Snort Subscriber Rules Update 2018-10-09

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2010-3190:
A coding deficiency exists in MFC that may lead to remote code
execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 18619 through 18623 and 18625 through 18629.

Microsoft Vulnerability CVE-2018-8333:
A coding deficiency exists in Microsoft Filter Manager that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48055 through 48056.

Microsoft Vulnerability CVE-2018-8411:
A coding deficiency exists in NTFS that may lead to an escalation of
privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48057 through 48058.

Microsoft Vulnerability CVE-2018-8413:
A coding deficiency exists in Microsoft Windows Theme API that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48059 through 48060.

Microsoft Vulnerability CVE-2018-8423:
A coding deficiency exists in Microsoft JET Database Engine that may
lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 47885 through 47888.

Microsoft Vulnerability CVE-2018-8453:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48072 through 48073.

Microsoft Vulnerability CVE-2018-8460:
Microsoft Internet Explorer suffers from programming errors that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48045 through 48046.

Microsoft Vulnerability CVE-2018-8486:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48047 through 48048.

Microsoft Vulnerability CVE-2018-8491:
Microsoft Internet Explorer suffers from programming errors that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48049 through 48050.

Microsoft Vulnerability CVE-2018-8492:
A coding deficiency exists in Microsoft Device Guard that may lead to a
security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48062 through 48063.

Microsoft Vulnerability CVE-2018-8495:
A coding deficiency exists in Microsoft Windows Shell that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48053 through 48054.

Microsoft Vulnerability CVE-2018-8505:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48051 through 48052.

Talos also has added and modified multiple rules in the browser-ie,
file-executable, file-other and server-webapp rule sets to provide
coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJbvPPxAAoJEPE/nha8pb+t1ZIQAIlekH9RWS942yc7WKlfrw6G
qVUXvQW34WljJxTGNlFCZMU1VKIlkvHbaedvkdMoTBH5vFMnnwqaKj4dOpjFqpFl
GWUv6rAvUcpuzGF+Nhab53DjHElTb2le66wXzYNuE9mSp4n+hk25c0QoBFampN0t
efLwVRmr9ZD5cs0Y14vUQpnE+AKvWUbjevTMfviJ1t505cG+vefnoaaHhDCXXWFA
p5D7D+Uo41Ixg8sLlKhov378ctBfgBzH2h/DldUgYn50z5Av7zLV4Kp89RiCV7zi
7l5TrJTdtsdlauXnd7ylvahAeBET+PVhLsf5854OR1wfVzi6hZSAaXQJgWydU/tP
aBae260ISsp1zemyKCT75yzoz4OLaseDLljcp0l7eX9SQONCUN66ORifms1uNfdj
stGlLFeDrChRqz5VVqAY0aa4xaIu8rrDiOPMwZGjRqRlBBWCxv1BVBAvmrQbppui
pT8J7aPBvLopS4lxe21zD9N4wWyo8gxh/Yrf8Bji79W0fI0Ehz0jOaO+3noiKL51
rdHrVrLUtphs0SXHP+HjIUW6hg3z+YvQknIQEhdgniShp+LHXmMtOCaKNeMzmM6s
CXtm8ruZWXIF/WriwV1f+Db/ueY3ZaQ+UXX36SlW/0j9q+fYZCIMpidekEClyOoM
/hjLYRBBwj1Us9xnc/eL
=67oQ
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!