Snort Subscriber Rules Update 2016-05-10

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Security Bulletin MS16-051:
Microsoft Internet Explorer suffers from programming errors that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38763 through 38764,
38780 through 38781, 38828 through 38829, and 38841 through 38842.

Microsoft Security Bulletin MS16-052:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38776 through 38777
and 38805 through 38806.

Microsoft Security Bulletin MS16-053:
A coding deficiency exists in Microsft JScript and VBScript that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38828 through 38829.

Microsoft Security Bulletin MS16-054:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38782 through 38783
and 38785 through 38786.

Microsoft Security Bulletin MS16-055:
A coding deficiency exists in Microsoft Graphics Component that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38768 through 38773,
38797 through 38798, and 38816 through 38817.

Microsoft Security Bulletin MS16-056:
A coding deficiency exists in Microsoft Windows Journal that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38810 through 38815.

Microsoft Security Bulletin MS16-059:
A coding deficiency exists in Microsoft Windows Media Center that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38778 through 38779.

Microsoft Security Bulletin MS16-060:
A coding deficiency exists in the Microsoft Kernel that may lead to an
escalatin of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38803 through 38804.

Microsoft Security Bulletin MS16-061:
A coding deficiency exists in Microsoft RPC that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38839 through 38840.

Microsoft Security Bulletin MS16-062:
A coding deficiency exists in Microsoft Kernel-Mode drivers that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38759 through 38762,
38765 through 38766, 38774 through 38775, 38787 through 38788, 38801
through 38802, and 38808 through 38809.

Talos has added and modified multiple rules in the browser-ie,
exploit-kit, file-flash, file-image, file-office, file-other, file-pdf,
indicator-compromise, malware-cnc, os-windows, policy-other and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFXMiY5s9U0LCYEKaARArfSAJ9fH7hkqA+Awbz1ojqSnLfoFJWCCwCfdReB
+B2J37//FGNaf6CniBRyfus=
=65KK
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!