists in Microsoft .NET Framework that may lead to
information disclosure.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 34088.


Talos has also added and modified multiple rules in the browser-ie,
deleted, exploit-kit, file-executable, file-office, file-other,
indicator-obfuscation, os-windows, policy-other and server-other rule
sets to provide coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFVLr0Vs9U0LCYEKaARAlnkAKCDhkfTXoSe7quO1BwgiQnLj+UZegCbBsio
T4AGmdC0onDi+btKCHM2nSg=
=/EMc
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!