Snort Subscriber Rules Update 2020-05-12

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2020-1035:
A coding deficiency exists in Microsoft Windows VBScript Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 53918 through 53919.

Microsoft Vulnerability CVE-2020-1054:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 53916 through 53917.

Microsoft Vulnerability CVE-2020-1058:
A coding deficiency exists in Microsoft Windows VBScript Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 53924 through 53925.

Microsoft Vulnerability CVE-2020-1060:
A coding deficiency exists in Microsoft Windows VBScript Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 53926 through 53927.

Microsoft Vulnerability CVE-2020-1062:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 53928 through 53931.

Microsoft Vulnerability CVE-2020-1135:
A coding deficiency exists in Microsoft Graphics Component that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 53940 through 53941.

Microsoft Vulnerability CVE-2020-1143:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 53932 through 53933.

Microsoft Vulnerability CVE-2020-1153:
A coding deficiency exists in Microsoft Graphics Component that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 53950 through 53951.


Talos has added and modified multiple rules in the browser-chrome,
browser-ie, file-other, file-pdf, indicator-obfuscation, malware-cnc,
malware-other, malware-tools, os-windows and server-webapp rule sets to
provide coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJeuts7AAoJEPE/nha8pb+t70AP/23TNnivbHX9ccbdbj1Oj/DF
eShY2GtPs1IDfa0AMQEoApcQC6hbwKkcEa5vzcgeBADYcHPP6Iux88kLBmLO6njW
L30+Y2oBkzZkpGyUA05hqyKNeGXppU48r0oJmNEVeejQ1v8qE0HstG7U8RQmksnV
dn0LwBi3RCsvk2/uEpKU8tA23DDWppe4UN6h6NocmRvJdIK2B+7iOXGd7p8B+OMh
Zh43BPTmJ5dSU9lJr5R4jb1197DfNis5GOLDsro+iWU0b1PGtC3XA8rxnIRTW2oO
5qlSwROk27out6wcT7+hfeKCZuQFkLJolOrnVzvsQRXg+gRaZWgNqvqFMQgeUpkj
r1324LwWvMmGhzTfCQP6CeJsncO2+1T0GwJbI2ked2/kbGivEz6QfTjFk0zCf/jq
YXH06vO5+UWjT20O27SYGnhx3jrxwD0YGvg+mGsGIcjKbNJq+Xn9S+6ynr/RyjR2
XstXUvkvhe0EopBRk1kNNwMRRyY6dO6iTVMEYa4uHk/EcW1aTHzPJ3cDDsHBOsH1
iZcbexxDooO3/V9yjRD4KE4KINm0PGyOsFz9rUsy1Ewcv1Idy1V0mychr4FhdbiF
QeEK4SmRaf2zYYzY6bLIlvFoyBXtz7/xIVReB/i6kV4HSQuMK/xpupOKLb5/b5gN
lPp/5pEjy1cZjZhBiPJW
=WTnh
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!