Snort Subscriber Rules Update 2016-08-09

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Security Bulletin MS16-095:
Microsoft Internet Explorer suffers from programming errors that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39810 through 39813,
39820 through 39823, 39826 through 39829, 39833 through 39834, and
39839 through 39840.

Microsoft Security Bulletin MS16-096:
A coding deficiency exists in Microsoft Edge that may lead to remove
code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 25459 through 25460.

New rules to detect attacks targeting these vulnerabilities are also
included in this release and are identified with GID 1, SIDs 39810
through 39811, 39822 through 39823, and 39833 through 39834.

Microsoft Security Bulletin MS16-097:
A coding deficiency exists in Microsoft Graphics Component that may
lead to remove code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39824 through 39825
and 39843 through 39844.

Microsoft Security Bulletin MS16-098:
A coding deficiency exists in Microsoft Kernel-Mode drivers that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39808 through 39809,
39814 through 39815, and 39841 through 39842.

Microsoft Security Bulletin MS16-099:
A coding deficiency exists in Microsoft Office that may lead to remove
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39816 through 39817,
39831 through 39832, and 39835 through 39838.

Microsoft Security Bulletin MS16-102:
A coding deficiency exists in Microsoft Windows PDF library that may
lead to remove code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 25459 through 25460.

Talos has added and modified multiple rules in the browser-ie,
file-office, file-pdf and os-windows rule sets to provide coverage for
emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFXqhU2s9U0LCYEKaARAktuAJ4oxDJY1g95VBhKm1SRCkJZcNd4OQCgxJx3
b0QdbGOuuVv93lHMYVbaNg4=
=esfE
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. http://sdm.link/zohodev2dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!