Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort Subscriber Rules Update 2019-06-11

From: Research <research () sourcefire com>
Date: Tue, 11 Jun 2019 17:14:23 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2019-0920:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50373 through 50374.

Microsoft Vulnerability CVE-2019-0943:
A coding deficiency exists in Microsoft Windows ALPC that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50413 through 50414.

Microsoft Vulnerability CVE-2019-0959:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50371 through 50372.

Microsoft Vulnerability CVE-2019-0984:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50411 through 50412.

Microsoft Vulnerability CVE-2019-0985:
A coding deficiency exists in Microsoft Speech API that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50393 through 50394.

Microsoft Vulnerability CVE-2019-0986:
A coding deficiency exists in Microsoft Windows User Profile Service
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50369 through 50370.

Microsoft Vulnerability CVE-2019-0988:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50405 through 50406.

Microsoft Vulnerability CVE-2019-0989:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50407 through 50408.

Microsoft Vulnerability CVE-2019-0990:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50357 through 50358.

Microsoft Vulnerability CVE-2019-0991:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50403 through 50404.

Microsoft Vulnerability CVE-2019-0992:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 49380 through 49381.

Microsoft Vulnerability CVE-2019-0993:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50401 through 50402.

Microsoft Vulnerability CVE-2019-1002:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50399 through 50400.

Microsoft Vulnerability CVE-2019-1003:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50395 through 50396.

Microsoft Vulnerability CVE-2019-1005:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50397 through 50398.

Microsoft Vulnerability CVE-2019-1017:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50363 through 50364.

Microsoft Vulnerability CVE-2019-1023:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to information disclosure.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 44813 through 44814.

Microsoft Vulnerability CVE-2019-1024:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50361 through 50362.

Microsoft Vulnerability CVE-2019-1041:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50365 through 50366.

Microsoft Vulnerability CVE-2019-1051:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50359 through 50360.

Microsoft Vulnerability CVE-2019-1052:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 48051 through 48052.

Microsoft Vulnerability CVE-2019-1053:
A coding deficiency exists in Microsoft Windows Shell that may lead to
an escalation of privilege.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 50183 through 50184.

Microsoft Vulnerability CVE-2019-1055:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50367 through 50368.

Microsoft Vulnerability CVE-2019-1064:
A coding deficiency exists in Microsoft Windows that may lead to an
escalation of privilege.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 50198 through 50199.

Microsoft Vulnerability CVE-2019-1065:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 50375 through 50376.

Microsoft Vulnerability CVE-2019-1069:
A coding deficiency exists in Microsoft Windows Task Scheduler that may
lead to an escalation of privilege.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 50162 through 50163.


Talos also has added and modified multiple rules in the browser-ie,
file-pdf, indicator-compromise, malware-cnc, malware-other,
malware-tools, os-windows, policy-other and server-webapp rule sets to
provide coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJc/+FuAAoJEPE/nha8pb+th7kP/3MVBiYWfyIxaIVujFIoZXgD
UxbGyCXzJN5HfM078ZIQvYa1zXsm8FMRU4AYAIzLVU2smVwMabxQe78MsLCfZC/l
cNBNJHnlVIFg2DVf+kaDqZ9Km5ChwujVNej2vNvw0fMRaSatWDhzt/6jE19EkgYz
48QCnBDrmUyYHx1AorYXsT7qBVzGnEzs302RXm9u+0HQ/NpffLc0uQDunc4wmwuU
dpEGH8iEYmpOZCsDKAcXDuln0+gfP1yR8f+NXfdjwOs4yYV4yvoKsKC8qzY/7Ukp
q5k7Oy5L1fqUeLTAHNiMn6Zhje1yO1VmFrH+wqskaYe9XG4XZ17ADTOtdUwQzBcV
T3g94T7C/Q3JmimSvUVzgy0zL/8HK879NdpMSi3GngUwDzrcGc44dmx9A6QJdMFu
smxWxspbEZYe5TSw9jI5MofiXnAtrTy3XnooTK4Jre8aARQJot3T1fSaLiMcHyBu
/zRsJc4KDaxpfv3cD1gQkLQBESSutcy40clG9HjdYVv/brAwGKeQ7zqe9mKBClGC
rBsU/i5lOirTYokI9dNXili11HyNHH9CwgooKNZahjHYZ2Xqhs3GNAjf1Ev9kann
Va0jGAwm2f96rImsxr0uRid1njJFnZBV5lNqicvLLt+xtgaAOp1In6AhjEJCtgRo
/rQqLu2R4er9L1bGTqiu
=1U4j
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: