Snort mailing list archives
Snort Subscriber Rules Update 2018-10-09
From: Research <research () sourcefire com>
Date: Tue, 9 Oct 2018 18:31:14 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Talos Snort Subscriber Rules Update Synopsis: Talos is aware of vulnerabilities affecting products from Microsoft Corporation. Details: Microsoft Vulnerability CVE-2010-3190: A coding deficiency exists in MFC that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 18619 through 18623 and 18625 through 18629. Microsoft Vulnerability CVE-2018-8333: A coding deficiency exists in Microsoft Filter Manager that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48055 through 48056. Microsoft Vulnerability CVE-2018-8411: A coding deficiency exists in NTFS that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48057 through 48058. Microsoft Vulnerability CVE-2018-8413: A coding deficiency exists in Microsoft Windows Theme API that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48059 through 48060. Microsoft Vulnerability CVE-2018-8423: A coding deficiency exists in Microsoft JET Database Engine that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 47885 through 47888. Microsoft Vulnerability CVE-2018-8453: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48072 through 48073. Microsoft Vulnerability CVE-2018-8460: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48045 through 48046. Microsoft Vulnerability CVE-2018-8486: A coding deficiency exists in DirectX Graphics Kernel that may lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48047 through 48048. Microsoft Vulnerability CVE-2018-8491: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48049 through 48050. Microsoft Vulnerability CVE-2018-8492: A coding deficiency exists in Microsoft Device Guard that may lead to a security feature bypass. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48062 through 48063. Microsoft Vulnerability CVE-2018-8495: A coding deficiency exists in Microsoft Windows Shell that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48053 through 48054. Microsoft Vulnerability CVE-2018-8505: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48051 through 48052. Talos also has added and modified multiple rules in the browser-ie, file-executable, file-other and server-webapp rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: https://www.snort.org/advisories -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJbvPPxAAoJEPE/nha8pb+t1ZIQAIlekH9RWS942yc7WKlfrw6G qVUXvQW34WljJxTGNlFCZMU1VKIlkvHbaedvkdMoTBH5vFMnnwqaKj4dOpjFqpFl GWUv6rAvUcpuzGF+Nhab53DjHElTb2le66wXzYNuE9mSp4n+hk25c0QoBFampN0t efLwVRmr9ZD5cs0Y14vUQpnE+AKvWUbjevTMfviJ1t505cG+vefnoaaHhDCXXWFA p5D7D+Uo41Ixg8sLlKhov378ctBfgBzH2h/DldUgYn50z5Av7zLV4Kp89RiCV7zi 7l5TrJTdtsdlauXnd7ylvahAeBET+PVhLsf5854OR1wfVzi6hZSAaXQJgWydU/tP aBae260ISsp1zemyKCT75yzoz4OLaseDLljcp0l7eX9SQONCUN66ORifms1uNfdj stGlLFeDrChRqz5VVqAY0aa4xaIu8rrDiOPMwZGjRqRlBBWCxv1BVBAvmrQbppui pT8J7aPBvLopS4lxe21zD9N4wWyo8gxh/Yrf8Bji79W0fI0Ehz0jOaO+3noiKL51 rdHrVrLUtphs0SXHP+HjIUW6hg3z+YvQknIQEhdgniShp+LHXmMtOCaKNeMzmM6s CXtm8ruZWXIF/WriwV1f+Db/ueY3ZaQ+UXX36SlW/0j9q+fYZCIMpidekEClyOoM /hjLYRBBwj1Us9xnc/eL =67oQ -----END PGP SIGNATURE----- _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort Subscriber Rules Update 2018-10-09 Research (Oct 09)