Snort Subscriber Rules Update 2020-07-14

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2020-1147:
A coding deficiency exists in .NET Framework, SharePoint Server, and
Visual Studio that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 54511.

Microsoft Vulnerability CVE-2020-1350:
A coding deficiency exists in Microsoft Windows DNS server that may
lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 54518.

Microsoft Vulnerability CVE-2020-1374:
A coding deficiency exists in Remote Desktop Client that may lead to
remote code execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 54523.

Microsoft Vulnerability CVE-2020-1381:
A coding deficiency exists in Microsoft Windows Graphics Component that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 54521 through 54522.

Microsoft Vulnerability CVE-2020-1382:
A coding deficiency exists in Microsoft Windows Graphics Component that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 54512 through 54515.

Microsoft Vulnerability CVE-2020-1399:
A coding deficiency exists in Microsoft Windows Runtime that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 54534 through 54535.

Microsoft Vulnerability CVE-2020-1403:
A coding deficiency exists in Microsoft Windows VBScript that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 54509 through 54510.

Microsoft Vulnerability CVE-2020-1410:
A coding deficiency exists in Microsoft Windows Address Book that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 54528 through 54533.

Microsoft Vulnerability CVE-2020-1426:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 54516 through 54517.

Talos also has added and modified multiple rules in the browser-chrome,
browser-ie, file-executable, file-other, malware-cnc, malware-other,
os-other, os-windows and server-webapp rule sets to provide coverage
for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJfDfAMAAoJEPE/nha8pb+t0hcQAJUcEERirpsiHUPhpywSKWTR
7EnFSqO2NkIPeJ4/ry1oLoBboI/YZVsEZ5st7WniNdqEimi/gG4ooBd52NcfDMG4
lVoQGg/YgG03YQ0+lL6UJPNF7f0zL+mo93PgukPPmJnC7ukFXVDhn6XE15ChRtr4
svXlmLcgWE/qvsyDIYeu6aSEql8hTt156KZQ1bfAy/Fmgrdw8P+1bPOvVYlEDt81
yo+1gWysEdUEYIinL/PUQT3FalE3m0pdJIzMeO9lZCTgoSDfZsREIlYFuHmLFxMw
EKRgUoeSW8Lgj3oCTH8hNKRc2m8+RCPRCIiD4MWldQn2pfUu8TRjE3Mt255PyTQc
V4KNWJLh/GqW4feLyQfWt1MLi8CIhdcz9fWBYGhvrDKn1RPPtd8W0c9ig/n/0a9X
8xlxPWn7Z+/JjchdYeESeJtK4ZgWRfxdngKPR7Bjc+xZLzX9YyKiDwo7mxhkUeFI
FyFzxNrY0dJZSLDcE3jwu9hoFLtUQW1bGU8bnjfNf7LJn3KJmHsTzQcihvcvnZDx
ZqxvXMvmMCNl8Xr0CORkifKz8O7QXU6GA+BgJRaZ1Z4TIhtCRZcVDsY0C9cxVJjC
Zxk7ua5Q27rrT079NcHaVW3LgqRPH3K5u5H2JlFGOQOQW4iABpOyTyNOkBqNH/aZ
EDsVY/rvXxsKoNZX+BR/
=aDxw
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!