Snort Subscriber Rules Update 2016-06-14

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Security Bulletin MS16-063:
Microsoft Internet Explorer suffers from programming errors that may
lead to remote code execution.

A previously released rule will detect attacks targeting these
vulnerabilities and has been updated with the appropriate reference
information. It is included in this release and is identified with GID
1, SID 20258.

New rules to detect attacks targeting these vulnerabilities are also
included in this release and are identified with GID 1, SIDs 20258,
39207 through 39208, 39227, 39230 through 39231, 39234 through 39235,
and 39242 through 39259.

Microsoft Security Bulletin MS16-068:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39199 through 39200,
39205 through 39206, 39219 through 39220, 39228 through 39229, 39232
through 39233, and 39238 through 39239.

Microsoft Security Bulletin MS16-069:
A coding deficiency exists in Microsoft Jscript and VBScript that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39211 through 39212
and 39236 through 39237.

Microsoft Security Bulletin MS16-070:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39203 through 39204
and 39221 through 39224.

Microsoft Security Bulletin MS16-073:
A coding deficiency exists in Microsoft Kernel Mode Drivers that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39193 through 39196
and 39217 through 39218.

Microsoft Security Bulletin MS16-074:
A coding deficiency exists in Microsoft Graphics Component that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39209 through 39210,
39260 through 39261, and 39266 through 39267.

Microsoft Security Bulletin MS16-075:
A coding deficiency exists in Microsoft Windows SMB Server that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39213 through 39216.

Microsoft Security Bulletin MS16-077:
A coding deficiency exists in Microsoft Web Proxy Autodiscovery (WPAD)
that may lead to an escalation of privilege.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 39227.

Microsoft Security Bulletin MS16-078:
A coding deficiency exists in Microsoft Windows Diagnostic Hub that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39225 through 39226.

Talos has added and modified multiple rules in the browser-ie,
file-flash, file-image, file-office, file-other, malware-cnc,
os-windows, pua-toolbars and server-webapp rule sets to provide
coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFXYFens9U0LCYEKaARAroIAJ9rj0TapA4AFZ1Y/yJasWKevUPmJQCfT5MH
PjBEseKuzdfYgpJzavj2OKs=
=xQrx
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!