Snort Subscriber Rules Update 2019-01-08

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2019-0539:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48772 through 48773.

Microsoft Vulnerability CVE-2019-0541:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48782 through 48783.

Microsoft Vulnerability CVE-2019-0543:
A coding deficiency exists in Microsoft Windows that may lead to
elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48807 through 48808.

Microsoft Vulnerability CVE-2019-0552:
A coding deficiency exists in Microsoft Windows COM that may lead to
elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48787 through 48788.

Microsoft Vulnerability CVE-2019-0555:
A coding deficiency exists in Microsoft XmlDocument that may lead to
elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48795 through 48798.

Microsoft Vulnerability CVE-2019-0565:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48770 through 48771.

Microsoft Vulnerability CVE-2019-0566:
A coding deficiency exists in Microsoft Edge that may lead to elevation
of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48809 through 48810.

Microsoft Vulnerability CVE-2019-0567:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48780 through 48781.

Microsoft Vulnerability CVE-2019-0568:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48778 through 48779.

Microsoft Vulnerability CVE-2019-0569:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48789 through 48790.

Microsoft Vulnerability CVE-2019-0572:
A coding deficiency exists in Microsoft Windows Data Sharing Service
that may lead to elevation of privilege.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 48776 and 48777.

Microsoft Vulnerability CVE-2019-0573:
A coding deficiency exists in Microsoft Windows Data Sharing Service
that may lead to elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48793 through 48794.

Microsoft Vulnerability CVE-2019-0574:
A coding deficiency exists in Microsoft Windows Data Sharing Service
that may lead to elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48768 through 48769.

Talos also has added and modified multiple rules in the browser-ie,
file-executable, file-other, file-pdf, malware-cnc, malware-other,
os-windows and server-webapp rule sets to provide coverage for emerging
threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJcNPOoAAoJEPE/nha8pb+thssQAM77/8dvRga8kSPmvbIvLwZQ
KJdxFLve/I2aMKVyfh7Mir4NA/btMqVr2D5GngOVDdV1Gzzl9mggqQ4InpEa7Hbt
p6YMQpkeeZsotJlL4SEr1UcZhp2uLTEcStGaGu2rtTnudZ0jYfmhOMqC9pJWFZnP
W7UHkKD5395zcTMbEFT8/KE/gjtly3d6u0sIPewJ5+d/AXMTUoRcngIT2aRC13q2
utJwca/AjZ9d2wevQCBokbNU/Kz40lkvXEHMQ++ZFoFGn/OSJAO0SHqUq38yJn1n
Rcytgv0MX9NsOJzztF/1TnBJ3mEnQOzUUX82v+Ms6IPf367SIvwf739toeTHAThR
EcFCH7awe1G5s1oYWlHA+bss+cpgqWogHpg+sMokp31sJN9LsxXHMjcGtbTGoyOm
CHf6NgePWR8a9poyYw4mEzA/++I+5NouI7zlkIHQ7hkpaAIFrjJagCS3eFboL/zD
f1xEyorbznQAJ4eZedaqBCf76yXs/001YXFnEwCCq3xq8btBL2ZdbvzImANZ4fZG
OLAb88M4sTizBeJ2DjZFr0lxxCc/tPMjXYvx7tThiEIRXIl07lcCo80mCJJlwF6t
XWwEbTPhiVlHvbY3WASsikAl/mMkufvRJf72l0Zwb2JNIl229eEjFzHfTk9cb494
FGHmF+WtcIR2Aefb/ZoO
=k5BV
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!