Snort mailing list archives
Snort Subscriber Rules Update 2017-06-13
From: Research <research () sourcefire com>
Date: Tue, 13 Jun 2017 17:59:06 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Talos Snort Subscriber Rules Update Synopsis: Talos is aware of vulnerabilities affecting products from Microsoft Corporation. Details: Microsoft Vulnerability CVE-2017-0215: A coding deficiency exists in Microsoft Device Guard Code Integrity Policy that may lead to a security feature bypass. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 43157 through 43158. Microsoft Vulnerability CVE-2017-8464: A coding deficiency exists in Microsoft LNK that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 17042 and 24500. Microsoft Vulnerability CVE-2017-8465: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 43173 through 43174. Microsoft Vulnerability CVE-2017-8466: A coding deficiency exists in Microsoft Windows Cursor that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 43173 through 43174. Microsoft Vulnerability CVE-2017-8468: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 43173 through 43174. Microsoft Vulnerability CVE-2017-8496: Microsoft Edge suffers from programming errors that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 43165 through 43166. Microsoft Vulnerability CVE-2017-8497: Microsoft Edge suffers from programming errors that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 43169 through 43170. Microsoft Vulnerability CVE-2017-8509: A coding deficiency exists in Microsoft Office that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 43159 through 43160. Microsoft Vulnerability CVE-2017-8510: A coding deficiency exists in Microsoft Office that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 43171 through 43172. Microsoft Vulnerability CVE-2017-8524: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 43163 through 43164. Microsoft Vulnerability CVE-2017-8529: Microsoft Edge and Microsoft Internet Explorer suffer from programming errors that may lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 43161 through 43162. Microsoft Vulnerability CVE-2017-8543: A coding deficiency exists in Microsoft Windows Search that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 43175 through 43176. Microsoft Vulnerability CVE-2017-8547: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 43155 through 43156. Talos has also added and modified multiple rules in the blacklist, browser-ie, file-office, file-other, file-pdf, malware-cnc, os-windows, policy-other, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: https://www.snort.org/advisories -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJZQCfoAAoJEPE/nha8pb+tcb0QAKQZ9XgKjRJ6NRNl4o7nLH+K maHCcLqWHo9lzkxFivOWEeWLN2Rs6UPk8+jJF9lPXcBzUFYpo0mHcXmbGXGfEMX6 2w0Di8JhyeLDy0pZgdGlBY+/2es3NWkeSLeu9WtTbo9iiiXujg7PC6oY1XM40J7s 8CtfIpK144zDaAoRjqrZX/gz2OLv9T06F9OqwKJPgw0PncxeDDppoDO0sXUkRxyB BPUFz7Ba73ACevxrzW6DuzuK+DWs6+Fsg2v5oeJNY5BRo1UBexi7NHSw0hgSYXjr iY8SZcBsxD3l/f3PcDOPhBoJebqolz2UTi2m8ZA7+BaWD9KfC2a1HCxjchS//IH5 SZI/kHbRmt1DqXyr5O0Y2V1QzsNDYGsrGyGdEnXxkMaLLbo9iG15UcMpg5DhkKuA L0zG55H5JbIoMxbKXNRr7mQPiThFMsqLX8/svhiHSNoXiQOuCF9ht1vRaETMmzln OeMANx7xK2JcUGHFT4e2RtP0lJ9daadKKvUjD6iuSF42gup3gQAxpPccuBkt7g3z 4orujME8ShJgpx8g/NeiqL8gutgs886SRBBgTbn/sB5vTSU7b4TRduruH7jJ+Fl9 Fz+hYgQFWs23lXw6g+cTRn394M5mNyAX/TkYalF5LZaTjJPaOAO6ojUlPMw+imlG qn0Lz0SXB0Pq2ZbwKTCR =eG0h -----END PGP SIGNATURE----- _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort Subscriber Rules Update 2017-06-13 Research (Jun 13)
- Re: Snort Subscriber Rules Update 2017-06-13 Andrew via Snort-sigs (Jun 13)