[Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2015-03-10

Research research at ...435...
Tue Mar 10 15:35:50 EDT 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Sourcefire VRT Certified Snort Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Security Bulletin MS15-018:
Microsoft Internet Explorer suffers from programming errors that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 33287 through 33288,
33707 through 33710, 33718 through 33721, 33726 through 33727, 33730
through 33731, 33736 through 33739, 33741 through 33744, and 33763
through 33764.

Microsoft Security Bulletin MS15-020:
A coding deficiency exists in Microsoft Windows Shell that may lead to
remote code execution.

A previously released rule will detect attacks targeting these
vulnerabilities and has been updated with the appropriate reference
information. It is included in this release and is identified with GID
1, SID 17042.

New rules to detect attacks targeting these vulnerabilities are also
included in this release and are identified with GID 1, SIDs 33775
through 33776.

Microsoft Security Bulletin MS15-021:
A coding deficiency exists in the Adobe Font Driver that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 33711 through 33714,
33722 through 33725, 33728 through 33729, and 33732 through 33733.

Microsoft Security Bulletin MS15-022:
A coding deficiency exists in Microsoft Office that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 33705 through 33706,
33715 through 33716, 33734 through 33735, and 33808 through 33809.

Microsoft Security Bulletin MS15-023:
A coding deficiency exists in a Microsoft Kernel Mode driver that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 33765 through 33770.

Microsoft Security Bulletin MS15-024:
A coding deficiency exists in Microsoft PNG image processing that may
lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 33760 through 33761.

Microsoft Security Bulletin MS15-025:
A coding deficiency exists in the Microsoft Windows Kernel that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 33773 through 33774.

Microsoft Security Bulletin MS15-026:
A coding deficiency exists in Microsoft Exchange Server that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 33762, 33807, and
33810 through 33811.

Microsoft Security Bulletin MS15-027:
A coding deficiency exists in Microsoft Netlogon that may allow
spoofing attacks.

A previously released rule will detect attacks targeting this
vulnerability and has been updated with the appropriate reference
information. It is included in this release and is identified with GID
3, SID 15453.

Microsoft Security Bulletin MS15-028:
A coding deficiency exists in the Microsoft Task Scheduler that may
allow a security feature bypass.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 33717.

Microsoft Security Bulletin MS15-029:
A coding deficiency exists in a Microsoft graphics component that lead
to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 33771 through 33772.

Microsoft Security Bulletin MS15-030:
A coding deficiency exists in Microsoft Remote Desktop protocol that
may lead to a Denial of Service (DoS).

A previously released rule will detect attacks targeting these
vulnerabilities and has been updated with the appropriate reference
information. It is included in this release and is identified with GID
1, SID 21232.

Microsoft Security Bulletin MS15-031:
A coding deficiency exists in Microsoft Schannel that may allow a
security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 33777 through 33806.

Talos has added and modified multiple rules in the blacklist,
browser-ie, file-image, file-office, file-other, malware-cnc,
malware-other, os-windows, server-mail and server-webapp rule sets to
provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFU/0YMQLjqI2QiHVMRAmtqAJ9WkrXlgRH16ZvRhk9mEg4ofL+GoQCfZy+c
mLobzX1qesJqlX5vUoCfQBs=
=zfzK
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list