Snort mailing list archives

Snort Subscriber Rules Update 2018-04-10

From: Research <research () sourcefire com>
Date: Tue, 10 Apr 2018 20:05:20 GMT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2018-0870:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46243 through 46246.

Microsoft Vulnerability CVE-2018-0920:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46196 through 46197.

Microsoft Vulnerability CVE-2018-0950:
A coding deficiency exists in Microsoft Office that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46266 through 46267.

Microsoft Vulnerability CVE-2018-0980:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-0986:
A coding deficiency exists in Microsoft Malware Protection Engine that
may lead to remote code execution.

Microsoft Vulnerability CVE-2018-0988:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46198 through 46199.

Microsoft Vulnerability CVE-2018-0990:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46194 through 46195.

Microsoft Vulnerability CVE-2018-0991:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46206 through 46207.

Microsoft Vulnerability CVE-2018-0993:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46212 through 46213.

Microsoft Vulnerability CVE-2018-0994:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46220 through 46221.

Microsoft Vulnerability CVE-2018-0995:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46176 through 46177.

Microsoft Vulnerability CVE-2018-0996:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46218 through 46219.

Microsoft Vulnerability CVE-2018-0997:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46220 through 46221.

Microsoft Vulnerability CVE-2018-0998:
Microsoft Edge suffers from programming errors that may lead to a
security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46226 through 46227.

Microsoft Vulnerability CVE-2018-1001:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46228 through 46229.

Microsoft Vulnerability CVE-2018-1003:
A coding deficiency exists in Microsoft JET Database Engine that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46233 through 46234.

Microsoft Vulnerability CVE-2018-1004:
A coding deficiency exists in Microsoft Windows VBScript Engine that
may lead to remote code execution.

Microsoft Vulnerability CVE-2018-1010:
A coding deficiency exists in Microsoft Graphics that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46200 through 46201.

Microsoft Vulnerability CVE-2018-1011:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46192 through 46193.

Microsoft Vulnerability CVE-2018-1012:
A coding deficiency exists in Microsoft Graphics that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46230 through 46231.

Microsoft Vulnerability CVE-2018-1013:
A coding deficiency exists in Microsoft Graphics that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46188 through 46189.

Microsoft Vulnerability CVE-2018-1015:
A coding deficiency exists in Microsoft Graphics that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46214 through 46215.

Microsoft Vulnerability CVE-2018-1016:
A coding deficiency exists in Microsoft Graphics that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46186 through 46187.

Microsoft Vulnerability CVE-2018-1018:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46204 through 46205.

Microsoft Vulnerability CVE-2018-1023:
A coding deficiency exists in Microsoft Browser that may lead to remote
code execution.

Microsoft Vulnerability CVE-2018-1026:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46184 through 46185.

Microsoft Vulnerability CVE-2018-1027:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46208 through 46209.

Microsoft Vulnerability CVE-2018-1028:
A coding deficiency exists in Microsoft Office Graphics that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46182 through 46183.

Microsoft Vulnerability CVE-2018-1029:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46180 through 46181.

Microsoft Vulnerability CVE-2018-1030:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46178 through 46179.

Talos also has added and modified multiple rules in the browser-ie,
file-flash, file-image, file-office, file-other, file-pdf, malware-cnc,
os-windows, policy-other and server-webapp rule sets to provide
coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJazRj/AAoJEPE/nha8pb+t0RkP/Aja8I0nUx36bMeXbgMxJO04
Gzs/8AA4brHmMmeaH8aaRLoFI4zlCSGVogCC0I8/PwfKZltCE51JyvzFyFTdj+4O
7KNonHsKfMfO6vFvVwBD2K8IxalZM43lmBOdcKW/ZRC/vLh7l42TlSoYBIqtrHfj
VnK/NCUKGbAvWWnDQ45pyQHt6tnRJm6iGSQlS195VBBbZ6dmgnmImS8xacB8CTlV
GhrmgNicu49U8lJtfqif6x/OwkmLVBSk+0xFBB9Tp4oFaQs1KF9tZCpOvXKJCDqd
fPSqutfYu7QtvA6Gc8EDJDwTnU//3gynatffcwNOnQn207iiLkx6oaJND5eIN1C0
Y7rDCOjUrJMi1Hc5sqY5bHKes6HeZ7aW2/0546Lpe0CirekmUHbq5wP4MEEtBgBr
vVCai7I+Bc7g3jFRa+HhZWmupvaKhEjjXUMVLzwMrrmX2OTlMztXk91I/MOHYoGM
EBjof+l5eBI65qfdAjLQjM9Dyuw1L6jALK271ryvUeH62NA1uwQgIzEAjl4flBJq
5uO9Qn6Um9wR+ZVkSselW/yls1kkYcbA5CCl3oD8Cufjik35TPrYg0N6NqUucWoo
2xIDTACjDrOcNX1xynd36mLYqWKiD3FXgOcvz8abfqddvvet7abOwS2AHdm9ZXNB
Z5T2XUomEEPI/ShUTeps
=sUGZ
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

Current thread:

Snort Subscriber Rules Update 2018-04-10 Research (Apr 10)