Snort Subscriber Rules Update 2019-05-14

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2019-0707:
A coding deficiency exists in Microsoft Windows NDIS that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50090 through 50091.

Microsoft Vulnerability CVE-2019-0758:
A coding deficiency exists in Microsoft Windows GDI that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50119 through 50120.

Microsoft Vulnerability CVE-2019-0863:
A coding deficiency exists in Microsoft Windows Error Reporting that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50115 through 50116.

Microsoft Vulnerability CVE-2019-0881:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50084 through 50085.

Microsoft Vulnerability CVE-2019-0882:
A coding deficiency exists in Microsoft Windows GDI that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50086 through 50087.

Microsoft Vulnerability CVE-2019-0884:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50074 through 50075.

Microsoft Vulnerability CVE-2019-0885:
A coding deficiency exists in Micrisoft Windows OLE that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50088 through 50089.

Microsoft Vulnerability CVE-2019-0903:
A coding deficiency exists in Micrisoft Windows GDI+ that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50121 through 50122.

Microsoft Vulnerability CVE-2019-0911:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50070 through 50071.

Microsoft Vulnerability CVE-2019-0918:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50072 through 50073.

Microsoft Vulnerability CVE-2019-0926:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50076 through 50077.

Microsoft Vulnerability CVE-2019-0930:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50082 through 50083.

Microsoft Vulnerability CVE-2019-0931:
A coding deficiency exists in Microsoft Windows Storage Service that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50068 through 50069.

Microsoft Vulnerability CVE-2019-0938:
A coding deficiency exists in Microsoft Edge that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50080 through 50081.

Microsoft Vulnerability CVE-2019-0940:
A coding deficiency exists in Microsoft Browser that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50078 through 50079.

Talos also has added and modified multiple rules in the browser-ie,
file-image, file-office, file-other, indicator-compromise, malware-cnc,
malware-other and server-webapp rule sets to provide coverage for
emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJc2wU2AAoJEPE/nha8pb+tnFAQAIh48MzT9F7nQbplZGlTzKe2
DlqkuYogtQRhr2Rb6nKPPsWKJNv2UUKFqywWPO7VjshRfgZLtaJc1lwXroBxRx7c
eqrA+nYIXrm8C5sodhtPxGvl9zZTmGNkGOMJ2+SmdHW4CsV7589PIgFU0EWu8V8q
ny4lbgITROQLPt2lsLdU9cKPTwXfQLU6J6N1YQ72pAdvtYUHZacQZwiidzWgP8kY
AZiToTsURfo/2ZHDm66A1fCaZh9Olp8j5NDfRk4rKg7ubLWn5HXh5KKnEPh0Tksy
osultlZSZWJ0othmZkKx+dbzZZCSfrGma6ojZktSVWhbc0kS5OE/ZjvCZtYS4NI5
M/iXTul31m9LH36YCSGGFmrBKtT/W5FzRnNuv6HXQiVcNUgHDYwZEIT2DgID1Nmm
tKaMfxFroy6XhqwzBwNEAzbtYxGNSeR1poFB/P5rkD1BtlV7kMR/nFq/EgbloY5R
iBkyE1SUaRAQS9eObF2OVCwQAE0m+4l9vhtVHCdhelLvehIM5b7tb+SYXAMv4cgk
dDrIKATeuY/Ut07EtjIm9mpjg0degVR9M29BRsuJtcwFqlzaeslvG6QbkCbWYZ4J
smIXA2kiwunzOIUq9gRWV2dbd3J0xwud91vYRN8UVYD0jf11SBCzhIHr/Yn7a8ws
uJZ7cZWVTazQbJP1a8q1
=j8lS
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!