Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort Subscriber Rules Update 2019-03-12

From: Research <research () sourcefire com>
Date: Tue, 12 Mar 2019 17:28:47 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2019-0592:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49368 through 49369.

Microsoft Vulnerability CVE-2019-0609:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49394 through 49395.

Microsoft Vulnerability CVE-2019-0612:
Microsoft Edge suffers from programming errors that may lead to a
security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49371 through 49372.

Microsoft Vulnerability CVE-2019-0639:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49382 through 49383.

Microsoft Vulnerability CVE-2019-0665:
A coding deficiency exists in Microsoft Windows VBScript Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49364 through 49365.

Microsoft Vulnerability CVE-2019-0666:
A coding deficiency exists in Microsoft Windows VBScript Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46554 through 46555.

Microsoft Vulnerability CVE-2019-0667:
A coding deficiency exists in Microsoft Windows VBScript Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49386 through 49387.

Microsoft Vulnerability CVE-2019-0680:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49388 through 49389.

Microsoft Vulnerability CVE-2019-0703:
A coding deficiency exists in Microsoft SMB that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49366 through 49367.

Microsoft Vulnerability CVE-2019-0755:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49392 through 49393.

Microsoft Vulnerability CVE-2019-0763:
Microsoft Internet Explorer suffers from programming errors that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49384 through 49385.

Microsoft Vulnerability CVE-2019-0767:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
information disclosure.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 49172 through 49173.

Microsoft Vulnerability CVE-2019-0768:
Microsoft Internet Explorer suffers from programming errors that may
lead to a security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49378 through 49379.

Microsoft Vulnerability CVE-2019-0769:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45142 through 45143.

Microsoft Vulnerability CVE-2019-0770:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49388 through 49389.

Microsoft Vulnerability CVE-2019-0771:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 48051 through 48052.

Microsoft Vulnerability CVE-2019-0773:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49380 through 49381.

Microsoft Vulnerability CVE-2019-0775:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49390 through 49391.

Microsoft Vulnerability CVE-2019-0797:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49400 through 49401.

Microsoft Vulnerability CVE-2019-0808:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49402 through 49403.

Talos also has added and modified multiple rules in the browser-ie,
file-office, indicator-compromise, malware-cnc, os-windows,
policy-other and server-webapp rule sets to provide coverage for
emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJch+xNAAoJEPE/nha8pb+t42MQALLZgPYn7WjxNKe8V67MM6+Y
rVvOmSNh9PYyZB2i/Xq1u+1p5oCKeVipEpP1oGK0u7A4IHGB0ppfM7de3UBvgKWh
DrO1pvklX9VIdZLZqiScCuxmVldebeQPb5Rwp3/KPIirB1SDBBFcuMmo0NQcWE+P
4prUpRg3DAnon+z0C61HcPO0vTXTuGkZgLE0qZXE00m8P64yBn215OYIxEgNrXM5
Litwzn5p8rhMFCtMvWO+ZjY2r8SJJ/u59tW55nYh81Klns1AIws4aNMxr2SixpjE
eYpB+u0ik1UG+y5WBb+bsHnivk3bm8+9jYgFWxfxKMmBCnG+y4gXZtJ2bUIq8VvA
kIgnxYreJXR7W6RwVfRFyzi5eUKJibn2RBP+UplIwuvc//SWB4BhU+2mAikxF2v/
Z7AXtVzVWTwXSglshb1jd+VNlHnd6PbZ1ZQ+neDoSLhuYfoTRapodjvZr/wrv1sQ
5AVbxZzZnxQJD8A6YYZ65mEPsTQc3UiEa13ZOdcyx5498bFMTy1fjUMmEvR6+0wy
RVUDwpgQsFEcXquyH1jEUS5/09vdYC2jRdAQORBEV4gIBR7E1EUAVF1+DzAjsjzP
R1OB38+vduoXsOs6pCl2QJBejvF6g/I0HleyQC9Nl7hoRRUtTcG4Gzk3AsKUZbC7
Ef7V1s+D9a3h20+PXZ2H
=ncR8
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: